TOTP Generator
Generate time-based one-time passwords (2FA codes) from a secret.
Algorithm
SHA-1 is the default (Google Authenticator, Authy); SHA-256/512 for enhanced security apps.
Digits
Period
Current OTP
...
0
Refreshes every 30s • SHA-1 • 6 digits
A fully RFC 6238–compliant TOTP authenticator that runs entirely in your browser. Scan or paste a secret key to generate live one-time passwords with a live countdown ring — no app install needed.
Key Features
RFC 6238 Compliant
Implements TOTP exactly as specified: HMAC-SHA1 via WebCrypto, 30-second windows, 6-digit codes with dynamic truncation.
Live Countdown Ring
An animated SVG ring shows the remaining seconds in the current 30-second window so you always know when the code will refresh.
QR Code Generation
Generates the otpauth:// QR code for the entered secret so you can import it into any authenticator app (Google Authenticator, Authy, etc.).
Base32 Secret Input
Accepts standard Base32-encoded secrets (the format used by all TOTP services). Includes validation and helpful error messages.
Account Labelling
Add an issuer and account name to generate a properly labelled QR code that authenticator apps can display with full context.
100% Client-Side
Your secret key never leaves your browser. HMAC computation uses the WebCrypto subtle API — no server, no storage, no tracking.
How to Use
- 1Enter your Base32 secret key (found in the "manual entry" option of most 2FA setup flows).
- 2Optionally add an Issuer and Account name for a labelled QR code.
- 3The 6-digit TOTP code updates automatically every 30 seconds.
- 4Watch the countdown ring to see how long the current code remains valid.
- 5Click "Show QR Code" to generate an otpauth:// QR code importable by authenticator apps.