Is it safe to enter my real TOTP secret here?

No — never enter production secrets in online tools. Use this tool for testing with dummy secrets only. Real TOTP secrets should only be stored in dedicated authenticator apps.

Why are there previous and next codes?

TOTP validates within a small window to account for clock drift. Showing the previous and next codes helps when testing time-sensitive validation logic.

What is the difference between TOTP and HOTP?

TOTP (Time-based) generates codes based on the current time. HOTP (HMAC-based) generates codes based on a counter that increments each use. TOTP (RFC 6238) is the standard used by most authenticator apps.

TOTP / OTP Generator

Runs in browser

Generate RFC 6238 TOTP codes from a base32 secret with a live countdown.

Generate time-based one-time passwords (TOTP) in your browser using the RFC 6238 algorithm. Enter a base32 secret, set issuer and account, and get live 6- or 8-digit codes with a countdown timer.

Secret Key (base32)

Issuer

Account

Digits

Period

Current TOTP Code30s left

--- ---

------

OTPAuth URL

otpauth://totp/MyApp:user%40example.com?secret=JBSWY3DPEHPK3PXP&issuer=MyApp&digits=6&period=30

Scan this URL with any TOTP app (Google Authenticator, Authy, 1Password) to add the account.

⚠️ This is a browser-based TOTP generator for testing. Never use production secrets in online tools. For real accounts, use a dedicated authenticator app.

🔒 Runs in your browser · No uploads · Your data never leaves your device

How to use

Enter your secret
Paste the base32 secret from your service (the one you'd scan as a QR code). Or click Random to generate a test secret.
Set issuer and account
Fill in the app name and your account email — these appear in authenticator apps when you scan the OTPAuth URL.
Copy the code
The current TOTP code updates automatically every 30 seconds. The progress bar shows time remaining.

Common use cases

Testing TOTP integration in your app — Enter a dummy base32 secret to generate live TOTP codes and verify your app's TOTP validation logic accepts the correct window.
Recovering a TOTP code from a backup secret — Paste a saved base32 secret to regenerate current TOTP codes without needing an authenticator app.

Examples

Test TOTP setup
Use the default secret JBSWY3DPEHPK3PXP to see codes update in real time.
Output
```
6-digit TOTP code with 30-second countdown, plus previous and next codes
```

Frequently asked questions

Is it safe to enter my real TOTP secret here?: No — never enter production secrets in online tools. Use this tool for testing with dummy secrets only. Real TOTP secrets should only be stored in dedicated authenticator apps.
Why are there previous and next codes?: TOTP validates within a small window to account for clock drift. Showing the previous and next codes helps when testing time-sensitive validation logic.
What is the difference between TOTP and HOTP?: TOTP (Time-based) generates codes based on the current time. HOTP (HMAC-based) generates codes based on a counter that increments each use. TOTP (RFC 6238) is the standard used by most authenticator apps.

Key concepts

TOTP: Time-based One-Time Password — a temporary 6 or 8 digit code generated from a shared secret and the current time, valid for 30 seconds per RFC 6238.
Base32 secret: The shared secret encoded in Base32 (A–Z, 2–7) that seeds TOTP generation — typically scanned as a QR code in authenticator apps.

You might find these useful too.

More hashing tools

Hash Generator
Generate MD5, SHA-1, SHA-256, and SHA-512 hashes instantly.
Open