RFC 4226 — HOTP: An HMAC-Based One-Time Password Algorithm by node

This document describes HOTP, an algorithm to generate one-time passwords from a shared secret and a counter using HMAC. Each password is valid once, defeating reuse and replay. HOTP is the basis of the time-based TOTP used by authenticator apps.