Free TOTP / 2FA QR Code Generator
Build standard otpauth:// QR codes for any TOTP-compatible authenticator app. Pure RFC 6238, no server, no signup.
- QR Generator
- Free Business Card Designer
- Printable WiFi Cards
- Batch CSV (500 codes)
- 40 Templates
- 20 Languages
Local uploads stay in your browser and only appear on the printed card. The QR data uses the URL above.
More fields (optional)
Address
Social profiles
Tip: right-click any spot on Google Maps and copy the coordinates
A red Swiss flag is automatically overlaid on the QR — required by Swiss banks.
Paste a BOLT11 invoice (lnbc...) or a Lightning address. We prefix with the lightning: URI scheme so any Lightning wallet can scan it.
Compatible with Google Authenticator, Authy, 1Password, Bitwarden, and any standard TOTP app.
Encodes the entire authorized_keys line. Scan to copy/paste the key onto a new machine.
For very long keys, use rMQR landscape or split into multiple QRs. Standard QR caps around ~2KB.
The official WireGuard mobile apps scan these directly. Never include your private key in a printed QR — only digital sharing.
GS1 Digital Link is the modern web-friendly alternative to the EAN-13 barcode for retail products. Resolver domain defaults to id.gs1.org but you can use your own.
Paste the share link from the Spotify app, or just the ID. We build the open.spotify.com URL automatically.
Format depends on platform — for Mastodon use @user@instance, for Bluesky use handle.bsky.social, for Nostr paste the npub key.
Geo URI (RFC 5870) opens directly in any maps app on the device — Google Maps, Apple Maps, OsmAnd, etc. — without picking a vendor.
Standard BitTorrent magnet link. Scanned by any BitTorrent client that supports URI scheme handlers.
Paste a full RFC 5545 iCalendar payload — supports multiple events, alarms, recurring rules. Most calendar apps import the QR directly.
Local uploads stay in your browser and only appear on the printed card. MeCard QR data has no photo field.
MeCard is a simpler alternative to vCard, preferred by some Android devices
More fields (optional)
Address
Micro QR capacity: 35 digits, 21 uppercase alphanumeric, or ~15 bytes (lowercase/URLs). Best for short codes, serial numbers, and IDs. For URLs, use standard QR instead.
Rectangular Micro QR — a narrow, wide format ideal for test tubes, wristbands, and ticket strips. Up to 361 characters.
Show 30 more templates
Save a style with the button above to keep your favourites here.
Or pick a built-in icon:
Renders behind the QR at reduced opacity. Auto-forces EC=H so the QR still scans through the photo.
Batch Generation
Upload a CSV to generate up to 500 QR codes in a single batch. Each row becomes its own QR — pick a template or override 21 properties on a per-row basis: colors, frames, dot/eye/eyeball styles, gradients, transparency, size, error correction, format, built-in logo, and more.
21 columns: type, data, filename, frametext, frame, template, fgcolor, bgcolor, size, ec, dotstyle, eyestyle, format, logo, gradient, g2, gtype, gangle, transparent, eyeball, eyecolor. Only type and data are required. Use | to separate fields inside data (e.g. ssid|password|WPA).
All 20 QR types supported, including URL, WiFi, vCard, MeCard, Email, SMS, Event, Location, UPI, SEPA, PayPal, Crypto, Micro QR and rMQR. Download the sample CSV to see every column, all 40 templates, 11 frame styles, and the 12 built-in logos in action.
Save the entire QR — type, all field values, style, frame, logo, business card design — as a single .qr.json file. Load it later to recreate everything in one click.
Enter content to generate your QR code
E-signatures that hold up in court
Abundera Sign goes beyond basic e-signatures. Every document gets cryptographic proof, independent verification, and a tamper-evident evidence package.
- Auto-generated court-ready evidence packages
- Personal Document Seal — detects tampering instantly
- Anchored to 5 independent systems — no single point of failure
How TOTP QR Codes Work
TOTP (Time-based One-Time Password) is the open standard behind every modern authenticator app — Google Authenticator, Authy, 1Password, Bitwarden, Microsoft Authenticator, Aegis, FreeOTP, Raivo, and dozens more. When you set up 2FA on a service, the service generates a shared Base32 secret and packages it into an otpauth://totp/... URI. Your authenticator app scans the QR, stores the secret locally, and starts producing 6-digit codes that change every 30 seconds.
This generator builds the URI for you. Useful for self-hosted services that don't ship a QR generator, password manager migration, lab/test environments, and the moment you need to switch authenticator apps without losing your existing seeds.
Fields explained
- Issuer — the service name (e.g. GitHub). Shown as the heading in the authenticator app.
- Account — usually your username or email. Shown as the subheading.
- Secret — the Base32-encoded shared secret. Standard length is 16, 26, or 32 characters.
- Algorithm — SHA1 (default, supported everywhere), SHA256, or SHA512.
- Digits — 6 (default) or 8.
- Period — 30 seconds (default) or 60.
Privacy
The shared secret is the most sensitive thing you'll ever paste into a QR generator. Abundera QR runs entirely in your browser — the secret never touches a server, never gets logged, never leaves your device. If you're security-conscious, generate codes on an offline laptop and you're golden.
Frequently Asked Questions
Which authenticator apps work with these QR codes?
Every standards-compliant TOTP app: Google Authenticator, Microsoft Authenticator, Authy, 1Password, Bitwarden, LastPass Authenticator, Aegis, Raivo, FreeOTP, FreeOTP+, 2FAS, Ente Auth, Yubico Authenticator, KeePassXC, and many more.
Is the secret transmitted to your servers?
No. Abundera QR is a client-side static site. The Base32 secret you paste is encoded into the URI inside your browser and rendered to the canvas locally. We have no servers, no logs, no telemetry — there is nowhere for the secret to go.
What's the difference between SHA1, SHA256, and SHA512?
SHA1 is the default and is supported by every TOTP app on the market. SHA256 and SHA512 are more secure but adoption is uneven — Google Authenticator silently treats them as SHA1, which produces wrong codes. Pick SHA1 unless you control both sides.
Can I use this for HOTP (counter-based) codes too?
TOTP only for now. Most modern services have moved to TOTP. HOTP requires tracking the counter on both sides which is significantly less convenient.
How do I get the Base32 secret from my service?
When the service displays its setup QR code, there's almost always a 'Can't scan? Enter manually' link. The text shown there is the Base32 secret. Copy it into Abundera QR to regenerate the QR for a different app.
Can I store multiple TOTP entries in one QR?
No — each otpauth:// URI is a single account. To migrate many accounts at once, use Google Authenticator's export/migration QR feature, which uses a different URI scheme (otpauth-migration://).
Does the QR work if I scan it twice from different apps?
Yes. The QR contains the seed, not a token. Scanning the same QR into two apps gives you two synchronized authenticators. Useful for backup.