What is TOTP?
TOTP (Time-based One-Time Password, RFC 6238) is the algorithm behind most two-factor authentication (2FA) apps like Google Authenticator, Authy, and 1Password. A shared Base32-encoded secret key is stored both on the server and in the authenticator app. Every 30 seconds, both parties independently compute a 6-digit code by applying HMAC-SHA1 to the current 30-second time window using the secret key, then taking the last 6 digits. Since the codes are time-based, a code is only valid for approximately 30–90 seconds (allowing for clock skew). This tool implements the full TOTP algorithm in your browser using the Web Crypto API — your secret key never leaves your device.
How to Use the TOTP Generator
-
Enter the Base32 secret key from your service or app (the string shown when setting up 2FA).
-
Click Generate to create a random secret key for testing.
-
Fill in the Account Name and Issuer to identify the entry in your authenticator app.
-
The 6-digit code refreshes automatically every 30 seconds — the progress bar and countdown show time remaining.
-
Click Copy Code to copy the current code to the clipboard.
-
Scan the QR code with any authenticator app (Google Authenticator, Authy, etc.) to add the account.
-
Use the Verify section to check if a code is currently valid (allows ±1 window for clock skew).