Make Tools
⏱️

TOTP Code Generator

Generate Time-based One-Time Passwords (TOTP) as defined in RFC 6238 (HOTP RFC 4226 + time step). TOTP uses an HMAC-SHA-1 hash of a shared base32 secret key combined with the current Unix time divided by 30 seconds. The resulting 6-digit code is compatible with Google Authenticator, Authy, Microsoft Authenticator, and all RFC 6238-compliant authenticator apps. All computation uses the Web Crypto API client-side.

TOTP codes refresh every 30 seconds. All processing happens in your browser.

— bookmark it to auto-fill next time

Frequently Asked Questions

What is TOTP?
TOTP (Time-based One-Time Password), defined in RFC 6238, extends the HOTP algorithm (RFC 4226) by using a time-based counter instead of an event counter. The algorithm computes HMAC-SHA-1 of the shared secret with a 30-second time step, then truncates the result to 6 decimal digits. Codes change every 30 seconds and are valid for a brief window (typically +/- 30 seconds) to account for clock drift. TOTP is the standard for two-factor authentication (2FA) in most online services.
Is my secret safe?
Yes, the secret is processed entirely in your browser using the Web Crypto API. It is never transmitted anywhere.
Why does the code change?
TOTP codes are valid for 30 seconds. The timer shows remaining time. After expiration, a new code is generated based on the current time step.

Related Tools

🔑Strong Password Generator🔒AES Encryption & Decryption🎲Random Token Generator

How to Use

  1. 1 Enter a base32-encoded secret key (the same one used in your authenticator app).
  2. 2 The tool generates the current 6-digit TOTP code (RFC 6238).
  3. 3 View the countdown timer showing seconds until the next code.
  4. 4 Use for testing 2FA implementations or verifying authenticator setups.