Numbers

TOTP Secret Key Generator

A TOTP (Time-Based One-Time Password) secret key is the shared seed used by authenticator apps like Google Authenticator, Authy, and Microsoft Authenticator to generate six-digit login codes. This TOTP secret key generator creates cryptographically-style random Base32-encoded strings compatible with RFC 6238. Developers building two-factor authentication systems need unique secrets per user — generate them in bulk here for testing, staging environments, or prototyping your auth flow quickly.

Use Cases

  • Two-factor authentication development
  • Seeding TOTP libraries during testing
  • Generating per-user 2FA secrets
  • Auth system prototyping
  • Security training and demos

FAQ

What is a TOTP secret key?

A shared Base32 string used by authenticator apps and your server to independently generate the same time-based one-time password.

What length should a TOTP secret be?

RFC 4226 recommends at least 128 bits (26 Base32 chars). 32 characters (160 bits) is a widely used standard.

Are these keys safe to use in production?

These are generated client-side using Math.random, which is not cryptographically secure. For production, use a server-side crypto library.

Why Base32 for TOTP secrets?

Base32 avoids ambiguous characters and is easy to type manually, making it ideal for QR code setup flows.