Skip to content

RFC 6238 · TOTP

LiveAuthenticator

A real, live Time-based One-Time Password generator - the exact 2FA algorithm behind Google Authenticator, Authy, and most app-based logins. The C# original is powered by the OnlyCSharp/1.8 BCL-only crypto library (OcTotp / OcHotp / OcOtpAuthUri); this page recomputes the same demo below in your browser, so the code you see is genuinely ticking against your clock.

Live code - demo secret

30
••• •••
refreshes every 30 s · SHA-1 · 6 digits ·

Demo secret only - the string "MySuperSecretKey123!" is hard-coded so the output is reproducible. A real TOTP secret must be securely random (20+ bytes), confidential, and provisioned once per account.

Provisioning descriptor

Account
demo@kullgames.com
Issuer
KullGames LiveAuthenticator Demo
Secret (base32)
JV4VG5LQMVZFGZLDOJSXIS3FPEYTEMZB
Algorithm
SHA1 · 6 digits · period 30 s

otpauth:// URI a QR code would encode:

otpauth://totp/KullGames%20LiveAuthenticator%20Demo:demo%40kullgames.com?secret=JV4VG5LQMVZFGZLDOJSXIS3FPEYTEMZB&issuer=KullGames%20LiveAuthenticator%20Demo&algorithm=SHA1&digits=6&period=30

Real captured run - the C# console app

KullGames.LiveAuthenticator -- live TOTP (RFC 6238) demo
=========================================================
Powered by OnlyCSharp/1.8 Cybersecurity.Cryptography.OneTimePassword (OcTotp / OcHotp / OcOtpAuthUri).

Demo shared secret (NOT a real credential): "MySuperSecretKey123!"

Live codes (one sample every 3s, 6 samples, ~18s total):
  [1/6] t=1783967668   Code: 176001   (refreshes in 2s)
  [2/6] t=1783967671   Code: 368925   (refreshes in 29s)   ← 30s boundary: rolled over
  [3/6] t=1783967674   Code: 368925   (refreshes in 26s)
  [4/6] t=1783967677   Code: 368925   (refreshes in 23s)
  [5/6] t=1783967680   Code: 368925   (refreshes in 20s)
  [6/6] t=1783967683   Code: 368925   (refreshes in 17s)

Verify(code="368925", t=1783967683) -> True  (matchedOffset=0)

ROUND-TRIP PASSED: the live-generated code verifies successfully.