TOTP Generator
Generate RFC 6238 TOTP codes with live countdown timer. Configurable algorithm, digits, and period. Includes otpauth:// QR code. 100% client-side.
How to Use
- Enter your Base32 secret, or click Random to generate a new one.
- Optionally configure digits (6 or 8), period (30s or 60s), and algorithm (SHA-1/SHA-256/SHA-512).
- The current TOTP code appears with a live countdown bar.
- Scan the QR code with any TOTP authenticator app (Google Authenticator, Authy, etc.).
- Copy the
otpauth://URI if you need to configure an authenticator programmatically.
Algorithm Notes
- SHA-1 is the default and is used by most authenticator apps and platforms.
- SHA-256 / SHA-512 provide stronger HMAC but are less widely supported by authenticator apps.
- Make sure your server and this tool use the same algorithm and period for codes to match.
FAQ
What is TOTP?
TOTP (Time-based One-Time Password) is an algorithm defined in RFC 6238. It generates a short numeric code from a shared secret and the current time. It is the standard behind most authenticator apps (Google Authenticator, Authy, etc.).
Is my secret sent to any server?
No. All computation uses the browser's Web Crypto API (HMAC-SHA1/SHA256/SHA512). Nothing leaves your machine.
What Base32 format does the secret use?
Standard RFC 4648 Base32 (alphabet A–Z and 2–7). Most authenticator apps use this format. You can paste an existing secret or click Random to generate a new 20-byte (160-bit) secret.
Can I use this to set up 2FA for my account?
Yes — scan the QR code with Google Authenticator, Authy, or any TOTP-compatible app. The codes generated by this tool will match the app's codes.
Why does the code change every 30 seconds?
TOTP derives the code from counter = floor(currentTime / period). The default period is 30 seconds. Once the period elapses, a new counter value produces a new code.