TOTP (Time-based One-Time Password) is a standard algorithm defined in RFC 6238. It generates a short-lived numeric code by computing HMAC-SHA1 of the current time window using a shared secret key.

Is this tool safe to use with real account secrets?

All computation happens entirely in your browser using the Web Crypto API. Your secret key is never transmitted to any server. That said, exercise caution with live production secrets — use this primarily for development and testing.

What is a Base32 secret key?

Base32 is an encoding scheme that uses the characters A-Z and 2-7. TOTP apps like Google Authenticator encode the shared secret in Base32 format. It typically looks like JBSWY3DPEHPK3PXP.

Why does my code not match my authenticator app?

Ensure your device clock is accurate — TOTP depends on synchronized time. Also verify you are using the same algorithm (SHA1 is most common), digit count (6), and period (30s) as your authenticator app.

What is an otpauth:// URI?

This is a standard URI format used in QR codes for authenticator apps: otpauth://totp/Label?secret=SECRET&issuer=ISSUER&algorithm=SHA1&digits=6&period=30. Pasting this URI auto-fills all parameters.

Why is SHA1 still the default for TOTP?

Nearly all authenticator apps (Google Authenticator, Authy, Microsoft Authenticator) default to SHA1 for TOTP. While SHA256 is supported by the RFC, it is rarely used in practice and may cause interoperability issues.

What is the time period setting?

The period (typically 30 seconds) defines how long each TOTP code is valid. The current time is divided by this period to determine the time-step counter used in the HMAC computation.

What are previous and next codes used for?

Server-side TOTP validation typically accepts the previous, current, and sometimes next code to account for clock drift. Showing all three lets you test your validation window logic.

Can I use this to set up a new 2FA account?

Yes, if you have the secret key for your own account, you can verify codes here match your authenticator app, which is useful when testing backup authenticator setups or custom TOTP integrations.

Is this tool affiliated with Google Authenticator or any authenticator app?

No. This is an independent implementation of the RFC 6238 TOTP standard for development and testing purposes. It is not affiliated with any authenticator application or service.

TOTP Authenticator Code Generator

Generate and test TOTP 2FA codes from a Base32 secret. Supports SHA1/SHA256.

TOTP Authenticator Code Generator

RFC 6238 · Web Crypto API · 100% client-side

Authorized use only. Use this tool to test your own 2FA implementations or as a backup authenticator for accounts you own. Never use it for unauthorized access to accounts that do not belong to you.

otpauth:// URI (optional — auto-fills fields below)

Base32 Secret Key

Algorithm

Digits

Period

Enter a Base32 secret key to generate TOTP codes.

Implements RFC 6238 (TOTP) using the Web Crypto API (SubtleCrypto HMAC). Zero server requests. Zero data stored.

Most authenticator apps use SHA-1 · 6 digits · 30s period.

TOTP Authenticator Code Generator कसरी प्रयोग गर्ने

1
Enter your Base32-encoded TOTP secret key in the input field (e.g., JBSWY3DPEHPK3PXP).
2
Alternatively, paste an otpauth:// URI from a QR code to auto-fill the secret and parameters.
3
Select the number of digits (6 or 8) and the time period (30 or 60 seconds).
4
The current TOTP code is displayed in large monospace text and updates automatically.
5
Watch the countdown progress bar to see how many seconds remain before the code rotates.
6
Previous and next codes are also shown for testing time-window acceptance in your implementation.
7
Click the copy button to copy the current code to your clipboard.
8
Use this tool only for your own accounts or to test 2FA implementations you are authorized to test.

TOTP Authenticator Code Generator बारेमा

The TOTP Authenticator Code Generator lets you generate and test two-factor authentication codes from a Base32 secret key, right in your browser. Built on the RFC 6238 standard using the Web Crypto API, it supports SHA1/SHA256 algorithms, 6 or 8 digit codes, and 30 or 60 second periods.

Test Your 2FA Implementations

Developing a TOTP-based authentication system? This tool lets you verify your implementation generates the correct codes. Enter your Base32 secret or paste an otpauth:// URI from a QR code to auto-fill all parameters.

Real-time TOTP code generation with countdown timer
Previous, current, and next codes displayed for testing validation windows
SHA-1 and SHA-256 algorithm support
6-digit and 8-digit code options
30-second and 60-second period options
otpauth:// URI parser for auto-filling from QR code data
One-click copy to clipboard

Security First

All computation happens entirely in your browser using the Web Crypto API. Your secret key is never transmitted to any server. Use this tool for testing and development of 2FA systems you are authorized to work on.

TOTP Authenticator Code Generator बारेमा बारम्बार सोधिने प्रश्नहरू

सम्बन्धित उपकरणहरू

Password Generator Hash Generator Base64 Encode & Decode

TOTP Authenticator Code Generator

TOTP Authenticator Code Generator

TOTP Authenticator Code Generator कसरी प्रयोग गर्ने

TOTP Authenticator Code Generator बारेमा

Test Your 2FA Implementations

Security First

TOTP Authenticator Code Generator बारेमा बारम्बार सोधिने प्रश्नहरू

What is TOTP?

Is this tool safe to use with real account secrets?

What is a Base32 secret key?

Why does my code not match my authenticator app?

What is an otpauth:// URI?

Why is SHA1 still the default for TOTP?

What is the time period setting?

What are previous and next codes used for?

Can I use this to set up a new 2FA account?

Is this tool affiliated with Google Authenticator or any authenticator app?

सम्बन्धित उपकरणहरू