diff --git a/package.json b/package.json
index c830daf7..c42cc7c7 100644
--- a/package.json
+++ b/package.json
@@ -82,6 +82,7 @@
     "lodash": "^4.17.4",
     "moment": "^2.17.1",
     "moment-timezone": "^0.5.11",
+    "otp": "^0.1.3",
     "sladex-blowfish": "^0.8.1",
     "sortablejs": "^1.5.1",
     "split.js": "^1.2.0",
diff --git a/src/core/config/Categories.js b/src/core/config/Categories.js
index 93b57a19..85d8d0d1 100755
--- a/src/core/config/Categories.js
+++ b/src/core/config/Categories.js
@@ -300,6 +300,8 @@ const Categories = [
             "Detect File Type",
             "Scan for Embedded Files",
             "Generate UUID",
+            "Generate TOTP",
+            "Generate HOTP",
             "Render Image",
             "Remove EXIF",
             "Extract EXIF",
diff --git a/src/core/config/OperationConfig.js b/src/core/config/OperationConfig.js
index cd7ca35c..4493bf9c 100755
--- a/src/core/config/OperationConfig.js
+++ b/src/core/config/OperationConfig.js
@@ -29,6 +29,7 @@ import MS from "../operations/MS.js";
 import NetBIOS from "../operations/NetBIOS.js";
 import Numberwang from "../operations/Numberwang.js";
 import OS from "../operations/OS.js";
+import OTP from "../operations/OTP.js";
 import PublicKey from "../operations/PublicKey.js";
 import Punycode from "../operations/Punycode.js";
 import QuotedPrintable from "../operations/QuotedPrintable.js";
@@ -3635,7 +3636,67 @@ const OperationConfig = {
             }
         ]
     },
-
+    "Generate TOTP": {
+        description: "The Time-based One-Time Password algorithm (TOTP) is an algorithm that computes a one-time password from a shared secret key and the current time. It has been adopted as Internet Engineering Task Force standard RFC 6238, is the cornerstone of Initiative For Open Authentication (OATH), and is used in a number of two-factor authentication systems. A TOTP is an HOTP where the counter is the current time.<br><br>Enter the secret as the input or leave it blank for a random secret to be generated. T0 and T1 are in seconds.",
+        run: OTP.runTOTP,
+        inputType: "byteArray",
+        outputType: "string",
+        args: [
+            {
+                name: "Name",
+                type: "string",
+                value: ""
+            },
+            {
+                name: "Key size",
+                type: "number",
+                value: 32
+            },
+            {
+                name: "Code length",
+                type: "number",
+                value: 6
+            },
+            {
+                name: "Epoch offset (T0)",
+                type: "number",
+                value: 0
+            },
+            {
+                name: "Interval (T1)",
+                type: "number",
+                value: 30
+            }
+        ]
+    },
+    "Generate HOTP": {
+        description: "The HMAC-based One-Time Password algorithm (HOTP) is an algorithm that computes a one-time password from a shared secret key and an incrementing counter. It has been adopted as Internet Engineering Task Force standard RFC 4226, is the cornerstone of Initiative For Open Authentication (OATH), and is used in a number of two-factor authentication systems.<br><br>Enter the secret as the input or leave it blank for a random secret to be generated.",
+        run: OTP.runHOTP,
+        inputType: "string",
+        outputType: "string",
+        args: [
+            {
+                name: "Name",
+                type: "string",
+                value: ""
+            },
+            {
+                name: "Key size",
+                type: "number",
+                value: 32
+            },
+            {
+                name: "Code length",
+                type: "number",
+                value: 6
+            },
+            {
+                name: "Counter",
+                type: "number",
+                value: 0
+            }
+        ]
+    },
 };
 
 export default OperationConfig;
diff --git a/src/core/operations/OTP.js b/src/core/operations/OTP.js
new file mode 100755
index 00000000..ff67d1c8
--- /dev/null
+++ b/src/core/operations/OTP.js
@@ -0,0 +1,55 @@
+import otp from "otp";
+import Base64 from "./Base64.js";
+
+/**
+ * One-Time Password operations.
+ *
+ * @author n1474335 [n1474335@gmail.com]
+ * @copyright Crown Copyright 2017
+ * @license Apache-2.0
+ *
+ * @namespace
+ */
+const OTP = {
+
+    /**
+     * Generate TOTP operation.
+     *
+     * @param {byteArray} input
+     * @param {Object[]} args
+     * @returns {string}
+     */
+    runTOTP: function(input, args) {
+        const otpObj = otp({
+            name: args[0],
+            keySize: args[1],
+            codeLength: args[2],
+            secret: Base64.runTo32(input, []),
+            epoch: args[3],
+            timeSlice: args[4]
+        });
+        return `URI: ${otpObj.totpURL}\n\nPassword: ${otpObj.totp()}`;
+    },
+
+
+    /**
+     * Generate HOTP operation.
+     *
+     * @param {byteArray} input
+     * @param {Object[]} args
+     * @returns {string}
+     */
+    runHOTP: function(input, args) {
+        const otpObj = otp({
+            name: args[0],
+            keySize: args[1],
+            codeLength: args[2],
+            secret: Base64.runTo32(input, []),
+        });
+        const counter = args[3];
+        return `URI: ${otpObj.hotpURL}\n\nPassword: ${otpObj.hotp(counter)}`;
+    },
+
+};
+
+export default OTP;