TOTP (Time-based One-Time Password) is a common form of two-factor authentication. It generates a 6-digit code that changes every 30 seconds using your secret key and the current time.
Yes. Everything runs entirely in your browser. Your secret key is never sent to any server — it stays on your device only.
The secret key is a Base32-encoded string (e.g. JBSWY3DPEHPK3PXP). You can find it in your app's 2FA setup page, often shown alongside a QR code.
Make sure your device clock is accurate. TOTP codes are time-based, so a clock that is even a few minutes off will generate incorrect codes. Enable automatic time sync in your OS settings.
This tool requires the text-based secret key, not a QR code scan. When setting up 2FA in an app, look for a link like 'Can't scan the QR code?' or 'Show text key' — that reveals the Base32 secret you can paste here.
Your secret keys are saved in your browser's localStorage and persist across sessions. They are only lost if you clear your browser data or use a private/incognito window. Always keep a secure backup of your secret keys.
Yes. TOTP is an open standard (RFC 6238) used by Google Authenticator, Authy, Microsoft Authenticator, and all major 2FA apps. Any valid TOTP secret generates identical codes across all compatible tools.
TOTP is the open standard (RFC 6238) used by Google Authenticator, Authy, and every major 2FA app. This tool generates real TOTP codes directly in your browser — no installation, no account, no data ever leaves your device.
Find your secret key
In your account's security settings, select 'Set up authenticator app.' You'll see a QR code and a text secret key in Base32 format (e.g. JBSWY3DPEHPK3PXP).
Enter the secret
Paste the secret key into the input field. You can label each entry (e.g. Gmail|JBSWY3DPEHPK3PXP or Facebook:NBSWY3DPEB3W64TM) to manage multiple accounts at once.
Read your code
The 6-digit code appears immediately with a 30-second countdown. The code refreshes automatically — no need to reload the page.
Copy and use
Click the copy button next to any code and paste it into your login form before it expires.
Emergency account recovery
If you lose your phone and can't access your authenticator app, use this tool with your saved backup secret to generate codes while you set up a replacement.
Testing 2FA integration
Developers building 2FA into their apps can use this tool to verify that the TOTP secret they generate produces the correct codes before deploying to users.
Managing multiple accounts
Enter secrets for all your accounts in one session — Google, GitHub, Dropbox, AWS — and see all codes refreshing simultaneously on one screen.
All tools run entirely in your browser — private, fast, no account required.