Skip to content

Encrypted accounts

This browser holds passphrase-encrypted 2FA accounts. Enter your passphrase to unlock them. Nothing is sent anywhere - decryption happens locally.

RFC 6238 · TOTP · QR

AuthenticatorSetup

Provision your own two-factor authentication, entirely in your browser. Generate a TOTP secret, scan the real QR code into Google Authenticator, Authy, or any RFC 6238 app, and confirm the live code matches. The QR is drawn by our from-scratch QR encoder - the pure-C# OnlyCSharp.ComputerGraphics.Barcode transliterated to JavaScript - and codes tick via the same OcTotp/OcHotp algorithm. No libraries, no servers.

Zero-server, zero-knowledge. Your secrets are generated with crypto.getRandomValues and never leave this device - there is no network request, no upload, nothing for us to see. Saved accounts live only in this browser's localStorage (optionally passphrase-encrypted below).
  1. Open your authenticator app and choose Scan a QR code.
  2. Point it at the code on the left.
  3. Check the 6-digit code your app shows matches the live one below.
30
••• •••
Secret (base32) - manual entry fallback
otpauth:// URI (what the QR encodes)

My accounts - stored only in this browser

Encryption at rest - optional

Not encrypted

When enabled, your accounts are encrypted with AES-256-GCM using a key derived from your passphrase via PBKDF2 (200k iterations, SHA-256) before being written to localStorage. The passphrase is never stored; if you forget it the data is unrecoverable.