HMAC Generator
Generate HMAC values from text and a secret key. Supports SHA-1, SHA-256, SHA-384, and SHA-512.
Generate two-factor authentication (TOTP) one-time passcodes from a Base32 secret key, entirely in your browser.
This tool generates one-time passcodes from a Base32 secret key using the same algorithm (RFC 6238) as TOTP apps like Google Authenticator. It’s useful for testing two-factor authentication flows in an app you’re developing, or for quickly checking a backup code.
Secret key input and code generation happen entirely in your browser — nothing is sent externally. This tool also does not persist the secret key in localStorage, so your input is cleared when you leave the page.
TOTP (Time-based One-Time Password) is an algorithm that generates a one-time password from a shared secret key and the current time (RFC 6238). It's the mechanism behind two-factor authentication apps such as Google Authenticator, Authy, and 1Password.
No. All computation happens locally in your browser using the Web Crypto API. Your secret key is never sent to or stored on a server.
A mismatched device clock is the most common cause, since TOTP is calculated from the current time. Make sure your device's clock is accurately synced, and check that the algorithm, digit count, and refresh interval match the service's settings.
This tool is intended for testing and development/debugging purposes. For everyday two-factor authentication, we recommend a dedicated authenticator app (Google Authenticator, Authy, etc.) or a password manager.