Tap-to-approve two-factor auth in three lines of code.
Give your users phishing-resistant, push-based 2FA with biometric unlock — and give your developers a clean SDK for Go, Node, and Python.
The U2 Secured Authenticator supports the standard RFC 6238 TOTP flow plus a modern push approval flow: your user taps Approve on their phone instead of typing a code.
Integrate with a single client and a few methods. Generate secrets, render QR codes, verify codes, and request push approvals — you choose the flow per request.
What you get
Tap-to-approve
Passwordless push approvals with biometric unlock — no codes to type.
Phishing-resistant
Approvals are bound to the requesting context, not a shared 6-digit code.
Developer SDK
Clean clients for Go, Node, and Python. Wire up 2FA in three lines.
Webhooks
Get notified the moment a user approves or denies a sign-in.
Standard TOTP
RFC 6238 6-digit codes work with any authenticator app, too.
Fast verification
A ±90s window keeps verification reliable across clock drift.
Security model
- Zero-knowledge backup of authenticator secrets
- Biometric unlock on device
- Scoped API keys, hashed at rest
Questions before you start?
Our support team is happy to help you evaluate Authenticator.