diff --git a/totp/totp.go b/totp/totp.go
index dff9ad5..60532d6 100644
--- a/totp/totp.go
+++ b/totp/totp.go
@@ -136,7 +136,7 @@ type GenerateOpts struct {
 	AccountName string
 	// Number of seconds a TOTP hash is valid for. Defaults to 30 seconds.
 	Period uint
-	// Size in size of the generated Secret. Defaults to 10 bytes.
+	// Size in size of the generated Secret. Defaults to 20 bytes.
 	SecretSize uint
 	// Digits to request. Defaults to 6.
 	Digits otp.Digits
@@ -160,7 +160,7 @@ func Generate(opts GenerateOpts) (*otp.Key, error) {
 	}
 
 	if opts.SecretSize == 0 {
-		opts.SecretSize = 10
+		opts.SecretSize = 20
 	}
 
 	if opts.Digits == 0 {
diff --git a/totp/totp_test.go b/totp/totp_test.go
index ce58883..3355f59 100644
--- a/totp/totp_test.go
+++ b/totp/totp_test.go
@@ -126,7 +126,7 @@ func TestGenerate(t *testing.T) {
 	require.NoError(t, err, "generate basic TOTP")
 	require.Equal(t, "SnakeOil", k.Issuer(), "Extracting Issuer")
 	require.Equal(t, "alice@example.com", k.AccountName(), "Extracting Account Name")
-	require.Equal(t, 16, len(k.Secret()), "Secret is 16 bytes long as base32.")
+	require.Equal(t, 32, len(k.Secret()), "Secret is 32 bytes long as base32.")
 
 	k, err = Generate(GenerateOpts{
 		Issuer:      "SnakeOil",