DevKitOTP ToolsTOTP Generator

TOTP Generator

Generate Time-based One-Time Passwords (TOTP) from a Secret Key.

SHA1 (Default)
UPDATING IN 30s
Copy Token

TOTP Generator Online

This is an online generator of one-time passwords, based on the TOTP (RFC 6238) algorithm. It serves as a web-based analog of the Google Authenticator mobile application.

Our generator has no server code. It is a set of static scripts that work only in your browser. Therefore, we do not have registration, and all your data is stored only in your browser and no one except your browser has access to it.

Privacy and Security: Secret codes are stored only in your browser and are not transmitted anywhere. A leak of secret codes on our side is technically impossible.

How to connect

An application using one-time passwords based on the TOTP algorithm must provide a secret key. Add this secret key to our generator. The application name can be specified so you understand which particular application a one-time password is generated for. After the application is added, we will generate one-time passwords for this application every 30 seconds.

How to use

When the connected application requests a one-time password, look at the current one-time password for this application and enter it into the needed field in the application. You can simply click on the current one-time password, it will be copied to clipboard, then simply paste the password into the needed field.

Caution! The TOTP algorithm is tied to the current time. We will generate the correct one-time passwords only if the time on your device is set correctly.

Frequently Asked Questions

Is this tool privacy-focused?
Yes, all TOTP generation happens client-side in your browser. Your secret key never leaves your device.
Is my data stored on your servers?
No. All data is stored only in the memory of your browser. When you clear your browser cache or reinstall your browser, all your data on the generator will be deleted. Do not forget to save your secret keys in a safe place and make backup copies.
Does the app collect any personal data?
We may collect anonymized and aggregated visit statistics to understand our audience and determine needed improvements. However, we do not collect any personal data.
What happens if my device time is incorrect?
The TOTP algorithm relies heavily on the current time. If the time on your device is not synchronized correctly, the generated one-time passwords will be invalid and will not be accepted by your authentication provider.
What format should the Secret Key be in?
The secret key should be in Base32 format. This is the standard format used by most TOTP providers and typically looks like "JBSWY3DPEHPK3PXP".
Which TOTP algorithm is used?
By default, the tool uses HMAC-SHA1 as specified in RFC 6238, but you can select SHA-256 or SHA-512 for enhanced security.
Can I use this for Google Authenticator or similar apps?
Yes, this tool implements the same TOTP algorithm used by Google Authenticator, Authy, Microsoft Authenticator, and other 2FA apps.