TOTP Code Generator

The TOTP Code Generator turns a Base32 shared secret into the same six- to eight-digit one-time password your authenticator app would display.

Time-based one-time passwords (TOTP, defined in RFC 6238) combine a secret key with the current time so a fresh code appears every thirty seconds; this tool reproduces that calculation faithfully, including the HMAC and the dynamic-truncation step from the underlying HOTP standard.

It is genuinely useful when you are setting up or recovering an account: paste the secret a service shows you (the long string behind the QR code), and confirm the codes here match the ones in your phone before you trust the setup.

You can adjust the digit count, the time step and the hash algorithm — SHA1, SHA256 or SHA512 — to match whatever the service specifies, since not every provider sticks to the defaults.

Crucially, everything runs locally.

The HMAC is computed in pure JavaScript inside your browser tab, so your secret is never transmitted, logged or persisted, and the tool keeps working with no connection at all.

The displayed code and a small countdown refresh every second so you always see the value that is valid right now.

Treat your TOTP secret like a password: anyone holding it can generate your codes, so only paste secrets you control.