TOTP Generator — Time-Based One-Time Password

Generate time-based one-time passwords (TOTP) compliant with RFC 6238. Enter your base32-encoded secret key and see the current code with a visual countdown showing time remaining before refresh. 100% client-side — nothing is sent to any server.

TOTP Generator

Enter the shared secret from your authenticator app setup (e.g., JBSWY3DPEHPK3PXP).
Current TOTP Code Enter your secret key

How to Use the TOTP Generator

  1. Enter your base32-encoded secret key — this is the key you received when setting up two-factor authentication.
  2. Click "Generate TOTP Code" to compute the current one-time password.
  3. View the code displayed on screen — it refreshes every 30 seconds.
  4. Watch the countdown to see how much time remains before the code changes.
  5. Use the code for two-factor authentication verification or testing your TOTP implementation.

Why Use This Tool?

Test and verify TOTP implementations, troubleshoot two-factor authentication issues, or generate codes when your authenticator device isn't available. Perfect for developers implementing 2FA and security teams verifying authentication flows.

Frequently Asked Questions

TOTP (Time-Based One-Time Password) is an algorithm defined in RFC 6238 that generates temporary codes based on the current time and a shared secret. It's the standard behind two-factor authentication apps like Google Authenticator and Authy.

When you set up two-factor authentication on a service, it provides a base32-encoded secret key (usually displayed as a QR code or text string). This key is shared between your authenticator app and the server — you need the same key to generate matching codes.

Yes. All TOTP computation happens entirely in your browser using the Web Crypto API. Your secret key is never sent to any server. However, treat your TOTP secrets as sensitive credentials — don't share them publicly.

Use Cases

Two-Factor Authentication

Generate time-based codes for two-factor authentication on accounts that support TOTP-based 2FA.

Developer Testing

Test TOTP implementations during development and verify that your server-side validation logic is correct.

Backup Access

Generate TOTP codes when your primary authenticator device is unavailable or lost.

Security Auditing

Verify that TOTP secrets are correctly configured and codes are properly synchronized across systems.

Related Tools

HMAC Generator

Create HMAC signatures with a secret key

Hash Generator

Generate MD5, SHA-1, SHA-256, SHA-512 hashes

Password Checker

Check password strength & generate