TOTP Generator (One-Time Passwords)
From a Base32 secret, generate the same time-based one-time passwords (TOTP) as authenticator apps (Google Authenticator etc.), with a live countdown. For testing 2FA and backup. The secret is never stored or sent — codes are computed with the browser's Web Crypto API.
Spaces, lowercase and hyphens are tolerated. Your input is not stored.
How to use the TOTP generator
Press one of the "Examples (click to try)" chips, or enter the Base32 secret a service gave you. It shows the code live as you type; the bar below shows time remaining and it refreshes automatically every period (30 seconds by default). Use "Copy code" for the clipboard. If the digits, period or algorithm differ from the defaults (6 digits, 30 seconds, SHA-1), set them in the menus above. Paste an otpauth:// URI and it reads the secret and settings automatically.
Example
Enter secret JBSWY3DPEHPK3PXP (6 digits, 30 seconds, SHA-1) and a 6-digit code appears that changes every 30 seconds. With a correct device clock, it matches an authenticator app set up with the same secret.
- Digits: most services use 6. 7 and 8 are also supported.
- Period: how often the code rotates. The standard is 30 seconds.
- Algorithm: SHA-1 by default. Some services use SHA-256/512.
- QR code: shows an otpauth:// QR you can import into an authenticator app (handle with care — it contains the secret).
Using it safely
- The secret is never stored or sent (memory only; cleared on reload).
- Don't use it on shared computers or in public. A TOTP secret is as sensitive as a password.
- If your device clock is off, the codes won't be correct.
To create a fresh secret, see the Password Generator; to make a QR separately, the QR Code Generator helps.