multifactor your authentication

a small, reliable multifactor authentication service that runs on a raspberry pi and shares its code with the public.

welcome to tinymfa

what it is

tinymfa is a time based one time pad solution that is nowadays used for multifactor authentication. tinymfa is written in go and implements RFC 6238. It runs on all the prominent platforms and is fine with a raspberry pi!

how it works

Setting up tinymfa is easy. Here are our 6 steps towards your multifactor authentication.


On the very first start of tinymfa, it connects to a postgres database and creates the table structure. Then, it generates a 256bit master key that is used to encrypt the issuer keys.

Create an issuer

For each service that you want to secure, you create an issuer (think of it as a domain).

Each issuer gets a unique 256bit key assigned. This key is encrypted with the master key.

Create users

Each issuer can have multiple users. For each user, a unique key is generated and encrypted with the issuer key.

Hand out QRCodes

Let your users scan a QRCode with their favourite Authenticator app. We generate that for you!

tinymfa is supported by all Authenticator Apps that implement RFC 6238

Integrate your Apps

One http call gets you a boolean true if the token was validated or a boolean false if the token could not be validated.

It doesn't get much easier than that!


Your multifactor authentication is ready to go! Have fun!

try it out!

Want to see how it works? Sure, take your mobile phone and follow these three steps to test tinymfa.

Download Authenticator

Download an Authenticator App.

There are several out there, but why don't you try the Google Authenticator?

Download for iOS

Download for Android

Scan QRCode

Enter a token

Enter the token that your Authenticator App generates into the form below and click submit.


Seen enough? Host it on your own network! Even a raspberry pi can handle it!