TOTP Generator
Free online TOTP authenticator, no installation required. Compatible with Google Authenticator, supports 2FA
About TOTP Generator
Generates RFC 6238 Time-based One-Time Passwords from a Base32-encoded shared secret, producing 6-digit codes that refresh every 30 seconds (HMAC-SHA-1 based). It decodes the Base32 secret locally, computes HMAC-SHA-1 over a big-endian 8-byte time counter, applies dynamic truncation, and shows the code with a live countdown bar that turns yellow under 10s and red under 5s. The secret is persisted in local storage so codes regenerate automatically.
How to Use
1. Paste your Base32 shared secret (the kind QR codes from authenticator apps encode, e.g., JBSWY3DPEHPK3PXP) into the secret field. 2. The 6-digit code appears immediately, formatted as XXX XXX. 3. The countdown bar shows seconds remaining in the 30-second window; the code auto-refreshes at each boundary. 4. Click the refresh icon to regenerate immediately, or Copy Code to copy the current 6 digits. 5. The secret is saved locally and reloaded on your next visit.
TOTP Algorithm Details
TOTP = HOTP(K, T) where T = floor(unixTime / 30). HOTP: HMAC-SHA-1 the Base32-decoded secret with the 8-byte big-endian counter, take the last 4 bits as offset, extract 4 bytes at that offset, mask the top bit, and mod 10^6 for a 6-digit code. The secret must be valid Base32 (A-Z, 2-7, optional padding); invalid input is flagged and no code is generated. This matches what Google Authenticator, Authy, and 1Password produce.
▶Why is no code shown after I paste my secret?
▶Why does my code differ from my phone's authenticator?
▶Is the secret stored securely?
▶Can this generate Steam Guard or 8-digit codes?
If this tool has been helpful to you, consider buying me a coffee.
Buy me a coffee