TOTP / 2FA Code Generator

What is Two-Factor Authentication?

Two-Factor Authentication (2FA) adds a second layer of security to your accounts beyond just a password. TOTP is the most widely used 2FA method — it generates short-lived 6 or 8-digit codes that change every 30 seconds. Even if someone steals your password, they cannot access your account without the current TOTP code generated by your authenticator.

How This Generator Works

Enter your Base32-encoded secret key (provided when you set up 2FA on any service) and the tool generates the current TOTP code in real time. It uses the Web Crypto API for HMAC-SHA1 computation, following RFC 6238 exactly. The code auto-refreshes every 30 seconds, and a countdown timer shows when the next code will generate. You can also generate a random secret key for testing.

Security and Privacy

This tool runs 100% client-side. Your secret key never leaves your browser — there are no API calls, no server-side processing, and no data storage. The Web Crypto API provides hardware-accelerated cryptographic operations directly in the browser. However, this tool is intended for development and testing — for production 2FA, use a dedicated authenticator app.

Technical Details: RFC 6238

TOTP extends HOTP (RFC 4226) by replacing the counter with a time-based value: the current Unix timestamp divided by the time period (default 30 seconds). The algorithm computes HMAC-SHA1 of the counter bytes using the secret key, then applies dynamic truncation to extract a numeric code. The same algorithm is implemented by Google Authenticator, Authy, Microsoft Authenticator, and other 2FA apps.

Related Security Tools

Check your passwords with the Password Strength Checker, encrypt sensitive data with the Encryption Tool, or decode authentication tokens with the JWT Decoder.