Free Online TOTP Code Generator

A TOTP generator computes 6-digit time-based one-time passcodes from a Base32 secret per RFC 6238 — the algorithm behind Google Authenticator, Authy and Microsoft Authenticator.

Your data is processed entirely in your browser and never sent to any server.

Instant results 100% private No signup needed

Base32 secret

Paste the Base32 secret from your 2FA setup screen (case-insensitive, spaces ignored).

How to Use This Tool

Paste the Base32 secret into the input — spaces and case don't matter.
Read the current 6-digit code in the result panel.
Watch the countdown to see when the code will refresh (every 30 seconds).
Click Copy code to copy, then paste it into the site asking for the 2FA code.

What Is a TOTP Code Generator?

TOTP (Time-Based One-Time Password, RFC 6238) is built on HOTP (RFC 4226). It takes the current Unix time, divides it into 30-second windows, computes HMAC-SHA1 of the window counter using your shared secret, then truncates the result to a 6-digit decimal code. Anyone with the same Base32 secret and a synced clock produces the same code, but without the secret the code is unpredictable.

When you scan a 2FA QR code into an authenticator app, you're storing the Base32 secret embedded in that QR. This tool lets you compute codes from that secret directly. Useful for backup access when you've lost your phone, for testing 2FA implementations during development, or for using a single hardware token's secret on multiple devices.

The Base32 secret never leaves your browser. That said, a dedicated authenticator app is a more private place to store long-lived secrets day-to-day; treat this page as a development and recovery tool. RFC 6238 Appendix B test vectors are referenced in the source.

Frequently Asked Questions

What is TOTP?

Time-based One-Time Password. It's HMAC-SHA1 over the current 30-second time window, truncated to 6 digits — the same algorithm Google Authenticator uses.

Where do I get the secret?

From the Base32 string shown when you set up 2FA on a site (often hidden behind 'Can't scan the QR?'). Keep it private.

Is this safe to use as my real 2FA?

Use a dedicated authenticator app for daily 2FA. This tool is for testing, debugging, and backup access if you lose your phone.

Published by the WeGotEveryTool team. We build and test every tool in-house and update pages when the underlying spec, formula, or recommendation changes.

Reviewed: May 2026. Disclaimer: this tool is provided as-is for general informational use. For decisions with material consequences (medical, legal, financial, security) verify results against a qualified professional source.

Related Encryption & Security

Secure Password Generator

Generate cryptographically random passwords with entropy display and custom symbol sets.

Password Strength Checker

Check password strength. Get a 0–100 score, time-to-crack estimate and specific suggestions.

API Key Generator

Generate cryptographically random API keys. Hex, Base64, Base62 or alphanumeric with optional prefix.

JWT Generator

Create signed JWT tokens with HS256, HS384 or HS512. Counterpart to the JWT decoder.

HMAC Generator

Generate HMAC (keyed-hash MAC). Verify integrity and authenticity with a shared secret key.