The most commonly used security system in the authentication method is the password. The ease of implementation is a major factor in the use of password-based systems and the use of insecure networks is still a threat for some applications, for example on this online ordering website based application. Where the seller must register in advance to be able to place an order. Therefore, it is necessary to have a mechanism to prevent the negative impact of various security attacks, one of which is by implementing a two factor authentication system, it can be built using a combination of username and password and validated ownership with dynamic passwords one time password. One method for generating One Time Password (OTP) is Time-based One Time Password (TOTP), this method generates a dynamic password that changes following a specified time lag. Where the password is generated through the Secure Hash Algorithm 256 (SHA-256) encryption process with the help of a pseudo random number generator that produces a 6-digit hexadecimal value. The results of the system testing at the beginning to the end of the system testing are the application of scenarios that obtain test results in the form of outputs and assessments with a range of values around 95% - 100%. The average results achieved are successful and appropriate based on the design carried out.