Your codes. Your device. No one else.
TOTP Authenticator generates the 6-digit verification codes that protect your online accounts — computed securely on your device, working even when you're offline.
What is a TOTP authenticator?
TOTP stands for Time-based One-Time Password. It is an open standard (RFC 6238) for generating short-lived numeric codes used as a second factor when you log in.
A password alone can be stolen, guessed, or leaked. Two-factor authentication (2FA) adds a second step: after your password, the website asks for a 6-digit code that changes every 30 seconds. Only a device holding the account's secret key can produce the correct code — so even if someone steals your password, they still can't get in.
An authenticator app is what stores those secret keys and generates the codes. Because the code is derived from a shared secret and the current time, it works entirely offline — nothing is ever sent over the internet.
How it works
- 1
Scan the QR code
When a website enables two-factor authentication, it shows a QR code that contains a shared secret key. You scan it once with the authenticator.
- 2
A secret is stored on your device
The secret key is saved securely and never leaves your phone. No account, no cloud, no server is required.
- 3
A 6-digit code is generated
The app combines the secret with the current time to compute a fresh one-time code every 30 seconds using the TOTP algorithm (RFC 6238).
- 4
You enter the code to sign in
The website runs the same calculation and checks that the codes match — proving you hold the secret, without ever sending it over the network.
Why use an authenticator
Works offline
Codes are computed on-device from time. No internet connection is needed to log in.
Secrets stay private
Your keys are stored locally and are never uploaded to any server.
Time-based codes
Each code is valid for only 30 seconds, then a new one is generated automatically.
Open standard
Built on the TOTP / HOTP standards (RFC 6238 & 4226) — compatible with any 2FA-enabled service.