What is OATH – TOTP (Time)?

OATH is an organization that specifies two open authentication standards: TOTP and HOTP. To authenticate using TOTP (time-based one-time password) the user enters a 6-8 digit code that changes every 30 seconds. The code is generated using HMAC (sharedSecret, timestamp), where the timestamp changes every 30 seconds. The shared secret is often provisioned as a QR-code or preprogrammed into a hardware security key.
What is OATH?

Open Authentication (OATH) is an initiative addressing challenges making standard, open technology available to all.

Learn more about OATH

How to use OATH with the YubiKey?

When using OATH with a YubiKey, the shared secrets are stored and processed in the YubiKey’s secure element. This has two advantages over storing secrets on a phone:

Security: The secrets always stay within the YubiKey. A phone can get stolen, sold, infected by malware, have its storage read by a connected computer, etc.

Accessibility: You can display OATH codes on more than one phone or computer. If your phone runs out of battery, you can get a code using a friend’s phone or your computer.

Get Started

YubiKey 5 series
Find the right YubiKey

Take the quick Product Finder Quiz to find the right key for you or your business.

Get protected today

Browse our online store today and buy the right YubiKey for you.