TOTP (Time-based One-Time Password) is a standard (RFC 6238) for generating time-synchronized one-time passwords. It's widely used in two-factor authentication (2FA) systems like Google Authenticator, Authy, and Microsoft Authenticator.
TOTP uses HMAC algorithm (SHA1/SHA256/SHA512) combined with a shared secret key and time counter to generate one-time passwords. Codes expire after each time step, greatly enhancing account security.
Codes generated by this tool are compatible with: Google Authenticator, Authy, Microsoft Authenticator, LastPass Authenticator, 1Password, and other major 2FA apps.
TOTP (Time-based One-Time Password) is a time-synchronized one-time password that auto-refreshes every 30 seconds (configurable). It uses the same RFC 6238 standard as Google Authenticator and Authy, widely used for two-factor authentication (2FA).
Enter a secret key (Base32 encoded, e.g., JBSWY3DPEHPK3PXP), select the hash algorithm (SHA1/SHA256/SHA512) and code length (6/8 digits), then click generate. The code auto-refreshes every 30 seconds. Your secret never leaves your browser.
Functionally compatible, both follow RFC 6238. Key differences: 1) This is a web tool, no app installation needed; 2) Useful for temporary TOTP viewing or debugging; 3) Google Authenticator is better for daily 2FA use. Note: keys are stored in browser local storage and may be lost on data clear.
Supports SHA1 (default), SHA256, and SHA512. SHA1 is the default for Google Authenticator and most 2FA services, offering best compatibility. SHA256 and SHA512 provide stronger security. Choose the algorithm matching your service provider's settings.
The secret key is typically provided when enabling 2FA verification, displayed in Base32 format (e.g., JBSWY3DPEHPK3PXP). It can also be obtained by scanning a QR code during 2FA registration. Keep your secret keys secure and avoid using them in unsafe environments.