Time-based One-time Password (TOTP) is a secure authentication method that generates a temporary passcode using a shared secret and the current time, making it a robust second factor in multi-factor or two-factor authentication. TOTP can be implemented through hardware tokens, like security fobs, or software tokens, such as mobile authenticator apps like Google Authenticator, which provide a changing code at regular intervals, typically every 30 to 90 seconds. Compared to SMS-based 2FA, TOTP is considered more secure, as it is less susceptible to SIM swapping and man-in-the-middle attacks, and does not require internet connectivity or the collection of personal information like phone numbers. However, it involves the use of shared secrets, which must be stored securely to prevent unauthorized access, and relies on user devices that, if lost or broken, can disrupt authentication. Despite these challenges, TOTP remains popular due to its security advantages over static passwords and its offline usability. Descope offers a simplified integration of TOTP into applications through a drag-and-drop workflow editor, allowing developers to add this authentication method with minimal effort.