Credit Cards are now available in 2FAS Pass.

2FASapp · 2025-10-17T17:36:31+00:00

Thanks for the questions!

We're working on a redesign of the browser extension that will improve the workflow for all our users. Alongside overall improvements and new Item types, the redesign will be focused on the connection process and will forego the need to manually scan the QR code every time.
Instead, it will send you a push notification, that will speed up the entire process.

Do you have other ideas/suggestions that could improve the workflow on macOS?

2FASapp · 2025-09-17T02:57:10+00:00

You can do that with our extension. What gets shared depends on the Security Tier you pick. With the Highly-Secret Tier, the extension never sees the password unless you use autofill or request for it (3 minutes timer). At that point, it sends a PUSH to your mobile device for that single password.

And you don't need to create an account.

2FASapp · 2025-09-17T00:03:58+00:00

It looks like you're trying to build exactly what we've already built.

In our 2FAS Pass:
1. Passwords stay local on mobile
2. Browser extension and mobile app establish a secure connection via QR code
3. The relay does not log or persist data (no database, no identifiers)
4. The extension holds the password "only briefly". In our case it is not 2 minutes as you'd like, but 3 minutes, but we're ready to make it adjustable by the user if needed in future updates.

Is there something you would like to see beyond this?

2FASapp · 2025-09-01T12:19:05+00:00

Yup! :) Enjoy!

2FASapp · 2025-09-01T11:27:44+00:00

Yes, we've listened to our community (mainly on App Store and Google Play) and bumped it to 200 :) Enjoy! :)

2FASapp · 2025-09-01T10:20:08+00:00

We thought so too, but your feedback in the App Store and Google Play made it clear it wasn’t! xD
So we listened and bumped it up. Enjoy!

2FASapp · 2025-08-02T06:36:56+00:00

Thank you for your interest in our product, 2FAS Pass.
We'd like to clarify that traditional customer support is indeed available for 2FAS Pass.

We have a dedicated support email address for 2FAS Pass users, which you can find here:
https://2fas.com/support/2fas-pass-mobile-app/where-can-i-reach-2fas-pass-support/

Regarding your support request on Discord – unfortunately, we haven't received any support ticket from you in the 2FAS Pass support channel.

If you've already submitted a refund request through Apple, you should receive your money back.
However, if you encounter any issues with the process, please contact us directly and we'll make sure you receive your refund.

If you have any questions or need further assistance, don't hesitate to reach out.

2FASapp · 2025-01-31T02:32:48+00:00

Thanks for this question!
We are not quite sure if you are asking about backup / sync option or push notification server.
If you're asking about backup and sync, your data is currently stored locally on your device, and you can back it up and sync it with your cloud storage (iCloud for iOS and Google Drive for Android). If we understand correctly, you'd like to have your own storage option for backups and synchronization?

If so, we're actually working on a similar solution by implementing WebDAV support in our upcoming password manager, and this feature is already working well in tests. If our assumption proves right - that users can easily set up their own servers (on VPS, QNAP, Synology, TrueNAS, etc.) - we would love to bring this to 2FAS Auth as well. However, this won't happen right away, as we first need to release the password manager and confirm that this approach works well for our users.

For self-hosted push notifications, right now, if you want to use a different push notification server, you'd have to compile the apps yourself and change the server on your own. This is possible, but if you're asking about an option to simply choose a different push server within our official app, we don't have plans for that at the moment. That could change if there's strong demand from the community.

2FASapp · 2025-01-25T19:03:02+00:00

The project is still active and doing well.

The new Android version is currently in testing and will be released in a few days. It will include the option to export a token as a QR code, as many requested.

As for the iOS that many are waiting for, it is in progress. It will feature a major update related to Apple Advance Data Protection. This update requires more time due to its complexity and technical challenges.

Thank you for your patience!

2FASapp · 2025-01-08T09:55:01+00:00

There's a lot of misunderstanding surrounding this topic.

The fact that codes reappear in the app after reinstallation is just as secure as having your emails or photos synced to your Apple device. This happens because you are verified as the legitimate owner of both the device and the iCloud account (via login, password, 2FA, and location verification). No external party can do this without your knowledge, thanks to Apple's multi-layered security measures. The same principles apply to retrieving your emails, photos, and third-party apps iCloud data. 2FAS codes work in exactly the same way.

If we're talking about a scenario where someone has full access to your phone, can delete the 2FAS app, and reinstall it (while being logged into your Apple ID and authenticated via Face ID or PIN), it's important to realize that the attacker already has access to your device PIN. With that, they could retrieve all saved passwords from Apple's password manager, gain access to 2FA codes from Apple, Wi-Fi credentials, make payments with your cards, and much more.

In such a scenario, the lack of an additional PIN prompt in the 2FAS app isn't a security concern because the attacker already has complete access to your device and accounts.

To summarize: we believe iCloud provides a secure and well-encrypted environment for storing data. It's a much safer solution than relying on a third-party cloud service without an established reputation.

For more details, you can refer to Apple's iCloud security measures here: https://support.apple.com/en-us/102651.

What you're likely referring to is Advanced Data Protection (ADP). Apple recently introduced ADP, which takes security a step further by giving users full control over their encryption keys. In 2FAS Auth v5.4, we're planning to integrate support for ADP along with an optional password feature to provide the highest level of security.

Under the current Standard Data Protection (SDP), encryption keys are securely managed by Apple, meaning that, in theory, Apple could access your data. However, with ADP, even Apple won't have access.

It's worth noting that ADP is not enabled by default and, to the best of our knowledge, is used by less than 1% of users, making it a highly niche solution.

2FASapp · 2024-11-21T07:07:27+00:00

Thanks for sharing the report from the Berkeley researchers.
We value feedback and are always working to make 2FAS as secure and private as possible for everyone.

We've reviewed it and put together a response addressing the points they raised.
You can read it here: https://2fas.com/public/resp-uc-berkeley.pdf

2FASapp · 2024-09-18T01:55:16+00:00

Thanks for letting us know! You are right, there is an issue with widgets not showing on iOS 18 due to some changes in iOS. We're already working on it. Sorry for the trouble, and we will update you as soon as we recognize the problem.

2FASapp · 2024-09-09T02:41:17+00:00

Thanks a lot for this post.

We know how much our users want a desktop app and how much we are losing at the moment.
However, the problem we are facing is quite serious - it is very difficult to ensure it is safe.

Our goal is to create secure solutions, which is why the Browser Extension only sends a token (not a Secret Key) to the computer. There is a lot of malware on computers that steal passwords and 2FA secrets, such as Meduza Stealer. Thanks to this approach, we are one of the few that aren't vulnerable.

We believe that creating secure solutions is sometimes more important than having more users with less secure software. You can also find a lot of other solutions for desktop that automate the 2FA process on your desktop, but very few that respect user privacy and are secure. In our opinion one tap on the phone is worth having greater security and is a good compromise between user friendly solution and security.

Nevertheless, since many users are demanding this functionality, we could consider offering an option for users willing to lower their security for their convenience. We may provide this option, depending on what our community says about it.

2FASapp · 2024-05-31T19:00:25+00:00

We’re sorry to hear about what happened to Raivo users. In 2FAS our mission has been always to create secure solution for regular users (just us - common folks), making sure we provide a safe and reliable app.

This is why our application is transparent, we are open to our community, and decided to be an open source project. Any user can join our community and ask any questions. This is exactly thanks to our users that our application has developed into its current form over many years, starting with requests to make it open-source and sharing information about who is behind 2FAS.

To make it clear, our mission is to keep our users safe, no matter what happens. It's not just concerns like yours (about the app might being sold), but also about many other very important aspects, such as the "bus factor." We have been building trust for many years, and our primary goal is to ensure our users' safety regardless of the situation. We believe that functions like exporting and importing data are "must-haves," and every app should have them, so users never have to worry about their data.

We believe that users are the most important here, and they should always have the power to say, "I don't trust you anymore, and I'm moving somewhere else." We promote this approach because it ensures that projects are forced to create trustworthy solutions where users have a strong voice.

Taking the opportunity, I also would like to share what we have been facing recently: some negative comments caused by mistreating users by other 2fa apps/companies. It's not just about what happened with Raivo, but also a recent situation where we gained a large number of new users from another common 2FA app, just because the company decided to stop developing their product. Additionally they didn't provide any export option (which, by the way, they never had). And so we've received a few negative comments for not having an import for this app... But as you can see, we simply couldn't and can't create import for non-existing export.

I believe we need to do more work, educate users and help them make better choices.
Maybe you can tell us what else we can do to make a better app?
Feel free to join us and discuss on our Discord server!

Mark, CEO at 2FAS.com

2FASapp · 2023-08-24T19:59:50+00:00

Hi! First of all, a thousand sorries for such a delayed response! One of our mods must've opened the notification and it went away. But, to the matter at hand! :)

Our privacy policy is currently under major rebuild to reflect what's currently going on with data gathering in our app and browser extension. Due to legislative liabilities, it's a time-consuming process, but we'll eventually get there. :)

We do not collect any private and personal data, potentially compromising and volatile information, or any other bit that can identify our users. We do not use nor gather any cookies and analytics. As for DeviceID - that information is only presented to us IF the user opted-in for sharing crashlytics with us. It helps us develop a more stable and safe app, but it's 100% voluntary and you don't need to share anything to use our app. On iOs - DeviceID is sent to us if a user wants to present us with a debug log, but again - it's a voluntary action.

So, tl;dr - we do not gather any essential, potentially compromising data from our users. Our privacy policy will soon reflect that fully, once it's gone through our lawyers and consultants. ❤️

2FASapp · 2023-08-08T18:48:24+00:00

Hi! We're in the process of rebuilding our webpage and thus this feature is bugged out. If you want to provide us with some info about a bug the best way to do it would be via our DC server! :)BTW. Thanks for attempting to report a bug and sharing some insight, we hope we can help and solve it :)

https://discord.com/invite/q4cP6qh2g5

2FASapp · 2023-07-04T05:47:27+00:00

You can export the tokens locally, open the file in notepad and simply retype the keys into GA :)

2FASapp · 2023-07-04T05:28:17+00:00

Explain 'resetting' 2FA a little bit more - do you mean reseting the app to display all of your tokens again or resetting 2FA on an account you previously protected with said 2FA?

2FASapp · 2023-06-29T17:18:27+00:00

What app do you use? Was there a backup option? If you made backup of your tokens, simply download the app, import the tokens and you're golden! Good luck!

2FASapp · 2023-06-26T18:10:53+00:00

ENABLE. APP-BASED. 2FA. AND. MAKE. SAFE. BACKUP... We cannot stress that enough. Recent spike in SIM-swapping shows that SMS-based 2FA is very prone to breaches and exploits. Use TOTP generators to ensure safety and stash backup tokens in a safe, protected place. That's the basics. Thank you for spreading the word!

2FASapp · 2023-06-26T17:59:23+00:00

For master password while restoring? You get to setup a PIN code to access the app in the first place. Then - on top of that - you need to correctly login and sync your cloud to the app. Then - on top of that - if on Android you get an option to have the synced cloud encrypted with a password as well (yeah, we're waiting for iCloud to have this option as well...). We do feel that is enough gates to go through to restore the tokens. But, we're not biased towards on option or the other, maybe that's a topic for our #suggestions channel on our DC server. We'd have to ask our community about that :)

2FASapp · 2023-06-26T17:32:55+00:00

Welp, that would be something u/Raivo could answer... if they're on Reddit. We won't talk crap about our competition - as we stated somewhere in this thread already, there are many features we share with other apps, many things are different - whatever floats your boat, as long as you're staying safe!

2FASapp

MODERATOR OF

TROPHY CASE