Two-Factor Authentication

Your codes. Your device. No one else.

TOTP Authenticator generates the 6-digit verification codes that protect your online accounts — computed securely on your device, working even when you're offline.

What is a TOTP authenticator?

TOTP stands for Time-based One-Time Password. It is an open standard (RFC 6238) for generating short-lived numeric codes used as a second factor when you log in.

A password alone can be stolen, guessed, or leaked. Two-factor authentication (2FA) adds a second step: after your password, the website asks for a 6-digit code that changes every 30 seconds. Only a device holding the account's secret key can produce the correct code — so even if someone steals your password, they still can't get in.

An authenticator app is what stores those secret keys and generates the codes. Because the code is derived from a shared secret and the current time, it works entirely offline — nothing is ever sent over the internet.

How it works

  1. 1

    Scan the QR code

    When a website enables two-factor authentication, it shows a QR code that contains a shared secret key. You scan it once with the authenticator.

  2. 2

    A secret is stored on your device

    The secret key is saved securely and never leaves your phone. No account, no cloud, no server is required.

  3. 3

    A 6-digit code is generated

    The app combines the secret with the current time to compute a fresh one-time code every 30 seconds using the TOTP algorithm (RFC 6238).

  4. 4

    You enter the code to sign in

    The website runs the same calculation and checks that the codes match — proving you hold the secret, without ever sending it over the network.

Why use an authenticator

Works offline

Codes are computed on-device from time. No internet connection is needed to log in.

Secrets stay private

Your keys are stored locally and are never uploaded to any server.

Time-based codes

Each code is valid for only 30 seconds, then a new one is generated automatically.

Open standard

Built on the TOTP / HOTP standards (RFC 6238 & 4226) — compatible with any 2FA-enabled service.