What Base32 Token Means
In TOTP, a Base32 token is the shared secret written in a readable character set. It can look like a long string of letters and digits. The authenticator calculates one-time codes from that secret.
Often the user sees a QR code instead of the raw token. The QR code usually contains an otpauth link with the same secret.
Why the Token Must Stay Private
Anyone who knows the Base32 token can generate current 2FA codes. Do not publish it, send it in open channels, place it in public documents, or leave it visible in screenshots.
Fixing Token Errors
If a code fails, check that the token was copied fully, without spaces, line breaks, or extra characters. Then try the next 30-second interval and verify time synchronization.
How to Recognize a Base32 Token
A Base32 token usually contains letters A-Z and digits 2-7, sometimes grouped with spaces for readability. When copied into a generator, remove extra spaces and characters. In an otpauth link, the secret is often stored in the `secret=` parameter.
A 2FA QR code usually contains the same secret in link form, so scanning a QR code and pasting a Base32 token are two interfaces for the same TOTP secret.