DiffCheck

TOTP Generator Online

生成 TOTP 密钥和基于时间的一次性密码,用于双因素认证。扫描二维码可直接导入 Google Authenticator 等应用。

密钥
W5TI6EOQI6WIQYQ4LWDXLV62IHBXVU4G
当前验证码
909913
26
配置
OTPAUTH URI
otpauth://totp/MyApp:user%40example.com?issuer=MyApp&secret=W5TI6EOQI6WIQYQ4LWDXLV62IHBXVU4G&algorithm=SHA1&digits=6&period=30

可将此 URI 扫描为二维码或手动输入到身份验证器应用。

二维码

用 Google Authenticator、Authy 或任意 TOTP 应用扫描

What Is a TOTP Generator?

TOTP (Time-based One-Time Password) is the algorithm behind most 2FA authenticator apps. This tool generates a random Base32 secret, computes the current 6-digit TOTP code, and shows a live countdown to the next code refresh (every 30 seconds). It also produces the otpauth:// URI you can use to provision the secret in Google Authenticator, Authy, or any RFC 6238-compatible app. All computation runs in your browser — nothing is sent to a server.

How to Use the TOTP Generator

  1. Click New Secret to generate a fresh Base32 TOTP secret.
  2. Enter your Issuer (app name) and Account (email or username).
  3. The Current Code updates every second — use it to verify the secret works.
  4. Copy the otpauth:// URI and paste it into a QR code generator, then scan with your authenticator app.
  5. Store the secret securely — it is the seed for all future codes.

Features

  • Live TOTP code — 6-digit code updates in real time with countdown
  • Expiry indicator — code turns red when 5 seconds remain
  • otpauth:// URI — ready to provision in any authenticator app
  • Configurable issuer and account — customize the label shown in your app
  • Browser-only — no data sent to any server

FAQ

What is TOTP?

TOTP (Time-based One-Time Password) is an algorithm defined in RFC 6238 that generates a short numeric code (typically 6 digits) from a shared secret and the current time. The code changes every 30 seconds and is used for two-factor authentication (2FA).

How do I use the generated secret with an authenticator app?

Copy the otpauth:// URI and scan it as a QR code using a QR code generator, or manually enter the Base32 secret into your authenticator app (Google Authenticator, Authy, etc.). The app will then generate matching TOTP codes.

Is it safe to generate TOTP secrets here?

This tool generates secrets entirely in your browser using the Web Crypto API — no data is sent to any server. For production use, generate secrets server-side and store them securely.

What is the otpauth:// URI format?

The otpauth:// URI is a standard format used to provision TOTP accounts in authenticator apps. It encodes the secret, issuer, account label, digits, and period. Most authenticator apps can import it by scanning a QR code generated from this URI.