decoy logodecoy
2FA for AI agents

how can ai agents handle 2FA?

An agent may have the right password and still fail when a website sends an email code, asks for a TOTP or starts a passkey ceremony. Each method needs a different security boundary.

email codes should not require the whole inbox

Connecting Gmail can expose years of unrelated messages, password resets and personal history. A service-specific inbox narrows the data available to the agent and makes it clear which account the code belongs to.

Decoy can create a separate address for a service, receive its messages and release approved message content to the agent. The agent can retrieve the code without receiving access to the user’s primary mailbox.

TOTP should release a code, not the seed

A TOTP seed is a reusable secret. Once copied, it can generate future codes. The safer interface generates the current short-lived code and returns only that result.

Decoy stores the TOTP material with the account and can release a current code within approved access. The agent does not need the reusable seed.

passkeys are signed, not revealed

A passkey login begins with a challenge from the website. The user’s device signs that challenge and returns an assertion. The private key should never be exported to the agent.

Decoy keeps the passkey private key on the phone and requires the phone for every assertion. This prevents the agent from copying a reusable passkey secret.

denials and timeouts are part of the API

An authenticated workflow should not fail silently when the user denies access or the phone is unavailable. The agent needs a clear response so it can pause, explain what it needs or take another path.

common questions

does an agent need access to Gmail for email 2FA?

No. A service-specific Decoy inbox can receive the code without exposing the user’s primary Gmail account.

does the agent receive the TOTP seed?

No. It receives a current TOTP code within the access the user approved.

can a passkey work while the phone is offline?

No. Decoy requires the phone to sign every passkey challenge because the private key remains on that device.

give your agent the info it needs. not your user’s whole life story.

Decoy provides user-approved passwords, email codes, passkeys and personal details through one MCP server or API.