RFC 6238 · TOTP · QR
AuthenticatorSetup
Provision your own two-factor authentication, entirely in your browser. Generate a TOTP
secret, scan the real QR code into Google Authenticator, Authy, or any RFC 6238 app, and
confirm the live code matches. The QR is drawn by our from-scratch QR encoder - the pure-C#
OnlyCSharp.ComputerGraphics.Barcode transliterated to JavaScript - and codes tick via the
same OcTotp/OcHotp algorithm. No libraries, no servers.
crypto.getRandomValues
and never leave this device - there is no network request, no upload, nothing for us to see. Saved
accounts live only in this browser's localStorage (optionally passphrase-encrypted below).- Open your authenticator app and choose Scan a QR code.
- Point it at the code on the left.
- Check the 6-digit code your app shows matches the live one below.
My accounts - stored only in this browser
Encryption at rest - optional
When enabled, your accounts are encrypted with AES-256-GCM using a
key derived from your passphrase via PBKDF2 (200k iterations, SHA-256) before being written to
localStorage. The passphrase is never stored; if you forget it the data is unrecoverable.