{"id":5763,"date":"2026-06-16T05:25:28","date_gmt":"2026-06-16T05:25:28","guid":{"rendered":"https:\/\/aaxonix.com\/resources\/?post_type=glossary&#038;p=5763"},"modified":"2026-06-16T05:25:28","modified_gmt":"2026-06-16T05:25:28","slug":"totp-zoho-vault","status":"publish","type":"glossary","link":"https:\/\/aaxonix.com\/resources\/glossary\/totp-zoho-vault\/","title":{"rendered":"TOTP (Vault)"},"content":{"rendered":"<style>\n.gt-body{font-family:'Poppins',sans-serif;color:#111;line-height:1.75}\n.gt-def{border-left:4px solid #E8650A;padding:16px 20px;background:#fff8f4;border-radius:0 8px 8px 0;margin:0 0 32px;font-size:1.05rem}\n.gt-section{margin:0 0 36px}.gt-section h2{font-family:'Fraunces',serif;color:#0A1628;font-size:1.5rem;margin:0 0 12px}\n.gt-example-box{background:#f0f4ff;border-radius:10px;padding:20px 24px;margin:0 0 32px}.gt-example-box strong{color:#2563EB}\n.gt-related-pills{display:flex;flex-wrap:wrap;gap:10px;margin:0 0 32px}\n.gt-related-pill{background:#f7f4ef;border:1px solid #ddd8cf;border-radius:20px;padding:6px 16px;font-size:.875rem;color:#0A1628;text-decoration:none}\n.gt-faq-item{border:1px solid #ddd8cf;border-radius:10px;padding:16px 20px;margin:0 0 12px}\n.gt-type-badge{display:inline-block;background:#0A1628;color:#fff;font-size:.75rem;padding:3px 10px;border-radius:20px;margin:0 0 24px;font-family:'DM Mono',monospace}\n<\/style>\n<div class=\"gt-body\">\n<span class=\"gt-type-badge\">Technical Term<\/span><\/p>\n<div class=\"gt-def\">Storing a TOTP seed in Zoho Vault alongside the password creates a single authoritative location for both authentication factors. This solves the coordination problem where one team member holds the password in Vault and another holds the TOTP on their personal phone, making shared account access unnecessarily fragmented.<\/div>\n<div class=\"gt-section\">\n<h2>How TOTP Works in Zoho Vault<\/h2>\n<p>When you enable TOTP on a Secret, you enter the TOTP seed key provided by the target service (the same key you would scan as a QR code in Google Authenticator). Vault stores this seed encrypted alongside the Secret. At login time, the Vault browser extension can fill both the password and the current 6-digit TOTP code into the appropriate fields. The TOTP code regenerates every 30 seconds according to the RFC 6238 standard, same as any other authenticator app.<\/p>\n<\/div>\n<div class=\"gt-section\">\n<h2>When to Use TOTP<\/h2>\n<p>Add a TOTP seed to a Secret whenever the associated service requires two-factor authentication and the account is shared by more than one person. This avoids binding the second factor to a single team member&#8217;s phone. It is equally useful for individual accounts if you want both factors centralised in your vault rather than split across Vault and a mobile authenticator. Avoid storing TOTP in Vault for accounts where security policy explicitly requires the second factor to remain on a separate physical device.<\/p>\n<\/div>\n<div class=\"gt-section\">\n<h2>Key Considerations for TOTP<\/h2>\n<p>Storing both factors in the same vault reduces the security separation that two-factor authentication is designed to provide. This is a deliberate usability tradeoff and is appropriate for shared team accounts where distributing a phone is impractical. For individual accounts with high security requirements, keep TOTP on a hardware token or separate authenticator app. Ensure your Vault account itself is protected with strong MFA, because it now holds both factors for every linked service. Back up TOTP seeds when initially setting them up, as the target service may not allow re-scanning the QR code later.<\/p>\n<\/div>\n<div class=\"gt-example-box\"><strong>India Example:<\/strong> A Pune digital marketing agency stores the TOTP seed for a shared Google Ads account in the same Vault Secret as the password. Three team members can log in independently using the Vault extension without asking a colleague to share a phone code, and all TOTP usage is captured in the audit log.<\/div>\n<div class=\"gt-related-pills\">\n<a href=\"https:\/\/aaxonix.com\/resources\/glossary\/secret-zoho-vault\/\" class=\"gt-related-pill sp-content-link\">Secret<\/a><br \/>\n<a href=\"https:\/\/aaxonix.com\/resources\/glossary\/password-sharing-zoho-vault\/\" class=\"gt-related-pill sp-content-link\">Password Sharing<\/a><br \/>\n<a href=\"https:\/\/aaxonix.com\/resources\/glossary\/access-control-zoho-vault\/\" class=\"gt-related-pill sp-content-link\">Access Control<\/a>\n<\/div>\n<div class=\"gt-faq-item\"><strong>Does sharing a Secret in Zoho Vault automatically share the TOTP code with the recipient?<\/strong><\/p>\n<p>Yes. When you share a Secret that has a TOTP seed attached, the recipient can also view and auto-fill the TOTP code, subject to the permission level granted. If the recipient has view-only access, they can use the TOTP code to log in but cannot modify the seed. This makes TOTP sharing as simple as Secret sharing, with the same access controls applying to both factors.<\/p>\n<\/div>\n<div class=\"gt-faq-item\"><strong>What happens to the TOTP seed if a Secret is deleted from Zoho Vault?<\/strong><\/p>\n<p>The TOTP seed is stored as part of the Secret record and is deleted along with it. If the Secret is soft-deleted, an admin can restore it with the seed intact within the retention period. If permanently deleted, the seed is gone. Before deleting any Secret with a TOTP seed, disable or re-configure two-factor authentication on the target service first, otherwise you may lose access to that account permanently.<\/p>\n<\/div>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>TOTP in Zoho Vault refers to the storage and auto-fill of Time-based One-Time Passwords alongside their associated Secret, enabling two-factor<\/p>\n","protected":false},"template":"","meta":{"seo_title":"TOTP | Zoho Vault Glossary","seo_description":"TOTP in Zoho Vault refers to the storage and auto-fill of Time-based One-Time Passwords alongside their associated Secret, enabling two-factor","seo_keyword":"totp zoho vault","seo_faqs":"[{\"q\": \"Does sharing a Secret in Zoho Vault automatically share the TOTP code with the recipient?\", \"a\": \"Yes. When you share a Secret that has a TOTP seed attached, the recipient can also view and auto-fill the TOTP code, subject to the permission level granted. If the recipient has view-only access, they can use the TOTP code to log in but cannot modify the seed. This makes TOTP sharing as simple as Secret sharing, with the same access controls applying to both factors.\"}, {\"q\": \"What happens to the TOTP seed if a Secret is deleted from Zoho Vault?\", \"a\": \"The TOTP seed is stored as part of the Secret record and is deleted along with it. If the Secret is soft-deleted, an admin can restore it with the seed intact within the retention period. If permanently deleted, the seed is gone. Before deleting any Secret with a TOTP seed, disable or re-configure two-factor authentication on the target service first, otherwise you may lose access to that account permanently.\"}]","term_type":"Technical","glossary_related":"","glossary_links":""},"glossary_category":[1286],"class_list":["post-5763","glossary","type-glossary","status-publish","hentry","glossary_category-zoho-vault"],"_links":{"self":[{"href":"https:\/\/aaxonix.com\/resources\/wp-json\/wp\/v2\/glossary\/5763","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/aaxonix.com\/resources\/wp-json\/wp\/v2\/glossary"}],"about":[{"href":"https:\/\/aaxonix.com\/resources\/wp-json\/wp\/v2\/types\/glossary"}],"wp:attachment":[{"href":"https:\/\/aaxonix.com\/resources\/wp-json\/wp\/v2\/media?parent=5763"}],"wp:term":[{"taxonomy":"glossary_category","embeddable":true,"href":"https:\/\/aaxonix.com\/resources\/wp-json\/wp\/v2\/glossary_category?post=5763"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}