# HOTPGenerate() Generates a counter-based One-Time Password (HOTP). Unlike TOTP which uses the current time, HOTP uses a counter that you increment after each use. Returns a 6-digit code by default. **Requires Extension:** [Crypto Extension](https://download.lucee.org/#17AB52DE-B300-A94B-E058FC978BE4542D) ``` HOTPGenerate( secret=string, counter=numeric, options=struct ); ``` **Returns:** string # Arguments | Argument | Type | Required | Description | Default | |----------|------|----------|-------------|---------| | secret | string | Yes | Base32-encoded secret | | | counter | numeric | Yes | Counter value | | | options | struct | No | Optional struct: digits (default 6), algorithm (SHA1\|SHA256\|SHA512, default SHA1) | | # Usage Notes HOTP uses a counter rather than time. Your application is responsible for storing and incrementing the counter after each successful verification. If you don't need counter-based OTP specifically, prefer TOTP ([TOTPVerify()](totpverify.md)) which handles the counter automatically using the current time. The secret must be a Base32-encoded string. Use [TOTPSecret()](totpsecret.md) to generate one. # Examples ```cfml // HOTP generates a one-time password based on a counter value (RFC 4226) // Unlike TOTP which uses time, HOTP uses a counter that increments with each use secret = TOTPSecret(); // Base32-encoded shared secret // Generate a 6-digit code for counter value 0 code = HOTPGenerate( secret, 0 ); // e.g. "755224" - always the same for the same secret and counter // HOTP is deterministic - same secret + counter always gives the same code code1 = HOTPGenerate( secret, 42 ); code2 = HOTPGenerate( secret, 42 ); // code1 == code2 // Different counters produce different codes codeA = HOTPGenerate( secret, 0 ); codeB = HOTPGenerate( secret, 1 ); // codeA != codeB // Options: change digit count or algorithm code = HOTPGenerate( secret, 0, { digits: 8 } ); // 8-digit code code = HOTPGenerate( secret, 0, { algorithm: "SHA256" } ); code = HOTPGenerate( secret, 0, { algorithm: "SHA512" } ); ``` # Categories [Cryptography](../../categories/crypto.md) # See Also [HOTPVerify()](hotpverify.md), [TOTPSecret()](totpsecret.md)