ZeroUtil

TOTP Generator

Generate time-based one-time passwords (TOTP) from a base32 secret with live 30-second countdown.

How to Use the TOTP Generator

Enter your base32-encoded secret key (the key you receive when setting up two-factor authentication) and click "Generate TOTP". The tool produces a 6-digit code that refreshes every 30 seconds, with a countdown timer showing when the next code will appear.

What is TOTP?

TOTP (Time-based One-Time Password) is the algorithm behind apps like Google Authenticator, Authy, and Microsoft Authenticator. It combines a shared secret key with the current time to generate a short-lived numeric code for two-factor authentication.

How It Works

  • Secret Key — a base32-encoded shared secret between you and the service
  • Time Step — the current Unix timestamp divided by 30 seconds
  • HMAC-SHA1 — the secret and time step are combined using HMAC-SHA1
  • Truncation — the HMAC output is dynamically truncated to a 6-digit code

Frequently Asked Questions

Is my secret key sent to a server?

No. The TOTP code is computed entirely in your browser using the Web Crypto API. Your secret key never leaves your device.

Where do I find my base32 secret key?

When you enable two-factor authentication on a service, it usually shows a QR code and a text-based secret key. The text key is typically in base32 format (letters A-Z and digits 2-7). Look for an option like "Can't scan the QR code?" to reveal it.

Are the codes compatible with Google Authenticator?

Yes. This tool implements the standard TOTP algorithm (RFC 6238) with the same parameters used by Google Authenticator: 6-digit codes, 30-second intervals, and HMAC-SHA1.

Why is my code different from my authenticator app?

Make sure your device clock is accurate. TOTP codes are time-sensitive — even a few seconds of clock drift can produce different codes. Also verify you are using the correct secret key.

Is this secure enough for production use?

This tool is intended for testing and development purposes. For production 2FA, use a dedicated authenticator app that stores your secrets securely in encrypted storage on your device.

Ad

More Security & Privacy

Password Generator

Generate cryptographically secure random passwords with configurable length, character types and entropy display.

Open tool →

Password Strength Checker

Check password strength with entropy calculation, pattern detection and common password matching.

Open tool →

Security Hash Generator

Generate SHA-1, SHA-256, SHA-384 and SHA-512 hashes from text or files using the Web Crypto API.

Open tool →

CSP Header Generator

Build Content-Security-Policy headers with a visual form, presets and per-directive configuration.

Open tool →

AES Encrypt / Decrypt

Encrypt and decrypt text with AES-256-GCM and PBKDF2 key derivation, entirely in the browser.

Open tool →

RSA Key Generator

Generate RSA key pairs (2048 or 4096 bit) in PEM format using the Web Crypto API.

Open tool →