TOTP Generator
Generate Time-based One-Time Passwords (TOTP) from your 2FA secret key — just like Google Authenticator or Authy, but right in your browser. Supports SHA-1, SHA-256, SHA-512, 6 or 8 digits, and 30s or 60s periods. Your secret never leaves your device.
Paste the base32 secret from your authenticator app setup (the string shown when you set up 2FA).
Frequently Asked Questions
- Is this TOTP generator free?
- Yes, 100% free. No account required, no limits, no ads blocking the tool.
- Is my secret key safe?
- Completely. All TOTP computation runs in your browser using the Web Crypto API (HMAC-SHA1/256/512). Your secret is never sent to any server, stored in a database, or logged anywhere.
- What is a TOTP secret key?
- When you enable 2FA on a website, it shows you a QR code and a text backup key — that backup key is your base32-encoded TOTP secret. It looks like 'JBSWY3DPEHPK3PXP'. Paste it here to generate codes.
- Why does this show Previous and Next codes?
- TOTP codes change every 30 or 60 seconds. If your device clock is slightly off (clock drift), the previous or next code may be accepted by the server. Showing all three helps you authenticate even when clocks are a few seconds out of sync.
- Which algorithm should I use — SHA-1, SHA-256, or SHA-512?
- The vast majority of services (Google, GitHub, Microsoft, AWS) use SHA-1 with 6 digits and a 30-second period. SHA-256 and SHA-512 offer stronger security but are less commonly supported. Check your service's 2FA setup page if you are unsure.
- Does it work on mobile?
- Yes, works on all modern browsers including mobile Safari and Chrome on iOS and Android.