Enable TOTP, SMS, email, or passkey verification per user. QR codes generate, backup codes issue, and verification triggers when you need it.
Account security
Enable MFA for users with time-based one-time passwords, SMS codes, email verification, or phishing-resistant passkeys. Trigger verification on sensitive actions and provide backup codes for account recovery.
Capabilities
Generate QR codes for Google Authenticator, Authy, and other TOTP apps. Verify six-digit codes with time- window tolerance.
Send verification codes via SMS to registered phone numbers. Codes expire after configurable durations.
Send verification codes or magic links to user email addresses. Useful for passwordless authentication flows.
Enable phishing-resistant authentication with WebAuthn passkeys. Users authenticate with biometrics or hardware security keys, eliminating shared secrets entirely.
Generate one-time backup codes when MFA is enabled. Users can authenticate with backup codes if they lose access to their primary MFA method.
Trigger MFA verification at any point in your application. Protect sensitive actions like password changes, payment updates, or data exports.
Handle lost device scenarios with secure recovery options. Admins can reset MFA for users who lose access.
Allow users to remember devices and skip MFA for configurable periods. Revoke device trust instantly when needed.
Trigger MFA verification at any point in your application. Protect sensitive actions like password changes, payment updates, or data exports.
Handle lost device scenarios with secure recovery options. Admins can reset MFA for users who lose access.
Allow users to remember devices and skip MFA for configurable periods. Revoke device trust instantly when needed.
Code validity duration
TOTP, SMS, email, passkeys, backup codes
Code validation latency
Why it matters
A user registers a passkey with Face ID on their phone. Authentication happens through biometric verification that never leaves their device. No codes to intercept, no secrets to steal.
Enable TOTP-based MFA for a user in one API call. The response includes a QR code for scanning and backup codes for recovery. Verify codes on login without implementing TOTP verification.
A user sets up a passkey with Face ID for daily logins. When using a shared computer, they fall back to TOTP. Backup codes remain available if they lose access to their devices.
A user changes their password or accesses billing settings. Your app calls the MFA verification endpoint before allowing the action, adding protection exactly where it matters.
Built for Your Workflow
Enable TOTP for users with one API call. Conjoin generates secrets, creates QR codes for authenticator apps, and issues backup codes for recovery. Secrets store encrypted, and code verification handles time-window tolerance automatically.
Ship complete authenticator app support without managing TOTP secrets or building recovery flows.
Register and verify passkeys through simple API calls. Conjoin handles challenge generation, attestation verification, credential storage, and cryptographic validation for Face ID, Touch ID, and hardware keys.
Add phishing-resistant passkey authentication without implementing WebAuthn protocols.
Enable SMS verification codes through Conjoin Messaging Verifications. Phone numbers validate before enrollment, codes generate with configurable expiry, and delivery confirmation tracks message success across carriers. Rate limiting prevents abuse while allowing legitimate retry attempts.
Ship SMS-based MFA without carrier contracts, delivery infrastructure, or abuse monitoring.
Backup codes generate automatically when MFA enrolls. Each code hashes before storage, invalidates after single use, and can be regenerated through the API when users need fresh recovery options.
Provide account recovery for lost devices without building secure backup code infrastructure.
Trigger MFA verification before high-risk operations like password changes, billing updates, or admin actions. Your application calls the verification endpoint when needed, and Conjoin challenges the user through their configured MFA method.
Protect critical workflows with step-up authentication without disrupting everyday usage.
Start building with Conjoin today. Free tier includes everything you need to prototype and launch. Scale when you're ready.