TOTP ValidatorValidate TOTP codes against a shared secret with configurable time window.
TOTP Validator
Validate TOTP codes against a shared secret with configurable time window.
Enter Secret
Base32 secret.
Enter Code
TOTP code.
Validate
Check code.
What Is TOTP Validator?
Validates TOTP codes against a shared secret, checking current and adjacent time windows for clock skew tolerance. Uses HMAC-SHA1 via Web Crypto API. Reports match status and time offset. Essential for testing 2FA and debugging auth. All processing is client-side.
Why Use Our TOTP Validator?
- Configurable time window
- Reports time offset
- Standard parameters
- 100% client-side
Common Use Cases
2FA Testing
Test implementations.
Troubleshooting
Debug rejected codes.
Migration
Verify secrets.
Audit
Test config.
Technical Guide
Generates expected code for time steps T-window to T+window. Computes HMAC-SHA1 with dynamic truncation per RFC 4226. Window=1 checks 3 steps allowing 30-90s drift.
Tips & Best Practices
- 1Window=1 is standard
- 2Larger window helps drift
- 3Offset shows drift direction
- 4Match period and digits
Related Tools
TOTP Generator
Generate time-based one-time passwords (TOTP) compatible with Google Authenticator.
Encoding & Crypto
HOTP Generator
Generate HMAC-based one-time passwords (HOTP) with counter tracking.
Encoding & Crypto
HMAC Generator
Generate HMAC digests with multiple hash algorithms.
Encoding & Crypto
Base32 Decode
Decode Base32-encoded strings back to plain text.
Encoding & Crypto
Base64 Encode
Encode text to Base64 format instantly in your browser.
Encoding & Crypto
Base64 Decode
Decode Base64-encoded strings back to plain text instantly.
Encoding & CryptoFrequently Asked Questions
QFree?
QWindow?
QSecret safe?
QNon-zero offset?
QCustom period?
About TOTP Validator
TOTP Validator is a free online tool from FreeToolkit.ai. All processing happens directly in your browser — your data never leaves your device. No registration required. No ads. Just fast, reliable tools.