TOTP / 2FA Code Generator
Generate and verify time-based one-time passwords (TOTP) for two-factor authentication. Compatible with Google Authenticator, Authy and more.
Check if a code matches the current, previous, or next time window.
Use this URI for QR code generation or to import into authenticator apps.
What is TOTP?
Time-based One-Time Password (TOTP) is an algorithm defined in RFC 6238 that generates a short numeric code from a shared secret and the current time. It is the standard behind Google Authenticator, Authy, and most 2FA apps.
How it works
The current Unix time is divided by the period (usually 30 seconds) to get a counter. This counter is HMAC-signed with your secret key, then dynamically truncated to produce a 6 or 8 digit code that changes every period.
Security notes
Your secret key never leaves your browser. All TOTP computation happens client-side using the Web Crypto API. Never share your secret key. For production use, always store secrets securely and use HTTPS.
How to Use TOTP/2FA Code Generator
The TOTP Generator creates time-based one-time passwords compatible with two-factor authentication systems like Google Authenticator and Authy. Enter a shared secret key to generate valid 6-digit codes that refresh every 30 seconds. This tool is useful for developers testing 2FA implementations.
Open the TOTP Generator
Navigate to the TOTP/2FA Code Generator from the cybersecurity tools menu. The tool provides a clean interface for entering secrets and viewing generated codes.
Enter the Shared Secret
Paste or type the base32-encoded secret key that was provided during 2FA setup. This is the same key you would normally scan as a QR code in an authenticator app.
Configure Parameters
Optionally adjust the time step (default 30 seconds), code length (default 6 digits), and hash algorithm (default SHA-1) to match your authentication system requirements.
View the Generated Code
The tool displays the current TOTP code along with a countdown timer showing how many seconds remain before the code expires and a new one is generated.
Copy and Use the Code
Copy the displayed code and enter it into the login form or API endpoint requiring two-factor authentication before the timer expires.
Common Use Cases
Testing 2FA Implementations
Developers can verify that their server-side TOTP validation logic works correctly by generating codes from the same shared secret.
Recovering Access During Migration
Generate TOTP codes from a backed-up secret key when migrating authenticator apps between devices or after losing a phone.
Debugging Authentication Issues
Compare codes generated by this tool with those from an authenticator app to diagnose time synchronization or configuration mismatches.
Automated Testing Pipelines
Extract and use TOTP secrets in CI/CD test scripts that need to authenticate against 2FA-protected staging environments.
Pro Tips
- -TOTP codes are time-sensitive, so make sure your device clock is accurately synchronized. Even a few seconds of drift can cause codes to be rejected.
- -Never share your TOTP secret key. Anyone with the secret can generate valid codes for your account without needing your authenticator app.
- -This tool is ideal for developers testing 2FA flows; avoid using it as a primary authenticator for production accounts.
- -If your codes are consistently rejected, check whether the service uses a non-standard time step or digit count and adjust the settings accordingly.
You might also like
Ping Tool
Measure response time and availability of any URL or domain.
CybersecurityHTTP Headers Viewer
Inspect HTTP response headers of any URL.
CybersecurityBox Shadow Generator
Design CSS box shadows with live preview and code output.
DeveloperCSS Gradient Generator
Create linear and radial CSS gradients with a visual editor.
Developer