DEV Community

Cover image for πŸš€ otp package (high performance TOTP and HOTP generator)
Gopher profile image Javad Rajabzadeh
Javad Rajabzadeh for Gopher

Posted on

πŸš€ otp package (high performance TOTP and HOTP generator)

#go #javascript #otp #totp

If you're looking to implement two-factor authentication (2FA) in your Go applications, the otp offers a high-performance, zero-dependency solution for generating and validating TOTP and HOTP one-time passwords, fully compliant with RFC 4226 and RFC 6238.

Binding nodejs is available here.

Key Features

  • Zero Dependencies – Fully self-contained, no third-party libraries.
  • High Performance – Optimized for speed and minimal memory usage.
  • Support for TOTP & HOTP – RFC-compliant implementation.
  • Custom Digits & Algorithms – Use 6, 8, or 10 digits with SHA1, SHA256, or SHA512.
  • Secure – Constant-time validation to prevent timing attacks.
  • Clock Skew Tolerance – Allows minor time drift in TOTP validation.
  • Authenticator App Compatible – Supports otpauth:// URL generation for Google Authenticator and others.
  • Secure Secret Generator – Cryptographically secure random base32 secrets.
  • Well Tested – Passes all RFC test vectors, includes fuzzing and benchmarks.

Installation 

go get -u github.com/Ja7ad/otp
Enter fullscreen mode Exit fullscreen mode

Benchmarks

Compared to popular packages like pquerna/otp, this package:

Is ~2x faster

Uses 30–50% less memory

Has zero allocations in some core paths

Usage Example 

package main import ( "fmt" "github.com/Ja7ad/otp" "log" "time" ) func main() { secret, err := otp.RandomSecret(otp.SHA1) if err != nil { log.Fatal(err) } t := time.Now() code, err := otp.GenerateTOTP(secret, t, otp.DefaultTOTPParam) if err != nil { log.Fatal(err) } fmt.Println("Generated TOTP code:", code) valid, err := otp.ValidateTOTP(secret, code, t, otp.DefaultTOTPParam) if err != nil { log.Fatal(err) } if valid { fmt.Println("The TOTP code is valid.") } else { fmt.Println("The TOTP code is invalid.") } url, err := otp.GenerateTOTPURL(otp.URLParam{ Issuer: "https://example.com", Secret: secret, AccountName: "foobar", Period: otp.DefaultTOTPParam.Period, Digits: otp.DefaultTOTPParam.Digits, Algorithm: otp.DefaultTOTPParam.Algorithm, }) if err != nil { log.Fatal(err) } fmt.Println("TOTP URL:", url.String()) }
Enter fullscreen mode Exit fullscreen mode

Conclusion

The otp package is a robust, fast, and easy-to-integrate solution for adding 2FA to your Go applications. Whether you're building a secure login flow or a developer tool, this package delivers production-grade OTP generation and validation without the bloat.

Top comments (0)