← Home
中文

TOTP / 2FA Generator

Generate Google Authenticator-style 6-digit codes

000 000

How TOTP works (RFC 6238)

  • A shared secret (Base32) is combined with the current Unix timestamp / period (default 30s) using HMAC-SHA1
  • The HMAC output is truncated to a 6-digit number
  • The code rotates every 30 seconds, in sync between server and authenticator app
  • Most services use the default: SHA-1, 6 digits, 30s period

⚠️ Security notes

  • This tool is for testing and debugging — for real account 2FA, use a dedicated app (Authy, 1Password, Google Authenticator)
  • Never paste production secrets into a browser tool — even with client-side processing, the URL could leak via history/bookmarks
  • All computation here runs locally via Web Crypto API. No network calls, no logging