How TOTP works
TOTP derives one-time codes from a shared secret and time-step counter (default 30s).
TOTP tool
Security toolsGenerate 6-digit rolling TOTP codes and otpauth URIs from Base32 secrets.
Updated
TOTP setup
Current code
------
Refresh in 30s
otpauth URI
Quick start
How to generate TOTP
Generate secret, view 6-digit rolling code and copy otpauth URI.
- Step 1Set issuer/account
Enter label metadata used in authenticator apps.
- Step 2Generate secret
Create a random base32 shared secret.
- Step 3Use code/URI
Use current code or otpauth URI for app enrollment.
In-depth guide
TOTP tool
Generate and validate 6-digit TOTP codes with local secret generation and otpauth URI output.
Operational hygiene
Treat secrets as sensitive; never share or log them in plaintext.
When to use it vs alternatives
Use this tool for quick browser-based work when you need an answer or output immediately. Use a dedicated application or automated workflow when you need bulk processing, approvals, or repeatable production rules.
Common pitfalls
- Check the result before replacing the original input.
- Watch for unit, format, encoding, and browser memory limits on large inputs.
- Keep a copy of important source material until the output is verified.
Privacy and security
Browser-first by design. The tool page explains any exception before you use it.
Your input is handled in the browser wherever the tool can process it locally. EpitomeTool does not add an upload step unless a tool page explicitly says so.
Frequently asked questions
Which TOTP standard is used?
RFC 6238 compatible 6-digit TOTP with 30-second period and HMAC-SHA1.
Can I import this into authenticator apps?
Yes. Use the generated otpauth URI in app import flows.
Is secret generation local?
Yes. Secrets are generated with crypto.getRandomValues in your browser.
Keep exploring
More tools you'll like
Hand-picked utilities that pair well with the one you're on — all free, client-side, and zero-signup.
More security tools
See all →- AES text encrypt/decrypt Popular New
Encrypt and decrypt text locally with AES-256-GCM and passphrase-derived keys.
- JWT generator (HS256) Popular New
Generate signed HS256 JWTs from custom header and payload JSON locally.
- Pwned password check Popular New
Check password breach exposure using Have I Been Pwned k-anonymity range API.
Popular across EpitomeTool
Browse all →- PDF toolsPDF compressor Popular
Shrink PDF file size without uploading to a server.
Open tool - Fitness & healthBMI calculator Popular
Body Mass Index with metric / imperial inputs and WHO category bands.
Open tool - PDF toolsPDF merger Popular
Combine multiple PDFs into one in your browser.
Open tool - PDF toolsPDF splitter Popular
Split a PDF by pages or page ranges, download as zip.
Open tool