When I’m working on authentication features, testing MFA almost always breaks flow.
Unlock phone. Open authenticator. Scroll through test accounts. Race the 30-second timer.
It’s not hard — just repetitive and a waste of time.
I ended up building a small web-based TOTP tool that I keep open in a browser tab while working. It’s intentionally scoped for testing MFA flows only — not production or real accounts. When I’m done, I can bulk delete everything and move on.
I’m curious how other people handle MFA during development. Do you test it end-to-end, disable it locally, or have internal tooling for this?
Would love to hear what’s worked (or not) for you.
Note: This tool is meant for development and testing workflows only. Please don’t use it to help Grandma when she calls asking for her TOTP codes.
If you’re curious, the tool is here: totplab.com
Top comments (0)