TL;DR: Those SMS authentication codes SUUUCK when you’re an expat who doesn’t always have access to the same phone number. TOTP is a fix to that, allowing you to access your accounts without needing to be able to receive SMS texts. The tutorial video below teaches what TOTP is, how it works, and how to use it. I use and recommend a paid Bitwarden plan for less than $1/month to manage my TOTP codes.
Ok, let’s talk again about online accounts, and convenience.
If you haven’t yet gotten set up with a password manager, then probably the most annoying/inconvenient thing you experience while trying to log into your accounts is forgetting your passwords. Even back when I basically used the exact same password for everything, there was still always inevitably some account that required a slightly different password than I normally used, meaning I’d need to remember (and, most likely end up forgetting) that new one.
Like I wrote about before, a password manager basically completely fixes that problem, while also significantly increases your online security in the process.
A major win-win.
However, once you’ve gotten your passwords under control with a password manager, the next biggest frustration you’re likely to face is issues with 2 Factor Authentication.
Even if you don’t know what 2 Factor Authentication (2FA) means, you’ve almost certainly come across it.
You know when you log into an account, and you get a text message with a code on your phone, and you need to type in that code to the login page in order to finish logging in to your account?
That’s 2FA.
There’s lots of interesting and nerdy things to be said about 2FA. But for now, I just want to focus on one thing:
Two Factor Authentication over SMS text message sucks if you travel internationally often, or regularly change your phone number…
… Or if you end up losing your phone.
If you need to log into an account, and need to receive a text message to log into that account, but you can’t actually receive a text message (whether because your carrier doesn’t have an international plan available in the country you’re in, or otherwise), you’re basically out of luck.
You will not be accessing that account today. 🫠
Thankfully, there’s a solution to this problem! It’s called TOTP (Time-based One-Time Passwords).
Ughhh.... not another acronym!!
Basically, TOTP is a way to allow you to verify your identity when logging into accounts, without getting a text message.
Instead of proving that you can receive texts at your phone number, you instead keep a special code (called a “seed”) in an app on your device (phone or computer).
That “seed” is used to generate unique, one-time 6 digit code that you end up using when you log in to your accounts.
So, as long as you have that “seed” saved on one of your devices, you’ll be able to access your account.
I won’t lie, it’s a bit convoluted system to understand at first. The learning curve is not insignificant.
BUT, if you regularly need to access accounts that require 2FA, but you also regularly don’t have access to SMS to use for 2FA, then TOTP is a fantastic solution.
So... many... acronyms.....
Account access got a lot more convenient and simple for me once I started using TOTP… especially as someone who regularly crosses international boarders, but still needs to maintain access to his accounts.
If TOTP sounds like something you’d benefit from, you should check out the tutorial that @Techlore put together about it. Their video is mostly focused on the security benefits of TOTP (which are significant). But, like having a password manager, using TOTP increases both security and convenience in huge and notable ways.
The video is pretty long, but it lays the foundation for you to be able to understand TOTP well, so you can learn the tool and get all the benefits from it.
Check it out if you think you’d benefit!
My personal recommendation is to use the TOTP features built into the paid plans in Bitwarden . I already Bitwarden to manage my passwords, so having it manage my TOTP seeds and codes is just a wonderful synergy of convenience.
If you have any questions, or need help setting something like this up, feel free to click the reply button bellow, and I’d be glad to try to help! 😎
EDIT, December 2024: If you want to use TOTP but don’t want to pay the $10/year for Bitwarden, I’ve also heard good things about Ente Auth. It’s 100% free and it’s open source. If you want TOTP for free, it’s probably a great tool to try.