TOTP / 2FA Generator

Generate time-based one-time passwords for your accounts.

Secret Key (Base32)

or scan a QR code

Upload QR Image

TOTP / 2FA Code Generator

A secure, browser-based TOTP authenticator that generates time-based one-time passwords for two-factor authentication. Enter a secret key or scan a QR code — your credentials never leave your device.

Your secret keys never leave your browser. TOTP codes are generated locally using the Web Crypto API. No keys or codes are transmitted, stored, or logged. When you close the tab, the secret is gone from memory.

Features

RFC 6238 Compliant

Generates standard TOTP codes using the Web Crypto API. Compatible with Google Authenticator, Microsoft Authenticator, Authy, and all TOTP-based services.

QR Code Support

Upload a QR code image or scan one with your camera. Automatically parses otpauth:// URIs for account label, issuer, algorithm, and period.

One-Click Copy

Copy the generated code to your clipboard with a single click. Visual confirmation ensures you know the code was copied successfully.

Visual Countdown

Circular progress ring shows exactly how much time remains before the code expires. Turns red in the last 5 seconds as a warning.

How to Use

Enter Your Secret Key

Paste the Base32-encoded secret key from your service provider, or scan a QR code by uploading an image or using your camera.

Generate the Code

Click "Generate" to create a one-time password. The code appears with a countdown timer showing how long it remains valid.

Copy & Use

Click the copy button to copy the code to your clipboard, then paste it into the 2FA login field on the service you're authenticating with.

Regenerate if Expired

When the timer runs out, click "Get Code Again" to generate a fresh code with the same key, or "Enter New Key" for a different account.

Frequently Asked Questions

Is it safe to generate TOTP codes in a browser?

Yes. This tool uses the Web Crypto API (the same cryptographic engine used by banking websites) to generate HMAC-based codes. Your secret key exists only in browser memory during the session and is never stored to disk, transmitted over the network, or logged anywhere.

Is my secret key stored anywhere?

No. The secret key is held in JavaScript memory only while you're using it. When you close the tab, navigate away, or click "Enter New Key," the secret is cleared from memory. There is no localStorage, cookie, or server-side storage involved.

Does it work with Google Authenticator and other services?

Yes. This tool implements the standard TOTP algorithm (RFC 6238) and is compatible with any service that uses time-based one-time passwords — including Google, GitHub, AWS, Dropbox, Microsoft, and thousands of other services.

What algorithms are supported?

SHA-1 (default, used by most services), SHA-256, and SHA-512. When scanning a QR code, the algorithm is automatically detected from the otpauth:// URI. For manual entry, SHA-1 is used as it's the standard for nearly all TOTP implementations.

Can I scan a QR code from my phone?

Yes. Click "Scan with Camera" to open your device's camera and point it at the QR code. Alternatively, take a screenshot of the QR code and use "Upload QR Image" to import it from a file.