2FAuth provides several security mechanisms to protect your sensitive 2FA data, at administrator or user level.
For the administrator
Sensitive data stored in the database (2FA secret & otpauth URI) can be encrypted to protect them against a database compromise.
Check theoption in the 2FAuth's Settings > Options section to enable encryption.
Encryption applies to all users data
It is strongly recommended to backup the
APP_KEY value defined in your .env file (or the whole file) when encryption is enabled.
There is no way to generate One-Time Password if you lose this key.
There is no workaround in case of key loss.
2FAuth can automatically log you out to keep your data always protected. The goal is to avoid a long life session that someone could reuse, for example from a public computer you forgot to clean or from your own stolen smartphone.
|On security code copy||You will be logged out immediately after you click/tap on a One-Time Password to copy it|
|a time lapse||You will be logged out after a certain amount of time|
|Never||Disable the Auto lock|
Use thecombobox in the 2FAuth's Settings > Options section to select a trigger or to disable the feature.
Sensitive data hiding
You can configure 2FAuth to display obfuscated One-Time Password rather than human readable password.
|Without obfuscation||With obfuscation|
|377 609||●●● ●●●|
This protects against attacks like a shoulder-surfing attack, where a third party intercepts your password by watching over your shoulder as you generate a fresh password.
Of course, this is only suitable if you are able to use the copy/paste feature to provide the password to the destination service.
Simply click/tap the (obfuscated) password in 2FAuth to copy it!
Check theoption in the 2FAuth's Settings > Options section to enable obfuscation.