Agent 2FA (TOTP)
Time-based one-time password generation that lets an AI agent complete two-factor authentication on services that require it — without borrowing a human's phone or authenticator app.
What is TOTP and why agents need it
TOTP (Time-based One-Time Password) is the standard behind Google Authenticator, Authy, and most second-factor flows that aren't SMS. The user scans a QR code once, the device stores a shared secret, and from then on it generates a fresh six-digit code every thirty seconds derived from that secret plus the current time.
AI agents need TOTP for the same reason humans do: most services that matter require it. Logging into a finance dashboard, an admin console, a CRM, or anything else with sensitive data triggers a 2FA challenge that an agent without a TOTP store cannot answer. The agent stalls, the workflow breaks, and the developer ends up either disabling 2FA on the target account (bad) or pasting their own auth codes into the agent (worse).
Why borrowing a human's authenticator breaks
The naive workaround is to have the agent prompt a human whenever a code is needed. This works for one agent doing one thing once a day. It does not work for an agent running unattended overnight, an agent serving a thousand customers, or any workflow where the human is the bottleneck the agent was built to remove.
The slightly less naive workaround — the agent reads the human's authenticator app over screen sharing, or the human SMSes codes — is worse. It puts the agent in possession of a credential it has no right to (the human's complete second factor) and removes the audit boundary between human and agent actions. When something goes wrong, you cannot tell which entity made the request.
How an agent TOTP store works
An agent TOTP store holds the shared secrets the agent needs, scoped to the agent's identity. When the agent enrolls a new service, it captures the QR code or otpauth URL once and saves it. Thereafter the agent calls a primitive like vault.totp(label) and gets back the current code, with a few seconds of validity remaining indicated so the agent knows whether to wait for the next window.
The secrets never leave the agent's vault and are never exposed to the human operator. Revoking the agent revokes the TOTP store along with everything else, so a compromised agent cannot be used to log into the second factor for the human's accounts.
How Loomal handles agent 2FA
Loomal's vault includes a TOTP store that any agent identity can read and write. The agent enrolls a service by storing its otpauth secret with a label; subsequent calls to vault.totp(label) return the current six-digit code. Secrets are AES-256 encrypted at rest and never returned in plaintext to the agent — only the derived code is.
Combined with mail (for email-delivered codes) and the credential vault (for the underlying password), the same identity can complete a full login flow on most services without any human in the loop. When 2FA delivery is via email link instead of TOTP, the agent reads the link from its own inbox using mail.list_messages and clicks through.
Loomal primitives
vault.totpvault.getvault.storeRelated terms
See it in production
More from the glossary
Agent Email
A routable email address that belongs to an AI agent — not a forwarding alias, not a shared team inbox, but a first-class mailbox the agent sends from and receives into on its own.
Agent-to-Agent Email
Using standard SMTP email as the transport between AI agents — one agent sends a message to another agent's mailbox, and the recipient reads and acts on it. The simplest interoperable A2A protocol that already exists.
Delegation Chain
A cryptographic record of who authorized an AI agent to act, what scopes were granted, and who any sub-agents inherit from. Severing the root revokes everything below it.
DKIM for Agents
DomainKeys Identified Mail signing applied to email sent by AI agents, so recipients can verify the message actually came from the agent's authorized domain — not a spoofed lookalike.
Build agents with their own identity.
Email, vault, and TOTP — provisioned in 30 seconds.
Get API Key — FreeLast updated: 2026-04-14