TOTP / 2FA Authenticator Code Generator Generate time-based one-time passwords.
100% offline
SecretBase32 · RFC 6238
Current codeGenerated locally · never uploaded
Enter a Base32 secret to generate a code.

About TOTP / 2FA Authenticator Code Generator

A TOTP (time-based one-time password) is the rotating six-digit code your authenticator app shows for two-factor authentication. It's derived from a shared Base32 secret and the current time using a one-way HMAC, so the same secret produces the same code on every device — without anything traveling over the network.

This free TOTP / 2FA code generator turns that Base32 secret into the current authenticator code, complete with a live countdown to the next rotation. It's handy for testing 2FA login flows, scripting against an account you control, or generating a code when you don't have your phone on hand.

Everything runs in your browser using the Web Crypto API. Your secret is never uploaded, logged, or sent anywhere — it's used only to compute the code locally and then forgotten when you close the tab.

Features

  • RFC 6238 compliant — matches Google Authenticator, Authy, 1Password, and more
  • Live code with a countdown to the next rotation
  • Adjustable digits (6 or 8), period, and HMAC algorithm (SHA-1/256/512)
  • Fully offline — your secret never leaves the device

How to use

  1. Paste your Base32 TOTP secret (the long string behind the QR code) into the secret field.
  2. Adjust the digits, period, and algorithm if your provider uses non-default settings (most use 6 digits, 30s, SHA-1).
  3. Read off the current code and watch the countdown ring; it refreshes automatically each period.
  4. Copy the code with the copy button and use it to complete your 2FA login.

Frequently asked questions

What is a TOTP secret and where do I find it?

It is a Base32 string a service gives you when you set up 2FA — often hidden behind the QR code as a "manual entry" or "setup key." Anyone with this secret can generate your codes, so treat it like a password.

Why does the code change every 30 seconds?

TOTP combines your secret with the current time divided into fixed windows (30 seconds by default). When the window rolls over, the time counter changes and a new code is produced. The countdown shows how long the current code stays valid.

My code does not match my app — what is wrong?

Check that the digits, period, and algorithm match your provider (most use 6 digits, a 30-second period, and SHA-1). Also make sure your device clock is accurate, since TOTP depends on the current time.

Is it safe to paste my secret here?

The code is computed entirely in your browser with the Web Crypto API and nothing is uploaded. That said, only use a tool you trust with a real 2FA secret, and prefer a dedicated authenticator app for everyday logins.

Related tools

HMAC Generator Online — SHA-256, SHA-512 & SHA-1 Generate keyed-hash MACs locally. Base32 Encode & Decode Online (RFC 4648) Encode and decode Base32 (RFC 4648). Hash Generator — SHA-256, SHA-1 & SHA-512 Online SHA-1, SHA-256 and SHA-512 digests

Everything runs locally in your browser — your input is never uploaded.