TOTP (Time-based One-Time Password, RFC 6238) generates a short-lived numeric code from a shared secret and the current time. It is used for two-factor authentication.

Where do I get the Base32 secret?

When setting up 2FA on a service, they show a QR code or a Base32 string (e.g. JBSWY3DPEHPK3PXP). Paste that string here.

Only paste secrets for testing or tools you control. This page runs client-side but you should treat TOTP secrets as sensitive credentials.

TOTP Generator

Generate time-based one-time passwords (RFC 6238) from a Base32 secret key.

Base32 Secret Key

Time step (s):

Uses HMAC-SHA1 per RFC 6238. Compatible with Google Authenticator and similar apps.

Related Tools

#Hash Generator

Generate SHA-1, SHA-256, SHA-384, and SHA-512 cryptographic hashes from any text.

#HMAC Generator

Generate HMAC-SHA-256/384/512 message authentication codes using a secret key.

***Password Generator

Generate strong, random passwords with customizable options.

FAQ

What is TOTP?: TOTP (Time-based One-Time Password, RFC 6238) generates a short-lived numeric code from a shared secret and the current time. It is used for two-factor authentication.
Where do I get the Base32 secret?: When setting up 2FA on a service, they show a QR code or a Base32 string (e.g. JBSWY3DPEHPK3PXP). Paste that string here.
Is this safe to use?: Only paste secrets for testing or tools you control. This page runs client-side but you should treat TOTP secrets as sensitive credentials.

Generate TOTP codes compatible with Google Authenticator and other RFC 6238 implementations. Enter your Base32 secret, choose a time step (default 30 seconds), and see the current 6-digit code plus a countdown to the next rotation. Uses Web Crypto HMAC-SHA1 for the underlying computation.