About 2FA.tools
Free, open-source, privacy-first two-factor authentication
Our Mission
2FA.tools was created with a simple mission: to provide a free, secure, and transparent way for anyone to generate Time-based One-Time Passwords (TOTP) without trusting a third party with their secret keys. Every computation happens in your browser — your secrets never leave your device.
Why 2FA.tools?
Most authenticator apps require you to trust a company with your secret keys, whether through cloud syncing, account registration, or opaque code. 2FA.tools takes a radically different approach:
100% Client-Side
All cryptographic operations run in your browser using the Web Crypto API
Zero Tracking
No cookies, no analytics, no fingerprinting — complete anonymity
Transparent
Fully transparent client-side code — verify our privacy claims yourself
Works Offline
Install as a PWA and generate codes without an internet connection
Technology
2FA.tools is built with a zero-dependency architecture, emphasizing simplicity, performance, and security:
How It Works
2FA.tools implements the TOTP algorithm as defined in RFC 6238:
- You enter your Base32-encoded secret key
- The key is decoded and used with the current timestamp to generate an HMAC-SHA1 hash via the Web Crypto API
- A 6-digit code is extracted from the hash using dynamic truncation
- The code refreshes every 30 seconds, synchronized with your device clock
- Once you close the page, the key is permanently discarded from memory
Provider
2FA.tools is an exclusive tool provided and maintained by wRock.org.