OneTools Online

TOTP Code Generator

OTP Code Generator - Generate TOTP Codes & QR Codes for 2FA

Free online TOTP (Time-based One-Time Password) code generator for creating secure one-time passwords compatible with Google Authenticator, Authy, and any standard authenticator app. Generate random base32 secrets, view previous/current/next TOTP codes with a real-time countdown timer, and create QR codes for instant 2FA setup on your mobile device. All TOTP generation uses standard SHA1 algorithm with 30-second time windows. 100% client-side.

Key Features of Our OTP Code Generator

πŸ” Real-Time TOTP Code Generation

Instantly generate Time-based One-Time Password codes using the standard TOTP algorithm (RFC 6238) with SHA1 and 30-second time windows.

⏱️ Visual Countdown Timer

A smooth progress bar and countdown timer show exactly how many seconds remain before the current code expires and a new one is generated.

πŸ“± QR Code for Authenticator Setup

Automatically generate a QR code from the otpauth:// URI. Scan it with Google Authenticator, Authy, or any TOTP-compatible app to set up 2FA instantly.

πŸ”„ Previous, Current & Next Codes

View the previous, current, and upcoming OTP codes side by side. Each code can be copied individually for verification or manual entry.

🎲 Random Secret Generation

Generate cryptographically secure random base32 secrets with a single click. The secret is created using the browser's native crypto API.

πŸ” Base32 Validation & Hex Conversion

The tool validates your base32 secret and displays the hexadecimal conversion, current epoch time, and iteration counter for transparency and debugging.

πŸ”Œ Compatible with All Standard Authenticators

Generated codes and QR codes are fully compatible with Google Authenticator, Authy, Microsoft Authenticator, 1Password, Bitwarden, and any app supporting the TOTP standard.

πŸ”’ 100% Private & Offline

All TOTP generation, base32 decoding, HMAC-SHA1 computation, and QR code creation happens entirely in your browser. No data is sent to any server.

What is a TOTP (Time-based One-Time Password)?

TOTP (Time-based One-Time Password) is a temporary authentication code defined in RFC 6238. It is generated by combining a shared secret key with the current time using a cryptographic hash function (HMAC-SHA1). The result is a 6-digit code that changes every 30 seconds.

TOTP is the foundation of two-factor authentication (2FA) used by apps like Google Authenticator, Authy, and Microsoft Authenticator. When you set up 2FA on a website or service, it provides a secret key (usually as a QR code or base32 string). Your authenticator app uses this secret to generate the same codes as the server, allowing you to verify your identity without sending the secret over the network.

Our OTP code generator implements the full TOTP standard, letting you generate valid codes from any secret key directly in your browser. Use it to test authenticator configurations, recover access, or understand how the TOTP algorithm works.

Why Use an OTP Code Generator?

  • 2FA Setup Verification: Verify that your authenticator app is correctly configured by comparing generated codes
  • Account Recovery: Generate codes from backup secret keys when you lose access to your authenticator device
  • Development & Testing: Test TOTP-based authentication flows during application development without needing a physical device
  • Security Auditing: Verify that systems using TOTP are properly configured by generating and validating codes
  • Educational Purposes: Learn how the TOTP algorithm works by observing the relationship between secrets, time, and generated codes
  • Offline Access: A TOTP generator that works entirely offline β€” no internet connection required after the page loads

How to Use the OTP Code Generator

StepAction
1Generate or Enter a Secret
Click the refresh button to generate a random base32 secret, or paste an existing TOTP secret key from your service provider into the Secret Key field.
2View TOTP Codes
The previous, current, and next OTP codes appear automatically. The current code is highlighted and a progress bar shows the time remaining before the next code.
3Scan the QR Code
Use your authenticator app to scan the QR code displayed on screen. This automatically configures your app with the correct secret and account details.
4Copy Codes Manually
Click the copy button next to any code to copy it to your clipboard. Use these codes to verify your authenticator setup or for manual entry into authentication forms.
πŸ’‘ Pro Tip: For maximum security, always generate and store your TOTP secrets on a trusted device. Never share your secret key or OTP codes with anyone. Enable biometric or device PIN protection on your authenticator app.

Common Use Cases

πŸ” 2FA Setup Verification

Check that your authenticator app is correctly synchronized by comparing the generated TOTP codes with your authenticator app during initial setup.

πŸ”‘ Account Recovery

Generate TOTP codes from backup secret keys stored in password managers or printed recovery sheets to regain access to accounts.

πŸ’» Developer Testing

Test TOTP-based authentication in your applications during development. Validate that your server-side TOTP implementation produces correct codes.

πŸ” Security Auditing

Audit organizational 2FA configurations by verifying that secrets are properly encoded and TOTP codes are generated correctly across different platforms.

πŸŽ“ Learning & Education

Understand the TOTP algorithm by observing how different secrets produce different codes and how the counter changes over time.

πŸ“± Offline 2FA Token Generation

Use this tool as an offline TOTP generator when you need a second authentication factor but don't have your phone available.

Frequently Asked Questions About OTP & TOTP

What is the difference between TOTP and HOTP?

TOTP (Time-based One-Time Password) and HOTP (HMAC-based One-Time Password) are both one-time password algorithms defined in RFC 6238 and RFC 4226, respectively. The key difference is the counter: TOTP uses the current time divided by a time step (usually 30 seconds) as the moving factor, while HOTP uses an event counter that increments with each code generation. TOTP is more common for modern 2FA because codes change automatically without user interaction. HOTP is typically used in scenarios where time synchronization isn't guaranteed. Our generator implements the TOTP variant, which is the most widely used standard.

How does the TOTP algorithm work?

The TOTP algorithm works in four steps: (1) The current Unix timestamp is divided by the time step (30 seconds by default) to get a counter value. (2) This counter is combined with the shared secret key using HMAC-SHA1 to create a hash. (3) The hash is truncated using a process called 'dynamic truncation' to extract a 31-bit binary value. (4) This value is then reduced modulo 10^6 to produce a 6-digit code. The entire process is deterministic β€” the same secret and time will always produce the same code. This allows servers and authenticator apps to generate matching codes without communicating.

Is the TOTP code generator compatible with Google Authenticator and Authy?

Yes, absolutely. Our TOTP generator uses the standard SHA1 algorithm with a 30-second time step and generates 6-digit codes β€” exactly the same parameters used by Google Authenticator, Authy, Microsoft Authenticator, 1Password, Bitwarden, and all standard TOTP-compatible apps. The QR code generated by our tool uses the standard otpauth:// URI format that all authenticator apps recognize. Simply scan the QR code with your preferred authenticator app, and it will be configured automatically with the correct secret.

Is it safe to use this OTP generator with my real 2FA secrets?

Yes, this tool is safe for use with real secrets because all processing is done 100% client-side in your browser. Your secret key never leaves your device β€” it is not transmitted over the network, stored in any database, or sent to any server. The HMAC-SHA1 computation, base32 decoding, QR code generation, and all other operations happen locally using JavaScript. However, always follow security best practices: do not use this tool on a shared or untrusted computer, clear the secret when you are done, and use a dedicated authenticator app on your phone for daily 2FA needs.

Can I change the number of digits or the time step?

The current version uses the most common TOTP configuration: SHA1 algorithm, 6-digit codes, and 30-second time step. These are the default parameters used by Google Authenticator, Authy, and the vast majority of services. While the TOTP standard does support different algorithms (SHA256, SHA512), digit lengths (8 digits), and time steps (60 seconds), these variations are rarely used in practice. Most services and authenticator apps expect the standard SHA1/6-digit/30-second configuration. If you have specific requirements, the tool can be extended to support these options.

Master Two-Factor Authentication with Our OTP Generator

The OTP Code Generator from OneTools Online provides everything you need to work with TOTP two-factor authentication. Whether you are setting up 2FA for the first time, testing an application's authentication flow, or recovering access to an account using a backup secret, this tool has you covered. With real-time TOTP code generation, QR code display, visual countdown timer, and 100% client-side processing, you can manage your authentication needs securely and efficiently. Try it now β€” no registration, no installation, just a reliable offline OTP generator.