2FA Secret Key Generator

Generate a cryptographically secure Base32 secret key for new 2FA setups. Generated entirely in your browser.

When do I need a new secret?

  • Setting up 2FA on a custom application or server.
  • Your existing 2FA secret was compromised.
  • Building a TOTP-based authentication system.

About This Tool

This tool generates a cryptographically secure random secret key in Base32 format the standard encoding used by all TOTP (Time-based One-Time Password) authenticator apps. The key is generated using the browser's crypto.getRandomValues() API, which produces true random data from the operating system's entropy pool. Use this when building a new 2FA-enabled application or when manually configuring two-factor authentication that requires you to supply your own secret.

How to Use

  1. Choose your preferred key length : 160-bit (32 characters) is the TOTP standard; 256-bit offers extra security.
  2. Click Generate Secret. A new random Base32 key appears instantly.
  3. Copy the key and store it securely : this is your shared secret between the server and the authenticator app.
  4. Use the QR Code Generator to turn the secret into a scannable QR code for your authenticator app.

Frequently Asked Questions

What is a Base32 secret key?

A Base32 secret key is a random string encoded using only the characters A–Z and 2–7. It's the shared secret between your server and your authenticator app used to compute time-based one-time passwords (TOTP) defined in RFC 6238.

How long should my secret key be?

RFC 4226 recommends a minimum of 160 bits (20 bytes = 32 Base32 characters). For new applications, 256 bits (32 bytes = 52 Base32 characters) provides a comfortable security margin. Keys shorter than 128 bits are considered weak.

Can I use this key with Google Authenticator?

Yes. Generate the key here, then use the QR Code Generator tool to create a scannable QR code, and scan it with Google Authenticator, Authy, or any TOTP app. The generated codes will be valid.