Is this safer than my phone's authenticator app?

No. A standalone app is the better default — it survives browser cache clearing and works offline. This tool is useful for testing, integrations, and backup access.

Does this support hardware keys?

No — hardware keys use FIDO2/WebAuthn, a different protocol. This tool implements TOTP (RFC 6238) which is what authenticator apps use.

Is the secret sent anywhere?

No. The Base32 secret is decoded and the HMAC-SHA1 is computed in your browser via the Web Crypto API.

Files never leave your device

TOTP Generator

Paste a Base32 secret and get a live TOTP code — the same algorithm used by Google Authenticator and 1Password. Runs entirely in your browser.

Base32 secret

Same format apps like Google Authenticator and 1Password store.

Current TOTP

--- ---

Refreshes in 0s

How to use TOTP Generator

Paste a Base32 secret (the kind a website shows when enrolling in 2FA).
The current 6-digit code refreshes every 30 seconds.

How to use TOTP Generator

Frequently asked questions

Is this safer than my phone's authenticator app?

Does this support hardware keys?

Is the secret sent anywhere?