What is the difference between HOTP and TOTP two factor authentication?

HOTP: The “H” in HOTP stands for Hash-based Message Authentication Code (HMAC). Put in layman’s terms, HMAC-based One-time Password algorithm (HOTP) is an event-based OTP where the moving factor in each code is based on a counter.

Each time the HOTP is requested and validated, the moving factor is incremented based on a counter. The code that’s generated is valid until you actively request another one and it’s validated by the authentication server. The OTP generator and the server are synced each time the code is validated and the user gains access. Yubiko’s Yubikey is an example of an OTP generator that uses HOTP.

TOTP:Time-based One-time Password (TOTP) is a time-based OTP. The seed for TOTP is static, just like in HOTP, but the moving factor in a TOTP is time-based rather than counter-based.

The amount of time in which each password is valid is called a timestep. As a rule, timesteps tend to be 30 seconds or 60 seconds in length. If you haven’t used your password within that window, it will no longer be valid, and you’ll need to request a new one to gain access to your application.

Hello. As far as I know, the main difference between the two algorithms is the password generation based on the timestamp that the TOTP algorithm uses as a parameter. Whereas HOTP generates a key based on the shared secret word, regardless of the timestamp. For example, I prefer to use the otp generator online algorithm-based one-time passwords (TOTP) because it is more secure in my opinion.