Which description best defines Time-Based One-Time Password (TOTP)?

Time-Based One-Time Passwords are generated from a shared secret and the current time, producing a short-lived code that changes at regular intervals. The authenticator on your device and the server both know the secret and independently compute the code using a cryptographic function with a time-derived value (the number of 30-second intervals since a reference point). Because the time factor advances, the code expires quickly, reducing the chance of reuse. This approach contrasts with static passwords that never change and with counter-based codes that rely on a simple count rather than the actual current time. In practice, you’ll see this in many two-factor apps (like Google Authenticator), where the six-digit code you enter is valid only for a brief window.