Priva Authenticator

A privacy-first TOTP authenticator. All your codes stay on your device — we never see them.

Set a Master Password

When you first open the app, you create a Master Password. This password is never sent anywhere — it stays in memory only while your vault is open. It's used to derive an AES-256 encryption key via PBKDF2 (310,000 iterations).

Add accounts (QR or manual)

Scan a QR code, upload a screenshot, or enter the secret key manually. The TOTP secret is encrypted immediately with your master key before being stored in IndexedDB on your device.

Generate codes locally

6 or 8-digit TOTP codes are generated entirely on-device using the otpauth library (RFC 6238). They refresh every 30 seconds. No network request is ever made.

Lock when done

When you lock the vault, the master key is wiped from memory. Your encrypted secrets in IndexedDB are unreadable without the password. Nobody — including us — can access them.

Security Details

EncryptionAES-GCM 256-bit

Key derivationPBKDF2 / 310k iterations / SHA-256

StorageIndexedDB (local only)

Secret storageEncrypted at rest

Network requestsNone

Master Password storedNever — memory only

Zero tracking · Zero analytics · Zero cloud sync · Open encryption