TOTP (Time-based One-Time Password) is a method for generating time-limited one-time passwords. An authenticator app (e.g., Google Authenticator, Authy) produces a new six-digit code every 30 seconds based on a shared secret and the current time. TOTP is a widely used method for two-factor authentication and works offline. In an ISMS, TOTP is deployed to secure privileged access. Compared to SMS codes, TOTP is considered more secure because it cannot be intercepted over the mobile network.