Language
English English Vietnamese (Tiếng Việt) Vietnamese (Tiếng Việt) Chinese (简体中文) Chinese (简体中文) Portuguese (Brazil) (Português do Brasil) Portuguese (Brazil) (Português do Brasil) Spanish (Español) Spanish (Español) Indonesian (Bahasa Indonesia) Indonesian (Bahasa Indonesia)
TOTP Generator

TOTP Generator

Generate time-based one-time passwords for two-factor authentication from a Base32 secret. Supports SHA-1, SHA-256, SHA-512 with QR import and multi-account management.

TOTP Generator for 2FA Codes

This TOTP generator turns a Base32 secret key into the same time-based one-time passwords your authenticator app produces, generating a fresh 2FA code every 30 or 60 seconds. It is built for developers, testers, and anyone who needs a working TOTP code from a secret without reaching for a phone.

TOTP (Time-based One-Time Password, defined in RFC 6238) is the standard behind Google Authenticator, Authy, and Microsoft Authenticator. Paste a secret or an otpauth:// URL, upload an authenticator QR image, and save multiple accounts for one-click code generation.

Private by design: every code is computed in your browser with the Web Crypto API. Your secret keys are never sent to a server, and saved accounts live only in your browser's local storage.

How to Generate a TOTP Code

1

Enter the secret key

Type or paste a Base32 secret (for example JBSWY3DPEHPK3PXP) into the Secret Key field. The code generates automatically — spaces, dashes, and = padding are stripped for you.

2

Or import a URL or QR

Paste a full otpauth://totp/... URL to auto-fill every setting, or click Upload QR Code to decode an authenticator QR image. The issuer, account, algorithm, digits, and period are parsed automatically.

3

Match the settings

Set Algorithm (SHA-1, SHA-256, or SHA-512), Digits (6 or 8), and Period (30 or 60 seconds) to match the service you are pairing with.

4

Copy and save

Use Copy code to send the current code to your clipboard before the timer runs out. Click Save to store the account locally and load its codes in one click next time.

Features

Three Hash Algorithms

Generate codes with SHA-1 (the default and most compatible), SHA-256, or SHA-512 to match any service.

Configurable Digits & Period

Switch between 6 or 8 digit codes and a 30 or 60 second period to fit how the service was set up.

Live Countdown Timer

A progress bar tracks the remaining time, turning yellow at 33% left and red in the last 5 seconds.

Next Code Preview

The upcoming code is always shown below the current one, so a code that is about to expire never trips you up.

otpauth:// URL Parsing

Paste a standard otpauth:// URL to pull the secret, issuer, account, algorithm, digits, and period in one step.

QR Import & Export

Decode a TOTP QR image to load a secret, or generate a scannable QR code to move it to a mobile authenticator.

Multi-Account Management

Save several accounts in your browser and click any one to instantly load its secret and generate codes.

Inline Renaming

Rename a saved account with the pen icon or by double-clicking its name — no separate edit screen needed.

Secret Visibility Toggle

Hide or reveal the secret key with one click, plus copy the live code to your clipboard whenever you need it.

Client-Side Only

All generation runs locally with the Web Crypto API. Secrets are never uploaded and saved accounts stay on this device.

Frequently Asked Questions

What is TOTP?

TOTP stands for Time-based One-Time Password. It combines a shared secret key with the current time through an HMAC hash to produce a short code that changes every 30 or 60 seconds. Because the server and your device share the same secret and clock, they generate matching codes independently — no network call needed. It is defined in RFC 6238.

How do I generate a TOTP code from a secret key?

Paste your Base32 secret into the Secret Key field and the code appears immediately. If your settings differ from the defaults, adjust the algorithm, digit count, and period to match the service. You can also paste an otpauth:// URL or upload a QR image to fill everything in automatically.

What is a TOTP secret key and what format should it be in?

The secret key is the shared value a service gives you when you enable 2FA. It should be in Base32 encoding — letters A–Z and digits 2–7. This tool automatically removes spaces and = padding. If you only have a QR code or an otpauth:// link, import that instead and the secret is extracted for you.

How long is a TOTP code valid?

By default each code is valid for 30 seconds, and some services use a 60-second period. The countdown timer shows exactly how much time is left, turning yellow at 33% remaining and red in the final 5 seconds. The next code is previewed below, so you can wait it out instead of racing the clock.

Which algorithm should I choose?

SHA-1 is the default and most widely supported option — most services (Google, GitHub, AWS) use SHA-1 with 6 digits and a 30-second period. Only switch to SHA-256 or SHA-512 if the service you are pairing with specifically requires it. Importing an otpauth:// URL sets the right algorithm for you.

Why doesn't my code match what the service expects?

TOTP depends on accurate time, so if your device clock is off by more than a few seconds the codes will not line up — make sure your system time is synchronized. Also confirm the algorithm, digit count, and period match what the service uses. A mismatch in any of these produces a valid-looking but wrong code.

Is an online TOTP generator safe to use?

Here, all computation happens entirely in your browser with the Web Crypto API — your secret key is never transmitted to any server, and saved accounts are stored only in this browser's local storage. That said, treat any secret like a password: for everyday 2FA a dedicated mobile authenticator is still recommended, since this tool is best for development, testing, or a backup code generator.

What is the difference between TOTP and HOTP?

TOTP is time-based, generating codes that change every 30 or 60 seconds. HOTP is counter-based, with a value that increments on each use. TOTP is more common because its codes expire automatically, which reduces the risk of replay attacks. This tool supports TOTP only.

Are my saved accounts backed up?

Saved accounts live in your browser's local storage. They persist between sessions but are not synced to any cloud, so clearing your browser data removes them. Use Show QR Code to export an important secret as a scannable QR image you can keep as a backup.

Secret Key

Enter a secret key to generate TOTP code

— — —
30s
Next
QR Code

Scan with your authenticator app

Saved Accounts

No saved accounts

Ready
| |
Enter a Base32 secret key or paste an otpauth:// URL to generate codes instantly
Use Upload QR Code to import secrets from authenticator QR code images
Click Save to store accounts locally, then load any account's codes in one click
Double-click an account name or click the pen icon to rename it
The timer bar turns yellow at 33% and red in the final 5 seconds
Click Show QR Code to export a scannable code for a mobile authenticator
All generation runs in your browser with the Web Crypto API — your secrets never leave your device
Want to learn more? Read documentation →
1/8
Start typing to search...
Searching...
No results found
Try searching with different keywords