TOTP 2FA Generator

Does this TOTP tool upload my secrets to a server?

No. All secrets are encrypted locally in your browser using AES-256-GCM and stored only in your browser's localStorage.

Is my vault encrypted?

Yes. Your master password is used to derive a key (PBKDF2-SHA256, 200k iterations) which encrypts the entire vault.

What is the 'Panic Password'?

This is a duress feature. If you are forced to unlock the app under threat, enter this password. It will **silently wipe all local data** and unlock an empty vault to protect your real accounts.

CRITICAL: Can I import a backup while in Panic Mode?

**NO.** If you unlock with the Panic Password, the app assumes you want to destroy data. If you import a backup in this state, it will be re-encrypted with the Panic Password. Always unlock with your **Real Master Password** before importing.

Can I import a backup that uses a different password?

Yes. The tool now supports 'Smart Import'. If the backup file uses a different password than your current one, you will be prompted to enter the backup's password to decrypt and merge it.

Why are the codes blurred?

To prevent 'shoulder surfing' (people looking at your screen). Hover over a code to reveal it. Clicking a code will copy it and auto-clear your clipboard after 60 seconds.

Can I scan authenticator QR codes?

Yes. You can scan via your device camera or upload a QR image file. The tool automatically parses standard otpauth:// URLs.

What happens if I forget my master password?

Your vault cannot be decrypted. For security reasons, there is no recovery method (unless you have a backup file and remember *its* password).

Does it auto-lock?

Yes. The vault locks automatically after 15 minutes of inactivity.