TOTP Generator
Generate and verify time-based one-time passwords for two-factor authentication
QR Code for Authenticator Apps
Scan with Google Authenticator, Authy, or any TOTP app
Enter TOTP Code to Verify
otpauth://totp/Issuer:account?secret=BASE32SECRET&issuer=Issuer&digits=6&period=30&algorithm=SHA1 Privacy & Security
- All TOTP generation happens locally in your browser - secrets never leave your device
- No server communication, no logging, no tracking
- Safe for generating real 2FA secrets for production use
- Works offline once the page is loaded
About TOTP Generator
Time-based One-Time Password (TOTP) is a widely used algorithm for two-factor authentication. It generates temporary codes that change every 30 seconds (by default), providing an additional layer of security beyond passwords. This tool allows you to generate TOTP secrets, create QR codes for authenticator apps, and verify TOTP codes.
How TOTP Works
TOTP combines a shared secret key with the current time to generate a unique code. The algorithm uses HMAC (Hash-based Message Authentication Code) with the time counter as input. Both the server and authenticator app share the same secret and algorithm, so they generate identical codes at any given time.
Key Components
- Secret Key: A Base32-encoded random string shared between server and client
- Period: Time step in seconds (default 30 seconds)
- Digits: Length of the generated code (6 or 8 digits)
- Algorithm: Hash function used (SHA-1, SHA-256, or SHA-512)
Compatible Apps
- Google Authenticator
- Authy
- Microsoft Authenticator
- 1Password
- LastPass Authenticator
- Any RFC 6238 compliant app
Security Best Practices
- Store secret keys securely on your server
- Use HTTPS when transmitting secrets
- Implement rate limiting for verification attempts
- Allow for clock drift (±30 seconds typically)
- Provide backup codes for account recovery