Secret Validator

Validate Base32 secrets for TOTP/HOTP authenticators

Base32 Secret

How to Use This Tool

1. Paste Your Secret: Enter the TOTP/HOTP secret key you want to validate. Accepts both Base32 and Base64 formats.

Validation Checks:

2. Auto-Detection: Tool automatically identifies encoding type (Base32: A-Z, 2-7 | Base64: A-Z, a-z, 0-9, +, /).

3. Format Validation: Checks for invalid characters, improper padding, and encoding errors that cause authenticator failures.

4. Metadata Display: View byte length, padding status, and encoding details to understand your secret.

Testing:

5. Test Generation: Generate a test TOTP code to verify the secret works correctly. Compare with your authenticator app.

6. Troubleshooting: If codes don't match, check for lowercase letters (should be uppercase), typos, or missing padding characters.

All validation is client-side. Your secrets never leave your browser. Common issues: mixed case, invalid characters, incorrect padding.

Secret Validator: FAQ

This tool validates TOTP/HOTP secrets (Base32-encoded keys used in authenticator apps), API keys, tokens, and other encoded strings. It checks format validity, encoding correctness, and provides metadata about the secret.

Absolutely not. All validation happens entirely in your browser using JavaScript. Your secrets never leave your device and are not transmitted over any network.

Base32 validation ensures your secret only contains valid characters (A-Z, 2-7), has proper padding if needed, and can be successfully decoded. Invalid secrets will cause authenticator apps to fail or generate incorrect codes.

Yes. If your authenticator codes aren't working, validating the secret can reveal encoding errors, invalid characters, or formatting issues. Common problems include lowercase letters, typos, or incorrect padding.