I hate the feeling that I am just sitting there and chilling in front of my desktop, and then outlook force me to enable authentication and tell me to get my phone to download the app. So I coded this: A sleek, modern TOTP (Time-based One-Time Password) management web-application, built with Next.js and Supabase.
Demo: https://fuck-2fa.pages.dev/
Demo is hosted on Cloudflare Pages and my free-plan Supabase, all the credentials and secrets are encrypted. If you don't wanna self-host just feel free to use it! But I am not responsible if there is any leakage or loss :/
- Next.js 15 - React framework with App Router
- Tailwind CSS - Utility-first CSS framework
- shadcn/ui - Modern component library
- Open Sans - Clean, readable typography
- Supabase - Authentication, database, and Edge Functions
- PostgreSQL - Robust data storage with RLS
- Edge Functions - Serverless TOTP generation (replaced Cloudflare Workers)
- JWT Authentication - Secure user sessions
- Row Level Security - Database-level access control
- Encrypted Secrets - TOTP secrets stored securely
- HTTPS Only - All communications encrypted
- CORS Protection - Proper cross-origin configuration
- Node.js 20+ - Download here
- npm or yarn - Package manager
- Supabase account - Sign up at supabase.com
- Supabase CLI - Install guide
git clone https://github.com/your-username/fuck-2fa.git
cd fuck-2fa- Go to supabase.com and create a new project
- Note down your project URL and anon key
- Wait for project initialization (2-3 minutes)
# Copy the schema.sql content and run in Supabase SQL Editor
# Or run via CLI (requires local Supabase setup)
supabase db reset# Install and configure Supabase CLI
npm install -g supabase
supabase login
# Link to your project
supabase link --project-ref your-project-ref
# Deploy Edge Functions
supabase functions deploy generate-totp
supabase functions deploy shared-totpSee detailed deployment guide: SUPABASE_EDGE_FUNCTIONS.md
See Frontend README
# Supabase Configuration
NEXT_PUBLIC_SUPABASE_URL=https://your-project-ref.supabase.co
NEXT_PUBLIC_SUPABASE_ANON_KEY=your-anon-key
# Optional: Analytics and Monitoring
NEXT_PUBLIC_GA_ID=your-google-analytics-id
NEXT_PUBLIC_SENTRY_DSN=your-sentry-dsn- Enable Row Level Security (RLS) on all tables
- Configure email templates for magic links
- Set up custom domains (optional)
- Configure CORS settings for your domain
- Email Magic Links - Passwordless login via Supabase Auth
- Persistent Sessions - Automatic session restoration
- Protected Routes - Authentication-based access control
- Secure Logout - Clean session termination
- Add Secrets - Support for custom algorithms, digits, and periods
- Real-time Codes - Auto-refreshing TOTP codes with countdown
- Share Links - Temporary public access (24-hour expiry)
- Bulk Operations - Manage multiple TOTP secrets efficiently
- Search & Filter - Quickly find specific TOTP entries
- Dark Theme - Sophisticated black color scheme
- Glassmorphism - Translucent cards with backdrop blur
- Smooth Animations - Button glows, hover effects, progress bars
- Responsive Layout - Optimized for desktop, tablet, and mobile
- Accessibility - WCAG 2.1 compliant interface
GET /functions/v1/generate-totp?secret_id=xxx
Authorization: Bearer <jwt_token>
Response:
{
"code": "123456",
"label": "Gmail Account",
"expires_in": 25
}
GET /functions/v1/shared-totp?share_token=abc123
Response:
{
"code": "654321",
"label": "Shared Service",
"expires_in": 18,
"issuer": "Example Corp"
}
id- UUID primary keyuser_id- Foreign key to auth.userslabel- Display name for the secretissuer- Optional issuer namesecret- Base32 encoded TOTP secretalgorithm- Hash algorithm (SHA1, SHA256, SHA512)digits- Code length (6-8)period- Refresh interval in secondscreated_at- Timestampupdated_at- Timestamp
id- UUID primary keysecret_id- Foreign key to totp_secretsshare_token- Public access tokenexpires_at- Optional expiration timestampcreated_at- Timestamp
fuck-2fa/
βββ frontend/fuck-2fa/ # Next.js Application
β βββ src/
β β βββ app/ # App Router pages
β β βββ components/ # React components
β β β βββ ui/ # shadcn/ui base components
β β β βββ auth/ # Authentication components
β β β βββ dashboard/ # Dashboard components
β β β βββ totp/ # TOTP-related components
β β βββ contexts/ # React Context providers
β β βββ lib/ # Utilities and configurations
βββ supabase/
β βββ functions/ # Edge Functions
β β βββ generate-totp/ # User TOTP generation
β β βββ shared-totp/ # Shared TOTP access
β βββ schema.sql # Database schema
βββ docs/ # Additional documentation
β βββ DEVELOPMENT.md # Development and testing guide
β βββ SECURITY.md # Security implementation details
β βββ TROUBLESHOOTING.md # Common issues and solutions
β βββ PERFORMANCE.md # Performance optimization guide
βββ SUPABASE_EDGE_FUNCTIONS.md # Deployment guide
βββ README.md # This file
We welcome contributions! Here's how to get started:
- Fork the repository
- Create a feature branch:
git checkout -b feature/your-feature-name - Make your changes and test thoroughly
- Submit a pull request
MIT License - feel free to use this project for personal or commercial purposes.
See LICENSE file for details.
π Fuck 2FA - Making two-factor authentication management beautiful and effortless.
Built with β€οΈ using Next.js and Supabase