What is a TOTP generator?

A TOTP generator computes time-based one-time passwords from a shared base32 secret, producing the same rotating 2FA codes an authenticator app shows. This ArrayKit TOTP generator computes them live in your browser.

How do I generate a 2FA code with this TOTP generator?

Paste the base32 shared secret from your service's 2FA setup screen, set the digits, algorithm, and period to match, then read the live code. It updates every second with a countdown bar.

What secret format does the TOTP generator accept?

It accepts the base32 shared secret (letters A-Z and digits 2-7) from a service's 2FA setup screen. Spaces and padding are ignored automatically; otpauth:// URIs are not used here.

Which algorithms and digit lengths are supported?

You can choose SHA-1, SHA-256, or SHA-512, 6 or 8 digit codes, and a custom period from 5 to 120 seconds, matching almost any TOTP service.

Why does my code differ from my authenticator app?

Usually a mismatch in algorithm, digit count, period, or device clock. Align those settings and ensure your system time is accurate, since codes are tied to the current time window.

Is my TOTP secret kept private?

Yes. The TOTP generator computes codes locally with the Web Crypto API, so your secret never leaves your device and nothing is uploaded to a server. Avoid pasting real production secrets here.

TOTP / 2FA Generator

Generate time-based one-time passwords (2FA codes) from a base32 secret.

TOTP codes are computed locally in your browser with the Web Crypto API and nothing is uploaded, but avoid pasting real production 2FA secrets into any web tool.

Need to inspect an auth token? Try the JWT Decoder.

About TOTP / 2FA Generator

This TOTP generator turns a base32 secret into the same time-based one-time password your authenticator app would show, refreshing automatically every second. Paste the secret from a 2FA setup screen and instantly get a live OTP, with a countdown bar showing how long the current code stays valid. As a flexible 2fa code generator it supports SHA-1, SHA-256, and SHA-512, 6 or 8 digit codes, and custom periods, so you can match almost any service or test your own MFA implementation. It's built for developers, QA engineers, and DevOps testing two-factor login flows, debugging authenticator code generation, or verifying a server's TOTP output. Everything is computed locally in your browser with the Web Crypto API, so your data never leaves your device and there's no tracking.

Features

Generates live time-based one-time passwords from any base32 secret
Auto-refreshes the code every second with a visual validity countdown
Switch between SHA-1, SHA-256, and SHA-512 hash algorithms
Choose 6 or 8 digit codes to match your service
Custom time period from 5 to 120 seconds (default 30s)
Formats codes with spacing for easy reading and one-click copy
Computed entirely in-browser with the Web Crypto API

How to use the TOTP / 2FA Generator

Paste your base32 secret into the secret field.
Pick the digit count, hash algorithm, and period to match your service.
Read the current TOTP code shown in large digits as it refreshes.
Click the copy button to grab the code before the countdown expires.

Example

Input

Secret: JBSWY3DPEHPK3PXP
Digits: 6, Algorithm: SHA-1, Period: 30s

Output

Code: 282 760 (example for one 30s window; changes each period)

A 6-digit SHA-1 TOTP derived from a base32 secret. The actual digits depend on the current time window.

Common errors & troubleshooting

"Invalid base32 character" error when pasting a secret. — Base32 secrets only use A-Z and 2-7. Remove spaces and characters like 0, 1, 8, or 9, which often come from a mistyped or QR-decoded secret.
The generated code doesn't match the authenticator app. — Confirm the digits, period, and hash algorithm match the service. Most use 6 digits, 30 seconds, and SHA-1, but some use 8 digits or SHA-256/512.
Code is rejected even though it looked correct. — TOTP depends on the current time. Make sure your device clock is accurate; even a 30 second drift can push you into the wrong time window.
"Secret is empty" message. — Enter the base32 shared secret from your 2FA setup screen, not the otpauth:// URI. Paste only the secret string itself.

Frequently asked questions

What is a TOTP generator?: A TOTP generator computes time-based one-time passwords from a shared base32 secret, producing the same rotating 2FA codes an authenticator app shows. This ArrayKit TOTP generator computes them live in your browser.
How do I generate a 2FA code with this TOTP generator?: Paste the base32 shared secret from your service's 2FA setup screen, set the digits, algorithm, and period to match, then read the live code. It updates every second with a countdown bar.
What secret format does the TOTP generator accept?: It accepts the base32 shared secret (letters A-Z and digits 2-7) from a service's 2FA setup screen. Spaces and padding are ignored automatically; otpauth:// URIs are not used here.
Which algorithms and digit lengths are supported?: You can choose SHA-1, SHA-256, or SHA-512, 6 or 8 digit codes, and a custom period from 5 to 120 seconds, matching almost any TOTP service.
Why does my code differ from my authenticator app?: Usually a mismatch in algorithm, digit count, period, or device clock. Align those settings and ensure your system time is accurate, since codes are tied to the current time window.
Is my TOTP secret kept private?: Yes. The TOTP generator computes codes locally with the Web Crypto API, so your secret never leaves your device and nothing is uploaded to a server. Avoid pasting real production secrets here.

Related tools

JWT Decoder — Decode JWT header & payload and inspect exp / iat (no verification).
JWT Signer — Create and sign a JWT (HS256/384/512) from a payload and secret — Web Crypto.
Hash Generator — SHA-256 / SHA-1 / SHA-384 / SHA-512 via the Web Crypto API.
Password Generator — Generate strong, random passwords with a strength meter (crypto-secure).
Base64 Encode / Decode — UTF-8 safe Base64 encoding and decoding.
UUID Generator — Generate one or many random UUID v4 values.
QR Code Generator — Generate a QR code from text or a URL; download as PNG or SVG.
Unix Timestamp Converter — Convert between Unix timestamps and human dates (local + UTC).