# Data protection

2FAuth provides several security mechanisms to protect your sensitive 2FA data, at administrator or user level.

# For administrators

# DB encryption

Sensitive data stored in the database (2FA secret & otpauth URI) can be encrypted to protect them against a database compromise.

Check the Protect sensitive data option in the 2FAuth's Admin > App setup section to enable encryption.

# For users

# Auto lock

2FAuth can automatically log you out to keep your data always protected. The goal is to avoid a long life session that someone could reuse, for example from a public computer you forgot to clean or from your own stolen smartphone.

Supported trigger Behavior
On security code copy You will be logged out immediately after you click/tap on a One-Time Password to copy it
a time lapse You will be logged out after a certain amount of time
Never Disable the Auto lock

Use the Auto lock combobox in the 2FAuth's Settings > Options section to select a trigger or to disable the feature.

# Sensitive data hiding

You can configure 2FAuth to display obfuscated One-Time Password rather than human readable password.

Without obfuscation With obfuscation
377 609 ●●● ●●●

This protects against attacks like a shoulder-surfing attack, where a third party intercepts your password by watching over your shoulder as you generate a fresh password.

Of course, this is only suitable if you are able to use the copy/paste feature to provide the password to the destination service.

Check the Show generated one-time passwords as dot option in the 2FAuth's Settings > Options section to enable obfuscation.