TOTP / 2FA Generator

Generate time-based one-time passwords from a TOTP secret to verify 2FA.

Codes are computed in your browser with the Web Crypto API. Do not paste a secret for an account you rely on.

Frequently asked questions

What is a TOTP code?

A TOTP, or time-based one-time password, is the rotating six-digit code used for two-factor authentication in apps like Google Authenticator. It is derived from a shared secret and the current time.

How is the code generated?

The tool combines your Base32 secret with the current time step and runs a keyed hash using the Web Crypto API to produce the six-digit code. This is the standard TOTP algorithm.

Why does the code change every 30 seconds?

TOTP codes are tied to a time window, typically 30 seconds, so a new code is generated as each window passes. This limits how long any single code is valid.

Is my secret sent anywhere?

No. The code is computed entirely in your browser using Web Crypto, so your Base32 secret never leaves your device. It is not uploaded or stored on a server.

What is a Base32 secret?

It is the shared key, usually shown as a string of letters and digits or a QR code, that a service gives you when enabling 2FA. The same secret on both sides lets the codes match.

What is this tool useful for?

It helps you verify or test a 2FA setup, confirm a secret was entered correctly, or generate a code when your usual authenticator is unavailable. It is a testing and verification aid.

Why does my code not match the service?

A mismatch usually means the secret was mistyped or your device clock is off, since TOTP depends on accurate time. Correcting the secret or syncing the clock resolves it.