TOTP Authenticator

TOTP (Time-based One-Time Password, RFC 6238) is the algorithm behind 2FA apps like Google Authenticator and Authy — it derives a 6-digit code from a Base32-encoded secret and a 30-second time window. This tool generates the same codes locally in your browser, useful for testing TOTP integrations during development or for emergency access during a pentest engagement when a hardware authenticator isn't at hand.

The secret is held only in your browser's memory and never transmitted. Codes refresh automatically every 30 seconds; the remaining time on the current window is shown so you know whether to wait for the next code.

Secret Key (Base32)

Enter the Base32-encoded secret key from your authenticator setup (e.g. from a QR code URI).

Enter a Base32 secret key to generate TOTP codes

Features

Auto-Refresh

Codes automatically refresh every 30 seconds with a visual countdown timer.

Standard TOTP

RFC 6238 compliant. Compatible with Google Authenticator, Authy, and all standard 2FA implementations.

Secure

All TOTP generation happens locally using Web Crypto API. Your secret keys never leave your browser.