Free online TOTP (Time-based One-Time Password) generator based on RFC 6238. Generate time-synchronized one-time passwords with custom secret keys. Supports SHA1/SHA256/SHA512 hash algorithms and 6/8-digit codes. Compatible with Google Authenticator, Microsoft Authenticator, and other authenticator apps. Pure frontend, secrets never leave your browser.
📱 Compatible URI (otpauth://):
Enter Content: Type, paste, or upload the content you want to process. All processing happens locally in your browser — no data is uploaded to any server.
Configure Options: Adjust available options and settings to customize the output format.
Get Results: Copy the result or download the file once processing is complete. All processing is done locally — no data is uploaded to any server.
TOTP (Time-based One-Time Password) is a two-factor authentication (2FA) technology based on RFC 6238. It generates dynamic verification codes using a shared secret key and the current time, refreshing every 30 or 60 seconds. TOTP codes are typically 6 or 8 digits, widely used by Google Authenticator, Microsoft Authenticator, Authy, and many online services.
① Click 'Random Secret' to generate a random Base32 key (or manually enter an existing one) ② Select hash algorithm (SHA1/SHA256/SHA512) and digit count (6/8) ③ The tool automatically generates the current code and refreshes every 30 seconds ④ Copy the otpauth:// URI to add to your authenticator app ⑤ Use the generated codes for TOTP-supported services (GitHub, Google, Facebook, etc.).
SHA1 is the default TOTP algorithm (per RFC 6238), supported by all authenticator apps, and fast. SHA256/SHA512 offer stronger security but less compatibility — most major services still use SHA1. Recommendation: Use SHA1 (6 digits, 30s step) for compatibility with existing services. Use SHA256/SHA512 for custom implementations requiring stronger security.
Functionally identical — both implement TOTP (RFC 6238) and generate the same codes. Differences: ① Web-based vs mobile app ② This tool is convenient for temporary use or testing ③ Codes are fully compatible — the same secret key produces the same code in both ④ For highly sensitive keys, use dedicated hardware authenticators.
Processing is entirely local — the secret never reaches any server. However: ① Web-based TOTP generators are not recommended for storing long-term important keys (banking, primary email 2FA) ② Use hardware security keys (YubiKey) or dedicated authenticator apps for critical accounts ③ This tool is suitable for temporary code generation, testing, and configuration verification.