PitchHut logo
Log in / Sign up
desktop-2fa
by
wrogistefan
Robust offline 2FA management with strong encryption and no cloud reliance.
Preview url
Visit project
Pitch

Desktop-2FA is a secure offline application for managing TOTP 2FA codes. It features an encrypted vault for safe storage, has a modular architecture for flexibility, and works without internet access. This application is designed to provide a reliable way to enhance personal security without compromising privacy.

Description

desktop‑2fa

desktop‑2fa is a secure, offline TOTP authenticator designed for desktop environments. It provides a fully local, encrypted vault for storing 2FA secrets, a clean and predictable CLI workflow, and a transparent architecture built around modern cryptographic standards. The project is aimed at users who value privacy, reproducibility, and complete control over their authentication data.

Why desktop‑2fa?

Most 2FA tools today rely on mobile devices, cloud sync, or proprietary storage. desktop‑2fa takes a different approach:

  • offline‑only — no network access, no cloud, no telemetry
  • desktop‑native — ideal for workstations, servers, and air‑gapped machines
  • transparent and auditable — open code, clear architecture, reproducible behavior
  • strong cryptography — AES‑256‑GCM for authenticated encryption, Argon2id for key derivation
  • simple and scriptable — CLI‑first design integrates easily with existing workflows

desktop‑2fa is built for people who want a trustworthy, minimal, and secure way to manage TOTP codes without relying on external services.

Key Features

🔐 Encrypted Vault

All TOTP secrets are stored in a local vault encrypted with:

  • AES‑256‑GCM for confidentiality and integrity
  • Argon2id for password‑based key derivation
  • unique salt and nonce per vault
  • authenticated decryption with GCM tags

No plaintext secrets are ever written to disk.

🧭 Offline‑First Architecture

desktop‑2fa never connects to the internet.
There is:

  • no cloud sync
  • no telemetry
  • no analytics
  • no external dependencies

Your secrets stay on your machine — always.

🖥 CLI‑First Workflow

The command‑line interface provides:

  • adding new TOTP entries
  • listing stored accounts
  • generating codes
  • backing up and restoring vaults
  • inspecting vault metadata

The CLI is designed to be predictable, scriptable, and easy to integrate into automation.

🧪 High Test Coverage

The project includes:

  • deterministic tests
  • isolated temporary vaults
  • mocked cryptography for reproducibility
  • full coverage of CLI commands

This ensures long‑term stability and confidence for contributors.

🧱 Modular Architecture

The codebase is structured into clear modules:

  • vault management
  • encryption
  • TOTP generation
  • CLI commands
  • utilities

This makes the project easy to navigate and extend.

Target Audience

desktop‑2fa is ideal for:

  • developers and sysadmins who prefer desktop tools
  • users working on secure or air‑gapped systems
  • privacy‑focused individuals who avoid cloud‑based authenticators
  • people who want a transparent, auditable 2FA solution
  • teams that need reproducible, scriptable authentication workflows

Roadmap

Planned features include:

  • cross‑platform GUI
  • QR code import (file, clipboard, webcam)
  • HOTP support
  • vault export to human‑readable format
  • Rust backend for performance and security
  • plugin system for custom workflows
  • localization (PL/EN/DE)

The roadmap evolves based on community feedback and real‑world usage.

Security Model

desktop‑2fa follows a clear and documented security model:

  • protects against unauthorized vault access
  • protects against tampering and corruption
  • does not protect against compromised host systems
  • password is never stored
  • brute‑force attempts are mitigated by Argon2id cost parameters

Every vault read operation verifies header, version, Argon2 parameters, and GCM tag integrity.

Philosophy

desktop‑2fa is built around three principles:

  1. Local‑first — your data stays with you
  2. Minimal and transparent — no unnecessary complexity
  3. Reproducible and testable — predictable behavior across systems

The goal is not to replace mobile authenticators, but to provide a secure, desktop‑native alternative for people who need it.

Contributing

Contributions are welcome.
The project values:

  • clean code
  • reproducibility
  • clear documentation
  • security awareness
  • respectful collaboration

The repository includes guidelines for development, testing, and architecture.

License

desktop‑2fa is source‑available under a custom license included in the repository.
It allows personal and non‑commercial use while protecting the project from unauthorized commercial exploitation.

Summary

desktop‑2fa is a modern, offline, encrypted TOTP authenticator for desktop systems.
It combines strong cryptography, a clean CLI, and a transparent architecture to give users full control over their 2FA secrets — without cloud services, telemetry, or hidden dependencies.

If you value privacy, reproducibility, and simplicity, desktop‑2fa is built for you.

0 comments

No comments yet.

Sign in to be the first to comment.