Everything Google Authenticator does — plus a design system that did not give up, documentation you can read, and source code you can audit.
QR & manual setup
Paste otpauth:// URIs or type a Base32 secret. No camera required.
Chunky countdown
Bold timer bar — you see exactly when the code rotates.
One-click copy
Big button. Satisfying click. Clipboard done.
Installable PWA
Pin to home screen. Feels native, stays web.
Four themes
Zine, Ink, Voltage, Bubble — all neo-brutalist, all loud.
Self-hostable
Vercel + Supabase in minutes. AGPL licensed.
Deep dives
TOTP that actually works
LibreAuth implements RFC 6238 using the Web Crypto API. Codes generate locally — your secret never leaves the browser during computation. Six digits, thirty-second window, SHA-1 — the standard every major service expects.
- GitHub, Google, AWS, Discord compatible
- Manual Base32 entry fallback
- otpauth:// URI parser built in
Sync without surrender
Optional Supabase backup stores your account labels and secrets under row-level security. Only your authenticated user ID can read or write your rows. No shared tables, no admin backdoor.
- RLS on every query
- HTTP-only session cookies
- Self-host your own Supabase project
Design you can feel
Neo-brutalism is not decoration — it is clarity. Hard edges mean obvious click targets. High contrast means readable codes. Four themes mean your vault matches your mood.
- Zine, Ink, Voltage, Bubble themes
- IBM Plex Mono for codes
- PWA install on mobile
Feature FAQ
Does it support 8-digit codes?
Can I import from Google Authenticator?
Offline mode?
Ready to lock it down?
Free account. No credit card. Codes in under a minute.