If you're looking to implement two-factor authentication (2FA) in your Go applications, the otp offers a high-performance, zero-dependency solution for generating and validating TOTP and HOTP one-time passwords, fully compliant with RFC 4226 and RFC 6238.

Binding nodejs is available here.

Key Features

  • Zero Dependencies – Fully self-contained, no third-party libraries.
  • High Performance – Optimized for speed and minimal memory usage.
  • Support for TOTP & HOTP – RFC-compliant implementation.
  • Custom Digits & Algorithms – Use 6, 8, or 10 digits with SHA1, SHA256, or SHA512.
  • Secure – Constant-time validation to prevent timing attacks.
  • Clock Skew Tolerance – Allows minor time drift in TOTP validation.
  • Authenticator App Compatible – Supports otpauth:// URL generation for Google Authenticator and others.
  • Secure Secret Generator – Cryptographically secure random base32 secrets.
  • Well Tested – Passes all RFC test vectors, includes fuzzing and benchmarks.

Installation 

go get -u github.com/Ja7ad/otp

Benchmarks

Compared to popular packages like pquerna/otp, this package:

Is ~2x faster

Uses 30–50% less memory

Has zero allocations in some core paths

Usage Example 

package main

import (
    "fmt"
    "github.com/Ja7ad/otp"
    "log"
    "time"
)

func main() {
    secret, err := otp.RandomSecret(otp.SHA1)
    if err != nil {
        log.Fatal(err)
    }

    t := time.Now()

    code, err := otp.GenerateTOTP(secret, t, otp.DefaultTOTPParam)
    if err != nil {
        log.Fatal(err)
    }
    fmt.Println("Generated TOTP code:", code)

    valid, err := otp.ValidateTOTP(secret, code, t, otp.DefaultTOTPParam)
    if err != nil {
        log.Fatal(err)
    }

    if valid {
        fmt.Println("The TOTP code is valid.")
    } else {
        fmt.Println("The TOTP code is invalid.")
    }

    url, err := otp.GenerateTOTPURL(otp.URLParam{
        Issuer:      "https://example.com",
        Secret:      secret,
        AccountName: "foobar",
        Period:      otp.DefaultTOTPParam.Period,
        Digits:      otp.DefaultTOTPParam.Digits,
        Algorithm:   otp.DefaultTOTPParam.Algorithm,
    })
    if err != nil {
        log.Fatal(err)
    }

    fmt.Println("TOTP URL:", url.String())
}

Conclusion

The otp package is a robust, fast, and easy-to-integrate solution for adding 2FA to your Go applications. Whether you're building a secure login flow or a developer tool, this package delivers production-grade OTP generation and validation without the bloat.