Opty - 2FA Authenticator

Every mainstream authenticator app wants your data in their cloud. Google Authenticator added cloud sync. Microsoft Authenticator requires a Microsoft account. Authy won't even let you use it without a phone number. I wanted a 2FA app that does exactly one thing — generate TOTP codes — and does it entirely on-device, with zero network access.

The Approach

I vibe-coded the entire app in a week using Flutter. No backend, no cloud sync, no analytics, no network permissions — the app literally cannot talk to the internet. TOTP generation follows RFC 6238 strictly, computing codes locally from the shared secret and current timestamp. All secrets are stored in encrypted local storage, so even if someone gets physical access to the device, the raw keys aren't sitting in plaintext.

The UI is deliberately minimal — open the app, see your codes, copy with a tap. No onboarding flow, no account creation, no upsells. Add a token via QR scan or manual entry, and you're done.

Why It Matters

By removing every external dependency, the attack surface shrinks to essentially zero. No server to breach, no sync protocol to exploit, no third-party SDK phoning home. It's the kind of app I wanted to exist as a user, so I built it.

Shipped to both the App Store and Google Play. Still actively maintained with patches.