TOTP / 2FA template
Last updated: 28 Jun 2026
Official optional pack—client-side code generation in the vault app.
What this template is
TOTP / 2FA generates time-based one-time passwords inside NT²—similar to authenticator apps—with secrets encrypted locally and never sent to NT² servers. Enable the pack in Settings like other official optional templates.
| Category slug | totp |
| Pack | Official optional — nt2-template-totp |
| Tier | Free |
When to use it (and when not to)
Good fits
- Replacing phone authenticator apps for service logins
- Linking to Credential for combined password + code flow
- Rotating secrets after provider-mandated 2FA re-enrollment
Use something else instead
| Situation | Better template |
|---|---|
| One-time provider backup codes | Secure Note |
| Password only | Credential |
Everyday workflows
Enroll new 2FA
- Enable the TOTP pack in Settings—see Enable category template packs.
- Create item; paste setup key or
otpauth://URI. - Store provider backup codes in Secure Note.
Login with code
- Open TOTP item or linked Credential panel.
- Copy rotating 6-digit code within 30 seconds.
Fields at a glance
| Field | What to put here | Sensitive? |
|---|---|---|
| Title | Service name | No |
| Service name | Display label | No |
| TOTP secret | Base32 key (never shared) | Yes |
| Notes | Enrollment hints | No |
What you need
| Tier | Free |
| Vault state | Unlocked |
| Network | Offline for code generation (clock-based); online not required |
| Feature toggle | TOTP / 2FA pack enabled—see Enable category template packs |
Steps
Enable the TOTP pack
- Unlock your vault and open Settings → General → Category templates (
https://se.nt2.me/settings/general/templates). - Toggle TOTP / 2FA On.
Add a TOTP secret
- Open
https://se.nt2.me/assetsand select Add asset → TOTP / 2FA (or add from a linked Credential flow if offered). - Enter a title matching the service (e.g. “Email — 2FA”).
- Paste the setup key or provisioning input from the service’s 2FA enrollment screen.
- Save. NT² stores the secret encrypted locally—never sent to NT² servers in plaintext.
Use a generated code
- Open the TOTP item from the list.
- Read the rotating 6-digit code (usually 30s / 6 digits).
- Tap Copy code and paste into the service login within 30 seconds—clipboard auto-clears after that.
Rotate or remove
- Edit when the service forces 2FA re-enrollment and issues a new secret.
- Delete old TOTP items after migration to avoid confusion about which secret is current.
- Deleted items go to Trash until purged.
Tips and common mistakes
- Optional pack—like Crypto or Bank packs, TOTP is off until you enable it in Settings.
- Device clock—TOTP codes depend on accurate system time; skew causes rejected codes.
- Backup codes—store one-time recovery codes in Secure Note, not only TOTP.
- Export limits—treat TOTP secrets like passwords; do not share screenshots of active codes.