diff --git a/authorization.proto b/authorization.proto
index 96bdbf6..551ba74 100644
--- a/authorization.proto
+++ b/authorization.proto
@@ -25,4 +25,12 @@ service AuthorizationService {
   rpc UserUpdateBankInfo(UserUpdateBankInfoReq) returns (base.StatusRes) {}
 
   rpc GetUser(GetUserReq) returns (User) {}
+
+  // Two Factor Authentication
+  // For now it's only SMS-OTP - later will be Email-OTP or other methods can be added
+  // For HMAC-OTP there won't be a need to call this api
+  rpc SendTFAReq(TFAReq) returns (base.StatusRes) {}
+  // For HMAC-OTP an initialization step must be added to exchange keys
+  rpc InitTFAReq(InternalIAM) returns (TFAExRes) {}
+  rpc CheckTFACode(CheckTFAReq) returns (base.StatusRes) {}
 }
diff --git a/authorization_message.proto b/authorization_message.proto
index 1ee1d15..4f4e273 100644
--- a/authorization_message.proto
+++ b/authorization_message.proto
@@ -75,13 +75,14 @@ message CheckIAMReq {
 message InternalIAM {
   User user = 1;
   IdentityBasic identity = 2;
-  repeated Company company = 3;
+  repeated Company company = 3; 
 }
 message IdReqWithIAM {
   int64 id = 1;
   InternalIAM iam = 2;
 }
 
+
 /*
    User
 */
@@ -177,3 +178,29 @@ message BankInfo {
   string updated_at = 6;
   string created_at = 7;
 }
+
+/* Two Factor Authentication */
+message IdReqWithIAMAndTFA {
+  int64 id = 1;
+  InternalIAM iam = 2;
+  string tfa_code = 3;
+}
+message TFAReq {
+  InternalIAM iam = 1;
+  optional string mobile = 2;
+  optional string email = 3;
+  optional string reason = 4; // issued jwt reason -> can be login, redeem, withdrawal
+}
+
+// Two Factor Authentication Exchange Response
+message TFAExRes {
+  InternalIAM iam = 1;
+  string secret = 2;
+  string qrcode_base64 = 3;
+}
+message CheckTFAReq {
+  InternalIAM iam = 1;
+  string code = 2;
+  optional string algorithm = 3;
+  optional string reason = 4; // Can be later used as a lookup
+}