2FAA.app

Claude 2FA (via MCP)

When you're working with Claude Code or Claude Desktop on a task that needs a 2FA code (logging into a service, running an automation, writing an end-to-end test), context-switching to your phone breaks flow. The 2faa-mcp server gives Claude the ability to generate and verify TOTP codes on its own.

Important:giving an AI agent your 2FA secret means the agent can sign in as you on that service. Only use this for accounts you're willing to delegate access to (e.g. test accounts, your own GitHub for automated PRs). Don't give the MCP server your bank or PayPal secret.

Install the MCP server

npx -y 2faa-mcp

The package runs as an MCP server over stdio. No build step. Source is open on npm.

Configure Claude Code

Add to your project's .mcp.json (or run claude mcp add):

{
  "mcpServers": {
    "2faa": {
      "command": "npx",
      "args": ["-y", "2faa-mcp"]
    }
  }
}

Configure Claude Desktop

Edit claude_desktop_config.json — same shape:

{
  "mcpServers": {
    "2faa": {
      "command": "npx",
      "args": ["-y", "2faa-mcp"]
    }
  }
}

Restart Claude Desktop after editing. The new tools generate_totp and verify_totpwill appear under the "Search and tools" menu.

Example prompts that work

Generate a TOTP code for my GitHub test account. The Base32 secret is JBSWY3DPEHPK3PXP.

→ Claude calls generate_totp and returns the current 6-digit code plus seconds remaining.

I'm running a Playwright E2E test that logs into our app. When the 2FA prompt comes up, generate a code from this secret: ...

→ Useful pattern for keeping automated tests passing without hardcoding TOTP secrets in CI.

Verify if code 482931 is valid for secret JBSWY3DPEHPK3PXP.

→ Calls verify_totp, checks current ± adjacent windows.

Use cases that pay off

  • End-to-end tests:Claude generates fresh codes for test accounts so your auth flow tests don't skip 2FA.
  • Bulk service signups: when registering many accounts on the same TOTP-protected service.
  • Build pipelines: if you let Claude Code interact with a service (e.g. publish a release on a 2FA-protected registry), the MCP server can supply the code mid-task.

Prefer not to give Claude a secret?

Keep the secrets in your browser using 2FAA's web authenticator — paste the current 6-digit code into Claude only when needed. You stay in control of when codes are generated, at the cost of one copy-paste round-trip.

Open 2FAA webFull MCP docs