What is the difference between a 2FA authenticator and a TOTP generator?

A TOTP generator calculates time-based one-time passwords from a shared secret. A 2FA authenticator is any tool that provides a second verification factor. This tool is both — it generates TOTP codes and serves as a lightweight browser-based 2FA authenticator.

Are my TOTP secrets stored on a server or locally?

Locally. Your TOTP secrets are decoded, stored, and used entirely within your browser. This tool never sends your secret to a remote server to generate a code.

Can I manage multiple 2FA accounts in one browser tool?

Yes. Add each service as a separate entry, label it with the app name or account, and copy the matching code whenever you need to log in.

Why does my authenticator code change every 30 seconds?

Most TOTP accounts use a 30-second time step. The authenticator combines your secret with the current time window, and when that window rolls over, a new code is generated automatically.

What should I do when my two-factor authentication code is not working?

Check four things: (1) your device clock is synced to network time, (2) you selected the correct account entry, (3) the code has not already expired, and (4) the service does not require non-default TOTP settings like SHA-256 or an 8-digit code.

2FA TOTP Authenticator

Generate 2FA codes from a Base32 secret or otpauth QR code. Your TOTP secrets stay in this browser.

••••••

What is two-factor authentication (2FA)?

Two-factor authentication (2FA) is a security method that requires two separate proofs of identity before granting access. Even if your password leaks, an attacker still needs a short-lived code, hardware key, or passkey approval to get in. For most apps today, that second factor is a 6-digit authenticator code.

How does TOTP generate one-time passwords?

TOTP (time-based one-time password) is a standard that turns a shared secret and the current time into a short-lived code. When you enable 2FA, the service gives you a secret — usually embedded in an otpauth QR code. Your authenticator combines that secret with the current 30-second window to produce a fresh code each interval.

How to manage multiple 2FA accounts in one authenticator

You can keep all your TOTP accounts in one place. Add each service with an app name, account label, or short remark, then preview and copy the right code when you need it — no more scrolling through a phone authenticator to find the right entry.

Why store TOTP secrets locally instead of the cloud?

Keeping TOTP secrets on your own device means no server breach can expose them all at once. This tool stores everything in the current browser, making it ideal for personal backup workflows, developer testing, temporary credentials, or separating work accounts from a phone-only authenticator.

How to generate a 2FA code with this TOTP authenticator

1
Paste a Base32 TOTP secret or scan an otpauth QR code.
2
Add an app name, account, or short remark so the code is easy to recognize.
3
Copy the current 2FA code before the 30-second timer refreshes.

What is the difference between 2FA, TOTP, and an authenticator app?

2FA is the security concept, TOTP is the protocol, and an authenticator app is the tool that implements it. Specifically, two-factor authentication (2FA) means requiring a second proof of identity; TOTP is the time-based standard that generates short-lived codes from a shared secret; and an authenticator is the software that does the math. This page focuses on TOTP because it is the most widely supported method across email providers, developer platforms, crypto exchanges, and internal company systems.

Why is my 2FA code not working?

A 2FA code usually fails because the authenticator and the server disagree about the time, the secret, or the account. The code itself may look fine, but any mismatch in these three areas will cause a rejection.

Device clock is wrong

TOTP depends on time. If your computer or phone clock is off by more than one time window, the generated code may be rejected. Enable automatic time sync and try again.

Wrong secret or account

A copied secret, QR code, issuer, or account label can be mixed up when several accounts use the same service. Check that the entry matches the exact account you are signing in to.

Expired code window

Most codes rotate every 30 seconds. If the timer is nearly empty, wait for the next code before submitting it, especially on slow login pages.

Different TOTP settings

Most services use SHA-1, 6 digits, and a 30-second period, but some use different settings. Importing the full otpauth QR code is the safest way to preserve those options.

Frequently asked questions about TOTP and 2FA codes