Skip to main content
CheckTown
Dev Tools

TOTP Generator: Generate 2FA Codes from Secrets

Published 7 min read
In this article

What Is TOTP?

TOTP (Time-based One-Time Password) is a widely used algorithm for two-factor authentication. It generates a short numeric code — typically 6 digits — that changes every 30 seconds. The code is derived from a shared secret key and the current time, making it impossible to reuse or predict.

TOTP is defined in RFC 6238 and is supported by virtually every authenticator app including Google Authenticator, Authy, and Microsoft Authenticator. The shared secret is typically distributed as a Base32-encoded string or an otpauth:// URI that can be scanned as a QR code.

How Our Generator Works

CheckTown's TOTP Generator computes one-time passwords from a Base32 secret entirely in your browser. No data is ever sent to a server — your secrets stay private.

  • Paste a Base32 secret or an otpauth:// URI — the tool parses it and extracts the parameters automatically
  • See the current 6-digit code with a real-time countdown showing how many seconds remain before it expires
  • Configure algorithm (SHA-1, SHA-256, SHA-512), period (30s or 60s), and digit count (6 or 8) for non-standard setups

Try it free — no signup required

Generate TOTP Code →

When To Use a TOTP Generator

A standalone TOTP generator is essential for developers building or testing 2FA implementations, and for security-conscious users who want control over their second factor.

  • Development testing — verify your TOTP implementation generates the same codes as standard authenticator apps
  • Backup recovery — if you have the Base32 secret saved, generate codes without needing your phone or authenticator app
  • Security auditing — test TOTP endpoints with different algorithms, periods, and digit counts to verify server-side validation

Frequently Asked Questions

Is it safe to paste my TOTP secret into a web tool?

CheckTown's TOTP Generator runs entirely in your browser using the Web Crypto API. Your secret never leaves your device — there are no network requests, no server-side processing, and no logging. You can verify this by checking the network tab in your browser's developer tools.

What is an otpauth:// URI?

An otpauth:// URI is a standardized format for sharing TOTP parameters. It encodes the secret, issuer, account name, algorithm, period, and digit count in a single URL. It is the same format encoded in the QR codes you scan when setting up 2FA. Example: otpauth://totp/Example:user@example.com?secret=JBSWY3DPEHPK3PXP&issuer=Example

Why is my TOTP code different from my authenticator app?

The most common cause is a clock difference. TOTP codes depend on the current time — if your device clock is off by even 30 seconds, the codes will not match. Check that your system time is synchronized. Other causes include using the wrong algorithm (SHA-1 vs SHA-256) or period (30s vs 60s).

Related Tools

Password Generator: Create Unbreakable Passwords InstantlyStrong passwords are your first line of defense. Learn what makes a password secure and how to generate one.Read article → Hash Generator: MD5, SHA-256 and More — When to Use EachHashing is fundamental to security and data integrity. Learn which algorithm to choose and when.Read article → JWT Decoder: Inspect and Debug JSON Web Tokens OnlineJWTs power modern authentication. Learn how to decode, inspect, and debug tokens without any tools.Read article →
Back to Blog