Site Map & Documentation

Everything you need to know about 2FA auth, how it works, and how to use it safely.

Directory

Core Tools

Resources & Legal

What is TOTP?

TOTP stands for Time-Based One-Time Password. It is a computer algorithm that generates a one-time password (OTP) which uses the current time as a source of uniqueness. It is the core technology behind popular authenticator apps like Google Authenticator, Authy, and Microsoft Authenticator.

Because the password changes every 30 seconds, it provides a highly secure layer of protection known as Two-Factor Authentication (2FA). Even if a hacker steals your standard password, they cannot log into your account without also having physical access to the device generating your TOTP codes.

What is the "Secret Key"?

When you set up 2FA on a website (like GitHub, Google, or Twitter), they will show you a QR code. Hidden inside that QR code is a Base32 Secret Key (a long string of letters and numbers, like JBSWY3DPEHPK3PXP).

This key is a shared secret between the website and your authenticator app. Both sides run the exact same mathematical formula using this key and the current time. If the 6-digit number you type matches the number the website generates, it proves you own the secret key.

How to Use This Website

  1. Get your secret key: When setting up 2FA on any website, click the option that says "Trouble scanning?" or "Enter setup key manually" to view your Base32 secret.
  2. Paste the key: Paste that secret key into the text box on our homepage.
  3. Get your code: The 6-digit code will instantly appear on the screen. It updates automatically every 30 seconds.
  4. Save for later: You can click the "Save" button to store the key securely in your browser's local storage for future use.
  5. Export to Mobile: Need to move it to your phone? Click the "QR" button to generate a QR code that you can scan with Google Authenticator or Authy.

Features & Privacy (Why Use Us?)

We built this tool with absolute, uncompromising privacy in mind. Here is why you can trust it:

  • 100% Client-Side Processing: Your secret key NEVER leaves your browser. We do not send your key to our servers. The mathematics that generate the 6-digit code happen entirely inside your device's memory.
  • Zero-Knowledge Architecture: We have no database of user keys. It is physically impossible for us to leak your 2FA keys because we do not have them.
  • Offline Capable: Once the page loads, you can disconnect your internet. The generator will continue to work perfectly offline.
  • Local Storage Only: When you "Save" an account, it is saved exclusively in your browser's `localStorage`. If you clear your browser data, the accounts are gone forever.