An employee is confused that the six-digit codes in her authenticator app keep updating while her smartphone is in airplane mode. You must clarify how the Time-based One-Time Password (TOTP) method works. Which statement best explains this behavior?
The app uses a shared secret and the phone's current time to generate each one-time code locally.
A cloud push notification challenge is performed that does not depend on time synchronization.
The method relies on the GSM network to deliver an SMS containing each new code.
The app contacts the authentication server over mobile data every 30 seconds to download the next code.
TOTP relies on a pre-shared secret that is stored on both the authenticator app and the authentication server. The app combines this secret with the current time obtained from the device's clock to calculate a one-time code locally, so no network connection is required. The other options describe methods that do need connectivity, such as retrieving codes from the server over data, receiving SMS messages, or completing cloud push challenges, and therefore do not explain why codes appear while offline.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
How does TOTP generate codes without internet connectivity?
Open an interactive chat with Bash
What happens if the device's clock is incorrect for TOTP?