This page generates a set of Time-based One-Time Passwords (TOTP), as done by the Google Authenticator app, but in your web browser. The passwords change every 30 seconds, hence the count-down in the "Time Remaining" field.

Though it will work if loaded directly from the internet, it is best to "File/Save Page As..." in your browser, and use it directly from the saved file there, via "File/Open..." in your browser.

The "Secret Key" is usually generated by a web site that requires two-factor authentication. It should be 16 characters long, consisting of the letters "a" to "z" and the digits "2" to "7", which represents an 80-bit number (this page doesn't enforce that; it simply decodes the string as BASE32, generating however big a number it represents). The key, and an associated label, are often presented visually as a QR code, which Authenticator apps can scan, but there is usually a way to display it as text.

Paste that secret key into the field near the top of the screen labelled "Secret Key", where it initially says "InTheQRCodeBelow" (and which is actually encoded in the QR code image). Give it whatever "Name" you'd like.

If you forget a site's secret key, you won't be able to login any more, until you convince an administrator there to let you create a new one.

The page starts with a single secret key, but you can add more by clicking the "+" button to the right of the "Secret Key" field. You can select which key you're editing by clicking the radio button to the right of that field. You can delete a field by clicking the "-" button. To hide the editing fields and this help text, uncheck the check box to the right of the "Name" field. To show them again, click on any radio button."

If you delete a row by mistake, just click the "+" button and its name and secret key will be restored. Otherwise, a new row's name will be "Unnamed" and its secret will be randomly generated.

The values are stored in "local storage" of your web browser. They will persist there.

To save the names and secret keys stored in your browser's local storage, click the "save" button. That will encode the state and put it in the text box to the right of the "restore" button. Copy that and save it in a file for later pasting into this page running in another browser.

To restore saved state, paste the string you copied in the preceding paragraph into the text box to the right of the "restore" button, and click the "restore" button.

To erase your saved state, so that nobody who uses the current browser can recover your secret keys, click the "erase" button.

This page requires JavaScript, but it executes completely inside the web browser on your computer. No communication is done over the network to compute the TOTP from the Secret Key.

This page will work correctly only if your computer's clock is synchronized with the actual time. Since the algorithm is time-based, unless your clock has the same time, to the second, as the clock on the computer requiring the password, it won't work. Most modern computers do time synchronization automatically.

Distilled and expanded from Markus Gutschke's TOTP Debugger, which is live here.

Bill St. Clair, 16 February 2016, on GitHub