Open-source 2FA token manager with AES-256 encryption and OS keychain integration. No cloud accounts. No tracking.
Features
Every secret encrypted at rest with AES-256-GCM. Keys live in your OS keychain — never on disk in plaintext.
Sync via any cloud folder. Password-protected backups with PBKDF2 key derivation at 600,000 iterations.
Built with Tauri and Rust. Lightweight (~5MB), fast, and native to macOS, Windows, and Linux.
Encryption keys stored in macOS Keychain, Windows Credential Manager, or Linux Secret Service.
MIT licensed. No telemetry, no analytics, no accounts. Audit every line of code yourself.
Password-encrypted backups. Migrate from other authenticators. You're never locked in.
Security
Every design decision prioritizes security. Your TOTP secrets never leave your device unencrypted. No servers, no cloud accounts, no trust required.
AES-256-GCM
Authenticated encryption for all stored secrets
PBKDF2-SHA256 · 600k iterations
Key derivation that resists brute-force attacks
Rust crypto via ring
Audited crypto library — no browser crypto APIs
Zero network calls
No analytics, no telemetry. Fully offline capable.
const PBKDF2_ITERATIONS: u32 = 600_000; const KEY_LEN: usize = 32; // AES-256-GCM authenticated encryption fn encrypt_aes256gcm( plaintext: &str, key: &[u8], ) -> Result<String> { let nonce = generate_random_bytes(NONCE_LEN); let sealing_key = LessSafeKey::new( UnboundKey::new(&AES_256_GCM, key)? ); sealing_key.seal_in_place_append_tag( nonce, Aad::empty(), &mut data )?; Ok(BASE64.encode(&combined)) }
Keep your 2FA secrets safe, private, and always within reach — on your terms.
Download Yhtua v2.5.0