A web application for generating Time-based One-Time Passwords (TOTP) for two-factor authentication (2FA).

This application provides a clean, minimalist interface for generating and managing TOTP codes for multiple accounts. It's designed to be privacy-focused, with all operations performed client-side and data stored locally in the browser.

• Generate and display TOTP codes with countdown timer
• Support for multiple accounts
• Client-side only functionality
• Privacy-focused: no tracking, analytics, or account requirements
• RFC 6238 compatible
• Local browser storage with data export (backup) and import (restore) options
• Auto-updating TOTP without page refresh
• Dark/light modes and responsive design (optimized for desktop)
• TOTP secret generator
• Adheres to WCAG 2.1 Level AA accessibility standards

• Preact
• jsSHA library for SHA-1 hashing
• GitHub Pages for hosting

• app.js: Main application logic and components
• totp.js: TOTP-related functions and logic

• Implements Content Security Policy (CSP)
• Input validation for Base32 secret keys
• Sanitization to prevent XSS attacks
• Rate limiting for TOTP generation
• All resources served from the same origin

• Optimized for low-performance virtualized desktops
• Initial load <5s on corporate networks, <1MB size, <20% CPU and <100MB memory usage
• Responsive alongside resource-intensive applications (e.g., Skype for Business)

Supports IE11, Edge (14+), Chrome (49+), Firefox (52+) with graceful degradation.

Uses browser's localStorage to save and retrieve account data. Data export and import functionality implemented without encryption.

• Uses CSS variables for theming
• Implements responsive design for various screen sizes
• Light/dark mode toggle in footer

This project is licensed under the MIT License - see the LICENSE file for details.