TOTP Generator

What's TOTP?

Time-based One-Time Password — the 6-digit codes from authenticator apps. The server stores a shared secret per user. Both sides compute HMAC-SHA1(secret, current_time / 30) and take 6 digits from the result. As long as the clocks are roughly in sync, the codes match.

Common gotchas

• Clock drift — TOTP needs your device clock within ±30 seconds. NTP sync solves it.
• SHA-256 / SHA-512 + 7-8 digits — non-standard. Most services use defaults (SHA-1 + 6 + 30s). Only change if the service explicitly says so.
• Base32 isn't Base64 — A-Z + 2-7, no lowercase. Padding (=) is optional.

Privacy

Everything runs in your browser via SubtleCrypto. The secret is never sent anywhere.