Is the TOTP Generator free?

Yes, completely free. No account, no subscription.

Is my secret key sent to a server?

No. TOTP codes are generated locally using the HMAC-SHA1 algorithm in your browser — your secret never leaves your device.

A Time-based One-Time Password (TOTP) is a 6-digit code that changes every 30 seconds, used as a second factor in 2FA authentication.

Is this compatible with Google Authenticator?

Yes. This tool implements RFC 6238 (TOTP) and is compatible with Google Authenticator, Authy, 1Password and any standard 2FA app.

🔑

TOTP Generator

Generate Time-based One-Time Passwords (RFC 6238) locally — a developer tool for testing 2FA implementations. Nothing leaves your browser.

Base32 Secret Key

Issuer (optional)

Account (optional)

Enter a Base32-encoded secret key above to generate codes.

How it works

Enter your Base32 secret
Paste the secret key from the 2FA setup QR code (shown as text like JBSWY3DPEHPK3PXP).

RFC 6238 TOTP algorithm
The counter is floor(unix_time / 30). HMAC-SHA1 is computed using the Web Crypto API, then dynamic truncation yields a 6-digit code.

Auto-refresh every 30 seconds
The circular countdown shows time remaining. The code refreshes automatically and previous/next codes are shown for clock-skew tolerance.

100% local & private
All computation uses the browser's SubtleCrypto API. Your secret key never leaves your device.

TOTP Generator

How it works

Frequently Asked Questions