Two-Factor Authenticator

TOTP · Real-Time · RFC 6238 · Free

Generate time-based one-time passwords (TOTP) and build otpauth URIs. 100% client-side processing using the Web Crypto API.

RFC 6238 Real-Time Secret Gen otpauth URI Client-Side 6/8 Digits

Secret Key (Base32)

Paste a base32-encoded secret from your 2FA provider, or click Generate to create a new one.

Account Name

Issuer

Period

Digits

Enter a secret key or generate a new one

Your TOTP code will appear here with a live countdown timer

Ad Placement Slot — 728×90 Banner

Tool Information

CategorySecurity Tools

Price100% Free

RegistrationNot Required

PrivacyClient-Side Only

StandardRFC 6238 (TOTP)

Shortcuts

Toggle shortcutsCtrl + K

Close modalsEsc

Quick Actions

Ad Slot — 300×250

Guide

How to Use

Follow these simple steps to generate TOTP codes.

Enter Secret

Paste your base32 secret key or generate a new one.

Configure

Set the account name, issuer, time period, and digit count.

Generate Code

Your TOTP code updates automatically every few seconds.

Copy & Use

Copy the code or build an otpauth URI for QR code generation.

Benefits

Why Use This Authenticator?

The most secure and convenient TOTP generator online.

RFC 6238 Compliant

Implements the official TOTP standard with HMAC-SHA1.

Real-Time Timer

Live countdown showing remaining time before code refreshes.

Secret Generator

Generate cryptographically secure base32 secret keys.

otpauth URI Builder

Create otpauth:// URIs compatible with QR code generators.

Client-Side Only

All processing happens in your browser. No data is sent to any server.

Multiple Formats

Support 6-digit and 8-digit codes with 30s or 60s periods.

1,000,000+

Codes Generated Daily

TOTP100% FreePrivate

FAQ

Frequently Asked Questions

What is TOTP (Time-based One-Time Password)?

TOTP is a standard algorithm (RFC 6238) for generating one-time passwords based on the current time. It produces a new code every 30 or 60 seconds, making it ideal for two-factor authentication.

Is this authenticator secure?

Yes. All code generation happens entirely in your browser using the Web Crypto API. No secret keys or codes are ever sent to any server. Your 2FA secrets remain completely private.

Where do I get a secret key?

When you set up 2FA on a service (like Google, GitHub, etc.), it provides a base32-encoded secret key. Copy that key and paste it here to generate codes.

What is an otpauth URI?

An otpauth URI is a standardized format (otpauth://totp/...) that contains your 2FA configuration. It can be encoded into a QR code for easy setup with authenticator apps.

Can I use this instead of Google Authenticator?

Yes. This tool generates the same TOTP codes as Google Authenticator, Authy, or any other TOTP-compatible app. Enter the same secret key and you will get identical codes.

What is the difference between 30s and 60s periods?

The period determines how often a new code is generated. Most services use 30 seconds. Some older systems use 60 seconds. Match the period to your service provider settings.

FutureTools