This website allows you to generate a TOTP Token from either
a single TOTP secret code or a list of OTPAuth url.
This page has no external dependency and can run on its own.
It runs completely in your browser and can be used offline.
This site is currently online.
Although we don't collect any code / data from this page, we recommend that you run it offline if you are going to use it for real codes.
You can just directly save this page or download this page from the links below and use it offline.
If the link does not prompt for a download,
you can right click it and then save the link target as totp.html
(or any other file name).
: uncompressed-js version (40KB)
: compressed-js version (24KB)
: original author's code, without OTPAuth url fetcher (18KB)
When you enable two factor authentication for a service or a website,
write down the secret that is displayed next to the QR code.
You can enter the secret on this page when you need a token.
Most codes are only valid for 30 seconds but most servers accept them a few minutes longer,
so ensure that your clock is set accurately.
Most services / websites will give you a Base32 code, with 30 seconds refresh period and ask for 6 digits,
which means you can leave these three fields as-is.
Bookmarks
Your input is stored in the URL when you generate a token. This means you can set a bookmark to that specific URL to have the fields pre-filled. This allows you to store tokens in form of bookmarks. Example Bookmark Link
Securely using TOTP
Do not blindly enable Two factor authentication.
Be sure you can get access in case you lose your device.
Backup Device :
If you can, register the same token on multiple devices.
Don't rely on the backup/sync of the device.
Password Manager :
You can store the secret code and settings in a password manager.
The idea of Two Factor authentication is that you need to posess a device with the secret on it.
To not subvert this principle,
use a different computer to store the password file.
"Backdoor" access :
When enabling Two Factor Authentication,
be sure the website gives you a way to log in if you lose the device.
You can often enable multiple Two factor logins at once.
As long as you are able to proceed with one of them you should get in.
Most TOTP apps (like Google Authentication, Aegis, etc) have an option to export your TOTP database into a list of OTPAuth url. These urls will have at the very least your secret code. But most of the times they will also include issuer, username, algo, etc. You can use that OTPAuth file and load it to this page to fetch a token.
How To Use
Load OTPAuth List From File :
Load your OTPAuth file into the page. It will be shown in textarea after you successfully loaded it. Optionally, you can just type any OTPAuth url into the textare directly.
Save List To File :
Save the text in textarea into a file.
Fetch Token From OTPAuth List :
If the text in textarea are valid OTPAuth urls, this page will process them and build a select option according to them. Select option will consist of issuer - username. If none are available, it will just say Secret Code : YourSecretCode. And then this page will fetch a token according to select option you have choosen.
Custom OTPAuth Source
You can change the default value of OTPAuth url in the textarea. It is very useful if your saving this page on your computer, your smartphone or your own website. Everytime you open the page, it will load your desired data. There are 2 ways to set the value :
Add Variable Directly Into The Page
Add a javascript code to set a value for variable otpauthsource
<script>
var otpauthsource = `otpauth://totp/GitServer:Dev123?secret=CCBBDDAA5432&issuer=GitServer&digit=7&period=5`;
</script>
Add JS File Containing The Variable
Create a js file that contain the variable otpauthsource. In this example, the file is named otpauthfile.js
<script type="text/javascript" src="otpauthfile.js"></script>
Then in the file, you declare the variable
var otpauthsource = `otpauth://totp/GitServer:Dev123?secret=CCBBDDAA5432&issuer=GitServer&digit=7&period=5`;