diff --git a/app/controllers/two_factor_authentication/totp_verification_controller.rb b/app/controllers/two_factor_authentication/totp_verification_controller.rb
index 60fe755c1c8..d13dfc4fec0 100644
--- a/app/controllers/two_factor_authentication/totp_verification_controller.rb
+++ b/app/controllers/two_factor_authentication/totp_verification_controller.rb
@@ -6,6 +6,8 @@ class TotpVerificationController < ApplicationController
 
     def show
       @presenter = presenter_for_two_factor_authentication_method
+      return unless FeatureManagement.prefill_otp_codes?
+      @code = ROTP::TOTP.new(current_user.otp_secret_key).now
     end
 
     def create
diff --git a/app/views/two_factor_authentication/totp_verification/show.html.slim b/app/views/two_factor_authentication/totp_verification/show.html.slim
index 57c41fa030e..4acee106973 100644
--- a/app/views/two_factor_authentication/totp_verification/show.html.slim
+++ b/app/views/two_factor_authentication/totp_verification/show.html.slim
@@ -7,7 +7,7 @@ h1.h3.my0 = @presenter.header
   = label_tag 'code', t('simple_form.required.html') + t('forms.two_factor.code'),
     class: 'block bold'
   .col-12.sm-col-5.mb4.sm-mb0.sm-mr-20p.inline-block
-    = text_field_tag :code, '', required: true, autofocus: true,
+    = text_field_tag :code, '', value: @code, required: true, autofocus: true,
       pattern: '[0-9]*', class: 'col-12 field monospace mfa', type: 'tel',
       'aria-describedby': 'code-instructs', maxlength: Devise.otp_length, autocomplete: 'off'
   = submit_tag 'Submit', class: 'btn btn-primary align-top'
diff --git a/lib/tasks/dev.rake b/lib/tasks/dev.rake
index 82873dce3bc..a1c212a71f2 100644
--- a/lib/tasks/dev.rake
+++ b/lib/tasks/dev.rake
@@ -9,6 +9,11 @@ namespace :dev do
       end
     end
 
+    ee = EncryptedAttribute.new_from_decrypted('totp@test.com')
+    User.find_or_create_by!(email_fingerprint: ee.fingerprint) do |user|
+      setup_totp_user(user, ee: ee, pw: pw)
+    end
+
     loa3_user = User.find_by(email_fingerprint: fingerprint('test2@test.com'))
     profile = Profile.new(user: loa3_user)
     pii = Pii::Attributes.new_from_hash(
@@ -89,6 +94,14 @@ namespace :dev do
     Event.create(user_id: user.id, event_type: :account_created)
   end
 
+  def setup_totp_user(user, args)
+    user.encrypted_email = args[:ee].encrypted
+    user.skip_confirmation!
+    user.reset_password(args[:pw], args[:pw])
+    user.otp_secret_key = ROTP::Base32.random_base32
+    Event.create(user_id: user.id, event_type: :account_created)
+  end
+
   def fingerprint(email)
     Pii::Fingerprinter.fingerprint(email)
   end
diff --git a/spec/factories/users.rb b/spec/factories/users.rb
index 10a64ff94f1..0bc4c575dbd 100644
--- a/spec/factories/users.rb
+++ b/spec/factories/users.rb
@@ -43,7 +43,7 @@
 
     trait :with_authentication_app do
       with_personal_key
-      otp_secret_key 'abc123'
+      otp_secret_key ROTP::Base32.random_base32
     end
 
     trait :admin do
diff --git a/spec/lib/tasks/dev_rake_spec.rb b/spec/lib/tasks/dev_rake_spec.rb
index 8b3078bfb56..5c40b182417 100644
--- a/spec/lib/tasks/dev_rake_spec.rb
+++ b/spec/lib/tasks/dev_rake_spec.rb
@@ -12,7 +12,7 @@
     it 'runs successfully' do
       Rake::Task['dev:prime'].invoke
 
-      expect(User.count).to eq 2
+      expect(User.count).to eq 3
     end
   end