OTP Generator

Generate Time-based One-Time Passwords (TOTP) for two-factor authentication.

About TOTP

Time-based One-Time Password (TOTP) is a standard algorithm for generating temporary codes used in two-factor authentication.

The codes change every 30 seconds (by default) and are derived from a shared secret key using HMAC-SHA1.

This implementation follows RFC 6238 and is compatible with Google Authenticator, Authy, and similar apps.

What Is a Time-Based One-Time Password (TOTP)?

A Time-based One-Time Password (TOTP) is a short numeric code — typically 6 or 8 digits — that is valid for only a brief window of time, usually 30 or 60 seconds. Once that window expires, the code is gone forever and a brand-new one takes its place. This ephemeral nature is precisely what makes TOTP so effective as a second authentication factor: even if an attacker intercepts a code, it is worthless the moment the time window closes.

TOTP is standardised under RFC 6238, published by the IETF, and is built on top of HMAC-Based One-Time Password (HOTP, RFC 4226). The algorithm requires only two shared pieces of information between the server and the authenticator device: a secret key (encoded in Base32) and the current UTC time. Because both sides independently derive the same counter from the wall clock, they can compute the same OTP without any real-time communication — making TOTP both secure and network-independent.

This OTP generator follows RFC 6238 exactly and is compatible with Google Authenticator, Authy, Microsoft Authenticator, Bitwarden, and any other standard TOTP app. You can generate a random secret key, choose 6 or 8 digit output, and select a 30-second or 60-second period to match your server's configuration.

Two-factor authentication (2FA) using TOTP dramatically reduces account takeover risk. Even if your password is stolen in a data breach, an attacker cannot log in without simultaneous access to the live OTP. This layer of defence is recommended by security agencies worldwide, including NIST SP 800-63B.

TOTP Calculation (RFC 6238)

OTP = (HOTP(secret, counter) % 10^digits).padStart(digits, '0') where counter = floor(unixTimestamp / period)

Where:

  • unixTimestamp= Current Unix time in whole seconds (Date.now() / 1000)
  • period= Time step in seconds (30 or 60); configurable
  • counter= floor(unixTimestamp / period) — the current time step index
  • secret= Shared Base32-encoded key, decoded to raw bytes
  • HMAC-SHA-1= 20-byte HMAC signature of the 8-byte big-endian counter using the secret key
  • offset= hmac[19] & 0x0F — dynamic truncation offset derived from last nibble of HMAC
  • binary= 31-bit integer extracted from 4 bytes at offset: ((hmac[offset] & 0x7F) << 24) | (hmac[offset+1] << 16) | (hmac[offset+2] << 8) | hmac[offset+3]
  • digits= OTP length, either 6 or 8

How the TOTP Algorithm Works Step by Step

Understanding the mechanics behind TOTP helps you appreciate why it is so secure and why you should never share your secret key. Here is a walkthrough of the exact algorithm this tool runs in your browser:

  1. Determine the time step counter. Divide the current Unix timestamp (whole seconds since 1970-01-01 00:00:00 UTC) by the period (30 or 60 seconds) and take the floor. For example, at Unix time 1,717,000,020 with a 30-second period, counter = floor(1,717,000,020 / 30) = 57,233,334.
  2. Encode the counter as 8 bytes, big-endian. The counter integer is packed into a fixed-length 8-byte buffer, most-significant byte first. This is the message that will be authenticated.
  3. Decode the Base32 secret. Each Base32 character maps to 5 bits. The string is decoded into raw bytes that form the HMAC key. Valid characters are A–Z and 2–7 (32 possible values = 2^5).
  4. Compute HMAC-SHA-1. The Web Crypto API signs the 8-byte counter with the decoded secret using the HMAC-SHA-1 algorithm. The result is a 20-byte (160-bit) hash.
  5. Dynamic truncation. The offset is determined by the last 4 bits of the 20th HMAC byte: offset = hmac[19] & 0x0F. Four consecutive bytes starting at that offset are read: the high bit of the first byte is masked to zero (to avoid sign issues), producing a 31-bit integer called binary.
  6. Extract the OTP. Take binary modulo 10^digits. This gives a number in the range [0, 10^digits − 1]. Left-pad with zeros to the required number of digits.

Because every step is deterministic given the same secret and the same time window, both your browser and a remote server arrive at identical codes without any round-trip. The cryptographic strength of HMAC-SHA-1 and the short validity window together ensure that brute-forcing or predicting codes is computationally infeasible in practice.

Base32 Secret Keys — Generation and Storage

The secret key is the heart of TOTP security. This tool generates a 20-byte (160-bit) random secret using the browser's crypto.getRandomValues(), which draws from a cryptographically secure pseudorandom number generator (CSPRNG). Each byte is mapped to a Base32 character by computing byte % 32, yielding a 20-character string drawn from the alphabet A–Z and 2–7.

Base32 encoding is used rather than Base64 because it is case-insensitive and avoids characters that are easily confused (0, 1, 8, 9, and lowercase letters). This makes manual entry into authenticator apps less error-prone. The valid Base32 alphabet for TOTP is strictly A–Z and 2–7; any other character is stripped automatically when you type or paste a key.

How to store your secret safely

  • Never share your secret key over email, SMS, or chat — treat it like a password.
  • Store it in an encrypted password manager (Bitwarden, 1Password, KeePassXC) alongside your account credentials.
  • When registering TOTP on a website, save the secret before scanning the QR code so you can recover access if you lose your device.
  • If you suspect a secret has been compromised, immediately disable TOTP on the associated account and re-enrol with a fresh secret.

A 20-byte secret provides 160 bits of entropy — far beyond what any current or near-future computing system can brute-force. Even a 10-byte (80-bit) secret, which some older systems still use, remains practically unbreakable through exhaustive search. The real attack vectors are phishing (entering a real OTP on a fake site) and secret leakage, not cryptanalysis.

Choosing OTP Length and Time Period

This tool offers two configurable parameters that must match your server's TOTP settings exactly, or the codes will not validate.

OTP Length: 6 vs. 8 Digits

6 digits is the most common choice and the default in RFC 6238. It provides 1,000,000 possible values per time window, which is more than sufficient given that most servers rate-limit and lock accounts after a few failed attempts. The vast majority of websites — Google, GitHub, Dropbox, AWS — use 6-digit TOTP.

8 digits provides 100,000,000 possible values, reducing the guessing probability by a factor of 100. It is sometimes used by high-security or enterprise systems. If you enter the wrong length here, the code you generate will never match the server's expectation.

Time Period: 30 vs. 60 Seconds

The 30-second period is the standard defined in RFC 6238 and used by almost all TOTP implementations. A 30-second window balances security (short enough to limit replay attacks) with usability (enough time to read and type a 6-digit code).

A 60-second period doubles the window, giving users more time to enter the code — useful for accessibility or slow-input scenarios. Some enterprise platforms and hardware tokens use a 60-second period. Using the wrong period produces a counter that is off by a factor of two, so every generated code will be wrong.

The countdown bar in this tool shows exactly how many seconds remain in the current window. When it hits zero, a new code is generated automatically and the bar resets.

TOTP Security — Best Practices and Limitations

TOTP dramatically improves account security but is not invulnerable. Understanding its strengths and limitations helps you deploy it responsibly.

Strengths

  • No network required: Codes are generated entirely offline on the client device, eliminating SMS interception attacks (SIM-swapping, SS7 exploitation).
  • Short validity: A stolen OTP becomes useless within 30–60 seconds.
  • Open standard: RFC 6238 / RFC 4226 are publicly audited and widely implemented, reducing the risk of implementation flaws.
  • Phishing resistance (partial): Unlike static passwords, replaying a captured OTP on the real site within the same window is difficult but not impossible.

Limitations

  • Real-time phishing: Sophisticated attackers can relay the OTP to the real site within the 30-second window (adversary-in-the-middle attacks). Hardware security keys (FIDO2/WebAuthn) are the gold standard against this.
  • Clock skew: If your device's clock drifts significantly, codes will not match. Most servers allow a ±1 step tolerance, but large drift will cause failures. Keep your system clock synchronised (NTP).
  • Secret backup: If you lose your device without a backup of the secret, you may be locked out. Always store the secret in a second secure location.
  • In-browser security: This tool performs all computation locally in your browser using the Web Crypto API — your secret is never sent to any server. Always verify you are on the correct URL before entering secrets.

For accounts where security is paramount — financial services, cloud infrastructure, email — combine TOTP with a strong unique password and consider upgrading to a FIDO2 hardware key for the highest level of phishing resistance.

TOTP vs. HOTP vs. SMS OTP — Which Should You Use?

Not all one-time password systems are equal. Here is a comparison of the three most common OTP methods to help you choose the right approach.

Feature TOTP (RFC 6238) HOTP (RFC 4226) SMS OTP
Counter type Time (clock) Event (increment) Server-generated
Network required No No Yes (cellular)
Code validity 30–60 seconds Until used Minutes (server-set)
SIM-swap risk None None High
Replay window One time step Counter sync range Varies
Standard RFC 6238 RFC 4226 Proprietary

TOTP is generally preferred over HOTP because the time-based counter self-synchronises — there is no risk of the client and server counters drifting apart through missed increments. SMS OTP should be avoided for high-value accounts because it is vulnerable to SIM-swapping, SS7 attacks, and malware. TOTP via an authenticator app is the current best practice for widely-supported 2FA, with FIDO2/passkeys being the emerging gold standard.

Worked Examples

6-Digit OTP with 30-Second Period

Problem:

At Unix timestamp 1,717,000,020, with a 30-second period and a secret key JBSWY3DPEHPK3PXP, what is the current time step counter?

Solution Steps:

  1. 1Convert timestamp to seconds: 1,717,000,020 seconds since Unix epoch.
  2. 2Divide by period: 1,717,000,020 / 30 = 57,233,334.0
  3. 3Floor the result: counter = 57,233,334
  4. 4Encode counter as 8-byte big-endian: [0x00, 0x00, 0x00, 0x00, 0x03, 0x6A, 0x59, 0x86]
  5. 5Base32-decode JBSWY3DPEHPK3PXP to raw bytes: [0x48, 0x65, 0x6C, 0x6C, 0x6F, 0x21, 0xDE, 0xAD, 0xBE, 0xEF]
  6. 6Compute HMAC-SHA-1(key, counter_bytes) → 20-byte digest
  7. 7Read last nibble of digest as offset; extract 4 bytes; mask high bit to get binary integer
  8. 8OTP = (binary % 1,000,000).padStart(6, '0') — 6-digit code valid for the current 30-second window

Result:

The time step counter is 57,233,334. The 6-digit OTP is derived from the dynamic truncation of HMAC-SHA-1 applied to this counter and the decoded secret — it changes every 30 seconds as the counter increments by 1.

8-Digit OTP with 60-Second Period

Problem:

At Unix timestamp 1,717,000,080 with a 60-second period, what is the counter, and how does the 8-digit OTP differ from a 6-digit one?

Solution Steps:

  1. 1Divide timestamp by period: 1,717,000,080 / 60 = 28,616,668.0
  2. 2counter = floor(28,616,668.0) = 28,616,668
  3. 3Encode as 8-byte big-endian buffer and compute HMAC-SHA-1 as usual
  4. 4Dynamic truncation yields the same binary integer regardless of output length
  5. 5For 6 digits: OTP = binary % 10^6 = binary % 1,000,000
  6. 6For 8 digits: OTP = binary % 10^8 = binary % 100,000,000
  7. 7Left-pad both with zeros to the required digit count
  8. 8The 8-digit OTP contains 100× more possible values (100,000,000 vs 1,000,000)

Result:

The counter is 28,616,668. The 8-digit OTP is the same binary integer modulo 100,000,000, padded to 8 characters. The first 6 digits of the 8-digit code generally differ from a standalone 6-digit code because the modulus is different.

Time Remaining Within a 30-Second Window

Problem:

If the current Unix time in whole seconds is 1,717,000,045, how many seconds remain in the current 30-second TOTP window?

Solution Steps:

  1. 1Compute position within window: 1,717,000,045 % 30 = 15 (remainder when dividing by period)
  2. 2Seconds elapsed in window = 15
  3. 3Seconds remaining = 30 − 15 = 15 seconds
  4. 4The code bar fills from right: 100% at the start, then shrinks to (remaining / period) × 100% = (15/30) × 100% = 50%
  5. 5When remaining equals the period (i.e., remainder = 0), a new OTP is generated and the bar resets to 100%

Result:

15 seconds remain in the current window. The progress bar displays at 50% fill. The OTP will refresh when the Unix timestamp next becomes divisible by 30.

Counter Change Rate at Different Periods

Problem:

How many times does the TOTP counter increment per hour for a 30-second period vs. a 60-second period?

Solution Steps:

  1. 1Seconds in one hour: 3,600
  2. 2Increments per hour at 30-second period: 3,600 / 30 = 120
  3. 3Increments per hour at 60-second period: 3,600 / 60 = 60
  4. 4Each increment produces a completely new, independent OTP
  5. 5Over 24 hours: 30-second period → 2,880 unique codes; 60-second period → 1,440 unique codes

Result:

With a 30-second period the counter increments 120 times per hour (2,880 per day). With a 60-second period it increments 60 times per hour (1,440 per day). More frequent changes mean a shorter replay window for an intercepted code.

Tips & Best Practices

  • Always store the Base32 secret in your password manager as soon as you generate or receive it — recovery is impossible without it.
  • Match the OTP length (6 or 8 digits) and period (30 or 60 seconds) exactly to your server's settings; a mismatch produces valid-looking but always-wrong codes.
  • Generate a new random secret for each account or service — never reuse the same TOTP secret across multiple sites.
  • If codes stop working, check your device's system clock first — even a 60-second drift can invalidate codes if the server only allows one step of tolerance.
  • The countdown bar turning red means 5 seconds remain; wait for the new code before entering if possible, to avoid a race with the server's clock.
  • For development and testing, use a 60-second period to give yourself more time to copy and paste codes without them expiring mid-test.
  • Use 8-digit TOTP for higher-security internal systems — the extra two digits reduce the per-window guessing probability from 1-in-1,000,000 to 1-in-100,000,000.
  • Never enter your TOTP secret into any browser tool unless you are certain you are on a trusted, HTTPS-secured page — phishing sites harvest secrets, not just passwords.

Frequently Asked Questions

No. All TOTP computation runs entirely in your browser using the Web Crypto API (<code>crypto.subtle</code>). Your secret key never leaves your device and is never transmitted over the network. You can even disconnect from the internet after loading the page and the tool will continue to generate correct codes.
The most common cause is a time step mismatch — make sure you are using the same period (30 or 60 seconds) and the same OTP length (6 or 8 digits) as your authenticator app and server. The second most common cause is clock skew: if your device's system clock is off by more than 30 seconds, the counter will be wrong and codes will not match. Sync your device clock via NTP and try again.
Base32 is an encoding scheme that represents arbitrary bytes using only the 32 characters A–Z and 2–7. It is used for TOTP secrets because it is case-insensitive, avoids ambiguous characters (like 0/O and 1/l), and is easy to type manually without errors. When the page strips non-Base32 characters from your input, it is enforcing this alphabet to prevent invalid keys.
This tool is designed for testing, development, and learning about TOTP. For production use, enrol your account using the QR code or secret key provided by the service you want to protect and scan or enter it directly into a dedicated authenticator app (Google Authenticator, Authy, Bitwarden, etc.). Those apps persist your secrets securely across sessions and provide backup/restore features, which this in-browser tool does not.
HMAC-SHA-1 produces a 20-byte (160-bit) output, which is far more data than needed for a 6-digit code. Dynamic truncation extracts a short, uniform integer from the hash in a reproducible way: it reads the last 4 bits of the 20th byte to determine an offset (0–15), then reads 4 bytes starting at that offset, masks the sign bit, and treats those 4 bytes as a 31-bit integer. Modulo 10^digits gives the final OTP. The dynamic offset means different secrets land at different points in the HMAC, adding cryptographic diversity.
The bar changes from green to yellow when 10 seconds remain and to red when 5 seconds remain. This visual cue warns you that the current OTP is about to expire. If you are about to enter the code somewhere, wait for the new code to appear (bar resets to green) rather than rushing — an expired code will be rejected, while the freshly generated code gives you a full 30-second window.
SMS OTPs are generated on the server and delivered over the cellular network, making them vulnerable to SIM-swap fraud, SS7 protocol attacks, and phone number porting attacks. TOTP codes are generated locally on your device from a shared secret, with no network delivery at all. This eliminates the telecom attack surface entirely. TOTP is universally considered more secure than SMS for two-factor authentication.
Yes — each account has its own unique secret key. Simply paste or generate a different secret for each account. Keep each secret stored separately (e.g., in a password manager entry for that account). The period and OTP length should match each account's configuration individually, so check your account's TOTP settings if unsure.

Sources & References

Last updated: 2026-06-05

💡

Help us improve!

How would you rate the OTP Generator?

<>

Editorial Note

MyCalcBuddy Editorial Team

This page is maintained as an educational calculator reference.

Source

Formula Source: Standard Mathematical References

by Various

UpdatedLast reviewed: May 2026
CheckedFormula checks are based on standard references and internal QA review.