TOTP generator
Generate 2FA (TOTP) codes from a base32 secret, with a countdown.
- Instant
- Free
- Private (processed locally)
- No sign-up
Your 2FA codes, computed locally
Dead phone, authenticator app out of reach: from your base32 secret, this tool recomputes the 6-digit TOTP code via HMAC-SHA1 and WebCrypto, exactly like an authenticator app, with a countdown.
-
Paste the secret
The base32 key given when enabling 2FA.
-
Read the code
The current code and the time left appear.
-
Enter it
Before the countdown ends.
How it works
| Element | Detail |
|---|---|
| Standard | RFC 6238 (TOTP) |
| Algorithm | HMAC-SHA1 (WebCrypto) |
| Window | 30 s by default |
| Code | 6 digits |
RFC 6238 test vector: secret “GEZDGNBVGY3TQOJQ…” at T = 59 s → 287082. The secret stays local, nothing is sent.
Frequently asked questions
What is a TOTP code?
TOTP (Time-based One-Time Password, RFC 6238) is the 6-digit code that changes every 30 seconds in authenticator apps. It derives from a shared secret and the current time via HMAC-SHA1, with no network exchange at generation time.
Where do I find the base32 secret?
When enabling 2FA, the service shows a QR code and often a spelled-out key: that base32 secret (letters A-Z and digits 2-7) is what you paste here. It replaces scanning the QR code.
Is it safe to enter my secret here?
The secret stays in your browser: computation is local with WebCrypto, nothing is sent. That said, for a sensitive account a dedicated offline app remains preferable. This tool is ideal to troubleshoot or understand the mechanism.
Why does the code change every 30 s?
Time is split into 30-second windows; the window number feeds the computation. Each new window yields a new code. The countdown shows the time left before renewal.