Two-factor authentication codes that live in your browser, encrypted at rest. Nothing on a server.
What is this?Hide details▾
What is TOTP?
Standards-compliant TOTP (RFC 6238) running entirely in your browser. Secrets are encrypted at rest with AES-GCM-256; a master key is wrapped by both a passphrase (PBKDF2-SHA256 × 600k) and optionally a WebAuthn PRF-derived key for Touch ID / Windows Hello unlock. Mandatory encrypted JSON backup before the first secret saves — losing your only authenticator means lockout otherwise. Works offline. No accounts, no sync server.
totp.js
Locked
Pick a passphrase to set up your vault. You will use it every time you unlock.
or
No accounts yet. Click "Add account" to start.
Add TOTP account
— or fill in manually —
Back up before you save
TOTP secrets cannot be recovered if you lose this device or forget your passphrase. Download an encrypted backup now — it uses a passphrase you choose (can be the same as your vault).
