TOTP authenticator code generator
This is the 6-digit code an authenticator app shows you when you log in. Paste a secret key or an otpauth:// setup link to see the live code, or make a new key and scan it into your phone. Everything happens on your device, so your key is never sent anywhere.
This is just an example. The code on the right is real and changes every 30 seconds. To get your own codes, paste your secret key or setup link above.
Algorithm
Digits
Period
Current code
exampleA fresh code appears every 30 seconds, just like an authenticator app.
Why the codes match.
Your app and the website you're logging into both hold the same secret key. Every 30 seconds, each one mixes that key with the current time and gets the same short code. Because they already share the key, the code itself never has to travel between them. That's what makes it safe to type in.
In three small steps
- 1Take the current time and your secret key.
- 2Mix them together into one big number.
- 3Your code is the last few digits of that number.
Add a key
Paste your secret key or a full otpauth:// setup link. You can also make a new random key, or upload a photo of a QR code and the tool will read it.
Check the settings
Set the algorithm, number of digits, and refresh time to match your account. Most accounts use the defaults already shown, so you usually leave them alone.
Read your code
Your code shows up right away and refreshes when the ring runs out. Click it to copy, and you can see the next code before it changes.
Set up an app (optional)
Scan the QR code or copy the setup link into Google Authenticator, 1Password, Authy, or any other authenticator app.
What people use it for.
Test your login
Check that your sign-in flow accepts the codes without reaching for your phone every time.
See what's in a setup link
Paste a QR link or scan a code to check the exact key and settings a service gave you.
Get back in
Make codes from a key you saved when your phone or authenticator app isn't to hand.
Demos and testing
Create steady, repeatable codes for screenshots, walkthroughs, and automated tests.
Match these to your service.
A setup link already includes all four. If you typed in a key by hand, set these to whatever your account uses.
Algorithm
SHA-1 · SHA-256 · SHA-512
The exact method used to mix the code together. Most accounts use SHA-1. If you're not sure, leave it as it is.
Digits
6 · 7 · 8
How long the code is. Six is normal. A few services use seven or eight.
Period
30s · 60s
How often a new code appears. Thirty seconds is the standard.
Secret
Base32
Your shared key, written in the same letters and numbers an authenticator app shows you.
Your key never leaves this tab.
There's no server behind this page. The codes are worked out by your browser itself, so there's nothing to send your key to, nothing gets saved, and closing the tab clears everything. You can even turn off your internet and it keeps working.
Runs on your device
Nothing is sent
Works offline
Questions, answered plainly.
What is a TOTP code?
It's the 6-digit code that authenticator apps show for two-step login. The code is made from a secret key plus the current time, and it changes every 30 seconds. TOTP just stands for time-based one-time password.
Is this TOTP generator safe to use?
Yes. The code is worked out by your browser, and your key is never sent, saved, or shared. Close the tab and it's gone. That said, only paste keys for accounts you own, and for everyday logins it's best to keep using a real authenticator app or a hardware key.
Why doesn't my code match the one in my app?
Almost always, it's the clock. These codes depend on the exact time, so if your device's clock is off by more than a few seconds the numbers won't match. Check your clock first. If that's fine, make sure the settings here (algorithm, number of digits, and refresh time) are the same as your account's.
Can I use this instead of Google Authenticator?
It's great for testing, checking a setup, or getting in when you have the key but not your phone. For your real accounts, a proper authenticator app or hardware key is safer, because your codes won't depend on a browser tab being open.
What is an otpauth:// link?
It's the text hidden inside a 2FA QR code. It holds the key plus the settings, so pasting one here fills in everything for you. It usually starts with otpauth://totp/.
What's the difference between SHA-1, SHA-256, and SHA-512?
They're three ways of mixing the code together. SHA-1 is the most common, and it's the default here. Some services use SHA-256 or SHA-512 instead. If you're setting up a normal account, you almost never need to touch this. Just make sure it matches what your service tells you.
Can I save or share a link to my codes?
Yes. The “Copy link” button makes a link that holds your key in the part after the # sign. Browsers never send that part to a server, so it stays off our side and out of analytics. But the link still works for anyone who opens it, so treat it like the key itself: only keep it somewhere private and only share it with people you trust. Opening a link like this fills the tool in for you, and we clear it from the address bar straight away.
Do you store or see my key?
No. Nothing about your key or your codes ever leaves your browser. There is no server taking part in making the codes.
Can I make a brand-new key?
Yes. Click “Random secret” for a fresh, random key. Add a name if you like, then scan the QR code or copy the link into any authenticator app.
Building login and security into a banking product?
Techvica builds the identity, compliance, and developer tools behind UK neobanks and regulated fintech teams. If that's the kind of thing you're working on, we're happy to talk.
Where this fits on the platform
Identity & Compliance
See how Techvica handles login, identity, and the rules that come with regulated banking.
Partner KYC & AML
Look at the identity checks and screening that sit alongside strong login security.
More free tools
Browse the rest of our free tools. Small, fast, and private by default.