2FAA.app

MCP Server for 2FA

Let AI agents generate and verify TOTP 2FA codes via the Model Context Protocol. Install with one command, works with Claude Code, Claude Desktop, Cursor, and any MCP-compatible client.

Quick Start

Install from npm — no build step needed:

npx -y 2faa-mcp

Requires Node.js 18+. Published as 2faa-mcp on npm.

Configuration

Claude Code

Add to your project .mcp.json:

{
  "mcpServers": {
    "2faa": {
      "command": "npx",
      "args": ["-y", "2faa-mcp"]
    }
  }
}

Claude Desktop

Add to claude_desktop_config.json:

{
  "mcpServers": {
    "2faa": {
      "command": "npx",
      "args": ["-y", "2faa-mcp"]
    }
  }
}

Cursor / Other MCP Clients

Same configuration format — add the server entry to your client's MCP settings file.

Available Tools

generate_totp

Generate a TOTP 2FA code from a secret key. Returns current code, next code, and seconds remaining.

Parameters:

  • secret (required) — Base32 key or otpauth:// URI
  • digits — Number of digits (default: 6)
  • period — Time period in seconds (default: 30)
  • algorithm — SHA1, SHA256, or SHA512 (default: SHA1)

verify_totp

Verify if a TOTP code is valid for a given secret. Checks current and adjacent time windows.

Parameters:

  • secret (required) — Base32 key or otpauth:// URI
  • code (required) — TOTP code to verify
  • window — Time windows to check (default: 1)

Example Usage

Once configured, ask your AI agent:

"Generate a TOTP code for secret JBSWY3DPEHPK3PXP"
"Verify code 123456 against my GitHub 2FA secret"
"Generate a 2FA code from this otpauth URI: otpauth://totp/GitHub:user?secret=ABCDEF..."

What is MCP?

The Model Context Protocol (MCP) is an open standard that lets AI assistants connect to external tools and data sources. MCP servers provide tools that AI agents can call — like generating 2FA codes, querying databases, or interacting with APIs. This server gives any MCP-compatible AI agent the ability to handle TOTP two-factor authentication.

Why use an MCP server for 2FA?

When working with AI coding agents like Claude Code, you may need to authenticate with services that require 2FA. Instead of switching to an authenticator app, copying the code, and pasting it back, the AI agent can generate the code directly — keeping you in flow.

Is it secure?

The MCP server runs locally on your machine as a subprocess. Your secret keys are passed directly to the tool at invocation time — they are not stored, logged, or transmitted anywhere. The server communicates only via stdio with the MCP client.