A time-based one-time password (TOTP) is a single use code for authenticating a user. It can be used by itself or to supplement another authentication method. It fits the definition of “something you have” as it cannot be easily duplicated and reused elsewhere. The TOTP uses a shared secret and the current time to calculate a code, which is displayed for the user and regenerated at regular intervals.