The Problem
It is a familiar problem in a lot of teams. A shared account is protected by 2FA, but the only person with the authenticator app is off work, unavailable, or gone entirely. Suddenly access to something important depends on one phone and a lot of luck.
This came from a real working problem, not a made-up SaaS idea. The usual fixes, sharing QR codes, forwarding backup codes, or hoping the right person would always be around, were messy, fragile and not something you would ever describe as secure.
The Solution
Orthy.io gives teams a safer way to share access to TOTP codes. Add a secret once, control who can use it, and authorised team members can generate valid codes from the web dashboard or the mobile app without falling back to insecure shortcuts.
Security had to be built in from the start, so the platform was shaped around three core principles:
AES-256 Encryption— All TOTP secrets are encrypted at rest using industry-standard AES-256 with a rotating key architecture.
Zero-Trust Architecture— Access is strictly limited to authorised team members. Internal staff cannot access decrypted secrets.
Blind Indexing— Database queries use blind indexing, meaning even a compromised database wouldn't expose usable data.
Technical Challenges
Offline-First Mobile App
The biggest technical challenge was ensuring the React Native mobile app could generate valid TOTP codes while completely offline. This is critical — you can't have an authenticator app that fails when you're in a basement server room with no signal.
The hardest technical problem was making sure the React Native app could generate valid TOTP codes while completely offline. That matters more than it sounds, because an authenticator app is no use if it stops working the moment you lose signal.
The answer was to sync encrypted secrets to the device, store them securely, and generate the codes entirely on the client. No call back to the server, no unnecessary dependency, just the code you need when you need it.
Building the mobile app with React Native and Expo was a significant learning experience. Coming from a Laravel/PHP background, TypeScript and the React Native ecosystem presented a steep curve — but the result is a native-feeling app on both iOS and Android from a single codebase.
Building the mobile app with React Native and Expo pushed me well outside my usual Laravel and PHP comfort zone. There was a learning curve, especially around TypeScript and the wider React Native ecosystem, but it made it possible to ship a polished app on both iOS and Android from one codebase.
I built the entire platform solo — backend, frontend, infrastructure, and mobile apps:
Backend— Laravel API with Statamic for the marketing site
Frontend— Alpine.js and Tailwind CSS for the web dashboard
Mobile— React Native with Expo and TypeScript for iOS and Android
Infrastructure— Full deployment pipeline and hosting infrastructure
Timeline
From first idea to launch, the MVP took three months, including the web dashboard, API and mobile apps for both platforms.