Generate 2FA codes without sending secrets anywhere.
Paste one key or a bulk list, then copy fresh six-digit codes as they rotate. Everything runs inside this page through the browser Web Crypto API.
Secret Input
Paste raw Base32 secrets or account lists. Separators and spaces are cleaned automatically.
Raw Secret, Account | Secret, or User | Pass | Secret (one per line). Spaces inside keys are automatically removed.
Live Codes
Codes refresh every 30 seconds. Click a card or the copy button to copy the current code.
Enter one or more 2FA secrets and click "Generate codes" to begin.
Local-Only Cryptography
All cryptographic processing (Base32 decoding, HMAC-SHA1 calculation) is executed in sandbox mode inside your local browser using standard W3C Web Crypto API. No keys or logs are transmitted to external servers.
Auto-Syncing Engine
Codes dynamically update according to Unix epoch intervals. An active countdown indicator highlights code expiration in real-time, preventing login errors due to out-of-sync steps.
Flexible Bulk Parsing
Paste multiple authentication keys directly. The engine filters separators (like pipes |, spaces, or tabs) to extract valid codes, making account management fast and fluid.
Free 2FA Code Generator and TOTP Authenticator
Two-factor authentication adds an extra verification step after your password. This free browser-based tool generates six-digit time-based one-time passwords (TOTP) from compatible Base32 secret keys, helping you access your own accounts when you need a quick authenticator.
Use the generator at 2FA.org.uk without installing an app. Codes refresh automatically every 30 seconds, and the countdown makes it easy to see when the current code will expire.
Generate One or Multiple TOTP Codes
Enter a single Base32 key or paste a bulk list in formats such as Account | Secret or User | Password | Secret. The parser detects supported keys, removes spaces and displays each account with its current authentication code.
Private, Local Code Generation
The Base32 decoding and HMAC-SHA1 calculation run locally through the browser Web Crypto API. Your secret keys are processed on the device you are using and are not required to be uploaded for code generation. For best security, use 2FA secrets only on a trusted device and close the page when finished.
Frequently Asked Questions
What is a TOTP code?
A TOTP code is a short-lived one-time password generated from a shared secret and the current time. Most services refresh it every 30 seconds.
Are my 2FA secret keys uploaded?
No. Code generation takes place locally in your browser with the Web Crypto API. The page does not need to send your secrets to a server to calculate a code.
Which secret key format is supported?
The generator accepts standard Base32 TOTP secrets. It can also extract a secret from pipe-, comma- or tab-separated account lists.