OTP Code Generator and Validator

Generate and validate TOTP codes compatible with Google Authenticator and other authenticator apps.

Loading...
1. Enter or generate a Base32-encoded secret key for TOTP code generation. 2. Set the time step interval (default 30 seconds) and code digit length (6 or 8). 3. View the current TOTP code along with a countdown timer showing time until the next code. 4. To validate a code, enter the secret and the code to check in the verify section. 5. Scan the generated QR code with Google Authenticator or any TOTP-compatible app to add the account.

About This Tool

Time-based One-Time Passwords (TOTP) are the foundation of two-factor authentication used by millions of services worldwide. The OTP Code Generator and Validator lets you generate TOTP codes from a secret key, validate codes against a given secret, and create QR codes for easy setup with authenticator apps like Google Authenticator, Authy, and Microsoft Authenticator.

TOTP works by combining a shared secret key with the current time to produce a six-digit code that changes every 30 seconds. Both the server and the authenticator app independently compute the same code, so no communication is needed during verification. The algorithm follows RFC 6238 and is compatible with all standard TOTP implementations. You can also generate new random secret keys in Base32 format for setting up new accounts.

This tool is invaluable for developers building two-factor authentication into their applications, testing OTP verification flows, debugging authentication issues, or recovering access when an authenticator app is unavailable. All computation happens in your browser - secret keys and generated codes are never sent to any server. Be aware that anyone with access to a TOTP secret key can generate valid codes, so treat secret keys with the same care as passwords.

Frequently Asked Questions

TOTP uses a shared secret key and the current time to generate a code that changes every 30 seconds. Both the server and your authenticator app compute the same code independently. During login, you enter the current code to prove you possess the secret key.
Yes. The tool generates standard TOTP codes using the same algorithm (HMAC-SHA1 with 30-second intervals and 6-digit output) used by Google Authenticator, Authy, Microsoft Authenticator, and all RFC 6238 compliant applications.
Only if you have the original secret key. This tool computes the same TOTP codes that any authenticator app would generate from the same secret. If you have lost access to your authenticator app but saved your secret key or backup codes, this tool can help you generate valid codes.
TOTP secret keys are typically provided in Base32 encoding (using letters A-Z and digits 2-7). When you set up 2FA, the service usually shows the secret as a Base32 string or encodes it in a QR code. You can paste either format into this tool.
Yes. All TOTP computation runs entirely in your browser. Secret keys are never transmitted to any server or stored anywhere. However, treat TOTP secrets like passwords - anyone who has the secret can generate valid codes for your account.

Related Tools

Password Generator

Generate strong, secure passwords with customizable length, complexity, pronounceable options, and passphrases.

Security and Encryption

Token Generator

Generate random tokens and strings in hex, alphanumeric, URL-safe, and custom character set formats.

Security and Encryption

Hash Generator

Generate MD5, SHA-1, SHA-256, and SHA-512 hashes from any text input instantly in your browser.

Security and Encryption

HMAC Generator

Generate HMAC signatures using SHA-256, SHA-512, or MD5 with custom secret keys for message authentication.

Security and Encryption

Text Encryption and Decryption

Encrypt and decrypt text using AES-256 encryption entirely in your browser. No data sent to servers.

Security and Encryption