TOTP Secret & 2FA Code Generator
A free TOTP (Time-based One-Time Password) generator that produces RFC 6238-compliant secrets and renders the QR code your authenticator app expects. Generate a fresh random Base32 secret, paste an existing one to verify it works, and watch the 6-digit code refresh live in your browser. Compatible with Google Authenticator, Authy, Aegis, Microsoft Authenticator, 1Password and any RFC-compliant app.
How to use
Click "Random" for a fresh 160-bit Base32 secret, or paste an existing one to verify your authenticator setup.
These show up as the entry label in your authenticator app — e.g. "GitHub: [email protected]".
Open Google Authenticator, Authy or Aegis, tap "Add account", and scan the QR. The 6-digit code in the app should match this page.
Copy the Base32 secret to a password manager as a backup. If your phone is lost, you can restore the same TOTP entry on a new device.
Generate a 2FA secret, render the QR for any authenticator app, and watch the 6-digit code update every 30 seconds
Advanced
Features
FAQ
What is TOTP?
Time-based One-Time Password — RFC 6238. A 6-digit code derived from a shared secret and the current 30-second time window, used as the second factor for two-factor authentication.
Why is my authenticator showing a different code?
Most commonly: clock skew. Check that your phone and computer agree on the time. The TOTP algorithm is purely time-based — if clocks differ by more than 30 seconds, codes will not match.
Does my secret leave my device?
No. Both the secret and the live 6-digit code are computed inside your browser tab — no per-tick request, no server-side state. Same standard TOTP algorithm (RFC 6238) that Google Authenticator, Authy, Aegis and 1Password run on your phone.
Can I use SHA-256 or SHA-512?
You can, but most authenticator apps assume SHA-1. Google Authenticator, for example, ignores the algorithm parameter in otpauth:// URIs and always uses SHA-1. Stick to SHA-1 for maximum compatibility.
How do I back up the secret?
Copy the Base32 string into a password manager (Bitwarden, 1Password, KeePass) under the same account. If your phone is lost or you switch devices, you can restore the same TOTP entry by pasting the secret — far easier than re-enrolling 2FA on every service.
Why 6 digits and not 8?
6 is the convention for consumer 2FA — it balances brute-force resistance with manual entry effort. 8-digit codes appear on banking and high-security tokens. Use what your service requires.
We can — and it's free! Just send us a quick message with your idea. If you'd like to discuss it in detail, leave your email and we'll get back to you. You can stay anonymous.
