Authenticator App
OfficialProvides AI agents secure access to 2FA codes and passwords from the Authenticator App, enabling automated login assistance without manual code entry.
Provides secure access to two-factor authentication codes and passwords stored in the Authenticator App, enabling seamless login assistance across multiple services without manual code entry.
What it does
- Retrieve 2FA authentication codes
- Access stored passwords securely
- Automate login processes for websites
- Bridge AI assistants with authentication systems
Best for
About Authenticator App
Authenticator App is an official MCP server published by firstorderai that provides AI assistants with tools and capabilities via the Model Context Protocol. Securely access two-factor authentication codes and passwords with this advanced password manager for seamless login ass It is categorized under auth security.
How to install
You can install Authenticator App in your AI client of choice. Use the install panel on this page to get one-click setup for Cursor, Claude Desktop, VS Code, and other MCP-compatible clients. This server runs locally on your machine via the stdio transport.
License
Authenticator App is released under the MIT license. This is a permissive open-source license, meaning you can freely use, modify, and distribute the software.
A secure MCP (Model Context Protocol) server that enables AI agents to interact with the Authenticator App. It provides seamless access to 2FA codes and passwords, allowing AI agents to assist with automated login processes while maintaining security. This tool bridges the gap between AI assistants and secure authentication, making it easier to manage your credentials across different platforms and websites.
How it works
- Open your AI agent's integrated chat interface (such as Cursor's agent mode).
- Ask AI agent to retrieve your 2FA code or password for your desired website and account.
- AI agent will securely fetch these credentials, then can utilize them to automate your login process.
This MCP server is specifically designed for use with Authenticator App Β· 2FA.
Getting Started
Many AI clients use a configuration file to manage MCP servers.
The authenticator-mcp tool can be configured by adding the following to your configuration file.
NOTE: You will need to create a Authenticator App access token to use this server. Instructions on how to create a Authenticator App access token can be found here.
MacOS / Linux
{
"mcpServers": {
"Authenticator App MCP": {
"command": "npx",
"args": ["-y", "authenticator-mcp", "--access-token=YOUR-KEY"]
}
}
}
Windows
{
"mcpServers": {
"Authenticator App MCP": {
"command": "cmd",
"args": ["/c", "npx", "-y", "authenticator-mcp", "--access-token=YOUR-KEY"]
}
}
}
Or you can set AUTHENTICATOR_ACCESS_TOKEN in the env field.
Install Authenticator App Β· 2FA Desktop version
Creating an Access Token
- Launch the desktop version of
Authenticator App Β· 2FA. - Navigate to
Settingsand locate theMCP Serversection. - Enable the MCP Server by toggling it
ON, then proceed to generate your access token.
Please note that the access token will only be displayed once. Be sure to copy it immediately and add it to your MCP client configuration.
More information
Firstorder.AI
Alternatives
Related Skills
Browse all skillsThis skill should be used when the user requests to generate, create, or add Row-Level Security (RLS) policies for Supabase databases in multi-tenant or role-based applications. It generates comprehensive RLS policies using auth.uid(), auth.jwt() claims, and role-based access patterns. Trigger terms include RLS, row level security, supabase security, generate policies, auth policies, multi-tenant security, role-based access, database security policies, supabase permissions, tenant isolation.
Send and draft professional emails with seasonal HTML formatting, authentic writing style, contact lookup via Google Contacts, security-first approach, and Google Gmail API via Ruby CLI. This skill should be used for ALL email operations (mandatory per RULES.md).
This skill should be used when the user asks to "test for broken authentication vulnerabilities", "assess session management security", "perform credential stuffing tests", "evaluate password policies", "test for session fixation", or "identify authentication bypass flaws". It provides comprehensive techniques for identifying authentication and session management weaknesses in web applications.
Detects fail-open insecure defaults (hardcoded secrets, weak auth, permissive security) that allow apps to run insecurely in production. Use when auditing security, reviewing config management, or analyzing environment variable handling.
Implement security best practices with Clerk authentication. Use when securing your application, reviewing auth implementation, or hardening Clerk configuration. Trigger with phrases like "clerk security", "secure clerk", "clerk best practices", "clerk hardening".
Guidance for bypassing HTML/JavaScript sanitization filters in security testing contexts. This skill should be used when tasked with finding XSS filter bypasses, testing HTML sanitizers, or exploiting parser differentials between server-side filters and browsers. Applies to CTF challenges, authorized penetration testing, and security research involving HTML injection and JavaScript execution through sanitization bypasses.