DiffCheck

TOTP Generator Online

Generate TOTP secrets and time-based one-time passwords for 2FA authentication.

SECRET
JVZAFQQGWPX25UF56ZQMZLW6D7PSUMFR
CURRENT CODE
146683
16seconds
CONFIGURATION
OTPAUTH URI
otpauth://totp/MyApp:user%40example.com?issuer=MyApp&secret=JVZAFQQGWPX25UF56ZQMZLW6D7PSUMFR&algorithm=SHA1&digits=6&period=30

Use this URI to provision the secret in authenticator apps (scan as QR code or enter manually).

What Is a TOTP Generator?

TOTP (Time-based One-Time Password) is the algorithm behind most 2FA authenticator apps. This tool generates a random Base32 secret, computes the current 6-digit TOTP code, and shows a live countdown to the next code refresh (every 30 seconds). It also produces the otpauth:// URI you can use to provision the secret in Google Authenticator, Authy, or any RFC 6238-compatible app. All computation runs in your browser — nothing is sent to a server.

How to Use the TOTP Generator

  1. Click New Secret to generate a fresh Base32 TOTP secret.
  2. Enter your Issuer (app name) and Account (email or username).
  3. The Current Code updates every second — use it to verify the secret works.
  4. Copy the otpauth:// URI and paste it into a QR code generator, then scan with your authenticator app.
  5. Store the secret securely — it is the seed for all future codes.

Features

  • Live TOTP code — 6-digit code updates in real time with countdown
  • Expiry indicator — code turns red when 5 seconds remain
  • otpauth:// URI — ready to provision in any authenticator app
  • Configurable issuer and account — customize the label shown in your app
  • Browser-only — no data sent to any server

FAQ

What is TOTP?

TOTP (Time-based One-Time Password) is an algorithm defined in RFC 6238 that generates a short numeric code (typically 6 digits) from a shared secret and the current time. The code changes every 30 seconds and is used for two-factor authentication (2FA).

How do I use the generated secret with an authenticator app?

Copy the otpauth:// URI and scan it as a QR code using a QR code generator, or manually enter the Base32 secret into your authenticator app (Google Authenticator, Authy, etc.). The app will then generate matching TOTP codes.

Is it safe to generate TOTP secrets here?

This tool generates secrets entirely in your browser using the Web Crypto API — no data is sent to any server. For production use, generate secrets server-side and store them securely.

What is the otpauth:// URI format?

The otpauth:// URI is a standard format used to provision TOTP accounts in authenticator apps. It encodes the secret, issuer, account label, digits, and period. Most authenticator apps can import it by scanning a QR code generated from this URI.