Generate time-based one-time passwords for 2FA testing. Nothing leaves your browser.
TOTP (Time-based One-Time Password) uses a shared secret and the current time to generate a code that changes every 30 seconds. The algorithm takes the secret key, combines it with a time counter (current Unix time divided by the period), and runs it through HMAC-SHA1 to produce a 6 or 8-digit code.
This is the same algorithm behind Google Authenticator, Authy, 1Password, and Microsoft Authenticator. The secret key is typically shared as a Base32-encoded string or QR code during 2FA setup. Both the server and your authenticator app independently generate the same code from the same secret and time — no network request needed.
This tool is useful for developers testing 2FA integrations, verifying that a secret key produces the expected codes, or debugging authentication flows. Enter any Base32 secret to see live rotating codes. Everything runs in your browser using the Web Crypto API — your secret never leaves your device.
This tool in other languages:
Français:
Générateur TOTP / Code 2FA
Español:
Generador TOTP / Código 2FA
Deutsch:
TOTP-Generator / 2FA-Code
Português:
Gerador TOTP / Código 2FA
日本語:
TOTP生成ツール(二要素認証)
中文:
TOTP 生成器(双因素认证)
한국어:
TOTP 생성기 (2단계 인증)
العربية:
مولد TOTP — رمز المصادقة الثنائية