About 2FA auth

What this tool does

Paste a Base32 secret key from any service that supports authenticator apps (Google, GitHub, AWS, Microsoft, and thousands more) and 2FA auth renders the matching 6-digit time-based one-time password — refreshed every 30 seconds, exactly like Google Authenticator, Authy, or 1Password would.

How it's different

• 100% client-side. Your secret never leaves the browser tab.
• No accounts, no installs, no cloud sync.
• Open standards only: RFC 6238 (TOTP), RFC 4226 (HOTP), SHA-1, 6 digits, 30s period.
• Works offline once the page is loaded.

Who it's for

Developers testing 2FA flows, security engineers verifying tokens, support teams reproducing login issues, and curious users who want to understand how authenticator apps actually work under the hood.

Who's behind it

2FA auth is an independent educational project. It is not affiliated with Google, Authy, Microsoft, or any other authenticator vendor.