Rangdom

TOTP Secret Key Generator

TOTP secrets are generated locally in your browser with the Web Crypto API. This is a real-entropy fixture for development and testing — it is not tied to any real account or device.

Throwaway 2FA secrets for development

Produces the Base32 shared secret you scan or paste when enrolling an authenticator app, plus a matching otpauth://totp/ provisioning URI built from the secret and your editable issuer and account name. Pick a strength from 80-bit to 256-bit; 160-bit (32 characters) is the authenticator-app default. The secret uses the RFC 4648 alphabet A–Z 2–7 with no padding, and the URI keeps the standard algorithm=SHA1, digits=6, and period=30 parameters.

When to use this tool

Reach for a TOTP secret when you are building or testing 2FA/MFA enrollment, seeding fixtures, or writing docs that show an authenticator setup. The provisioning URI imports cleanly into Google Authenticator, Authy, 1Password, and any otpauth parser, so you can wire up the full flow without registering a real account.

How the randomness works

The secret is drawn from crypto.getRandomValues and encoded with the Base32 alphabet, so the requested strength of entropy comes from the browser's cryptographic RNG. The provisioning URI percent-encodes the issuer and account so values containing spaces or "@" stay valid, and fixes algorithm SHA1, 6 digits, and a 30-second period — the standard authenticator defaults. Everything runs in your browser; nothing is sent over the network.

Related tools

Base32 StringBackup CodesBase32 EncodePassword