How are my codes encrypted?

Your codes are encrypted using AES-256-GCM via the browser Web Crypto API with a key derived from your vault password using PBKDF2 with 100,000 iterations. The encryption happens entirely in your browser — nothing is sent to any server.

Where are the encrypted codes stored?

Encrypted codes are stored in your browser localStorage. They remain on your device only. Clearing your browser data will delete the vault, so always keep a separate backup.

What if I forget my vault password?

There is no password recovery. If you forget your vault password, the encrypted data cannot be decrypted. This is by design — your vault password is the only key. Keep it in your password manager.

Recovery Code Vault

Store your 2FA backup codes encrypted with AES-256. Client-side only — your codes never leave your browser.

How it works: Your codes are encrypted in your browser using AES-256-GCM and stored in localStorage. No server, no account, no sync. Your vault password is the only key — store it in your password manager.

Why Store Backup Codes?

Backup codes are your safety net when you lose access to your authenticator app. Every service that offers 2FA provides backup codes at setup — but most people never save them, and many have been locked out of accounts permanently as a result.

This vault gives you a dedicated, encrypted place to store backup codes. Unlike a plain notes app or a text file, your codes here are encrypted — even if someone accesses your device, they cannot read your backup codes without your vault password.