Yes, Kratos supports issuing one-time codes for two-factor authentication (2FA) through Time-based One-Time Passwords (TOTP). To enable TOTP in your self-hosted Kratos instance, you need to add the

totp

method to the

selfservice/methods

section in the configuration file and specify the issuer. Here's how you can configure it based on the information provided:

yaml selfservice:    methods:     totp:      config:       # The "issuer" is the name in the TOTP application users see when getting a one-time password.       issuer: Kratos       enabled: true

This configuration enables TOTP in Kratos, and you specify "Kratos" as the issuer name that users will see in their TOTP application when generating a one-time password. For more detailed instructions on enabling TOTP authentication, you can refer to the [Enabling TOTP authentication](https://www.ory.sh/docs/kratos/mfa/totp#enabling-totp-authentication) section.

Ory Kratos can generate Time-based One-Time Passwords (TOTP) for you, so you don't need an external OTP provider. Users can generate these passwords with companion apps such as Google Authenticator or FreeOTP and enter them when asked to provide their second authentication factor. When TOTP is enabled, users can pair a TOTP app to their account. When attempting to perform actions while having 2FA enabled, users are asked to enter the short code in the Ory Identities UI. This proves that they have access to their chosen second factor. For more information, you can refer to the [Time-based one-time passwords (TOTP)](https://www.ory.sh/docs/kratos/mfa/totp) section in the Ory documentation.