Staging — marketing preview only.

TOTP / 2FA template

Last updated: 28 Jun 2026

Official optional pack—client-side code generation in the vault app.

What this template is

TOTP / 2FA generates time-based one-time passwords inside NT²—similar to authenticator apps—with secrets encrypted locally and never sent to NT² servers. Enable the pack in Settings like other official optional templates.

Category slugtotp
PackOfficial optional — nt2-template-totp
TierFree

When to use it (and when not to)

Good fits

  • Replacing phone authenticator apps for service logins
  • Linking to Credential for combined password + code flow
  • Rotating secrets after provider-mandated 2FA re-enrollment

Use something else instead

SituationBetter template
One-time provider backup codesSecure Note
Password onlyCredential

Everyday workflows

Enroll new 2FA

  1. Enable the TOTP pack in Settings—see Enable category template packs.
  2. Create item; paste setup key or otpauth:// URI.
  3. Store provider backup codes in Secure Note.

Login with code

  1. Open TOTP item or linked Credential panel.
  2. Copy rotating 6-digit code within 30 seconds.

Fields at a glance

FieldWhat to put hereSensitive?
TitleService nameNo
Service nameDisplay labelNo
TOTP secretBase32 key (never shared)Yes
NotesEnrollment hintsNo

What you need

TierFree
Vault stateUnlocked
NetworkOffline for code generation (clock-based); online not required
Feature toggleTOTP / 2FA pack enabled—see Enable category template packs

Steps

Enable the TOTP pack

  1. Unlock your vault and open Settings → General → Category templates (https://se.nt2.me/settings/general/templates).
  2. Toggle TOTP / 2FA On.

Add a TOTP secret

  1. Open https://se.nt2.me/assets and select Add assetTOTP / 2FA (or add from a linked Credential flow if offered).
  2. Enter a title matching the service (e.g. “Email — 2FA”).
  3. Paste the setup key or provisioning input from the service’s 2FA enrollment screen.
  4. Save. NT² stores the secret encrypted locally—never sent to NT² servers in plaintext.

Use a generated code

  1. Open the TOTP item from the list.
  2. Read the rotating 6-digit code (usually 30s / 6 digits).
  3. Tap Copy code and paste into the service login within 30 seconds—clipboard auto-clears after that.

Rotate or remove

  1. Edit when the service forces 2FA re-enrollment and issues a new secret.
  2. Delete old TOTP items after migration to avoid confusion about which secret is current.
  3. Deleted items go to Trash until purged.

Tips and common mistakes

  • Optional pack—like Crypto or Bank packs, TOTP is off until you enable it in Settings.
  • Device clock—TOTP codes depend on accurate system time; skew causes rejected codes.
  • Backup codes—store one-time recovery codes in Secure Note, not only TOTP.
  • Export limits—treat TOTP secrets like passwords; do not share screenshots of active codes.