| Version | Supported |
|---|---|
| Latest | ✅ |
| Older | ❌ |
I take security seriously. If you discover a vulnerability, please report it responsibly.
Option 1: GitHub Security Advisory (Preferred)
- Go to the Security tab
- Click "Report a vulnerability"
- Provide detailed information
Option 2: Public Issue
- For non-critical issues only
- Detailed description and steps to reproduce
- Potential impact (data leak, encryption bypass, etc.)
- Suggested fixes (if you have any)
This application follows OWASP/NIST best practices but has not been professionally audited. See the Security Disclaimer in the README.
Key security areas:
- AES-256-GCM encryption with Argon2id
- Secure memory wiping
- Local-only encrypted storage
- Unencrypted exports (by design)
Thank you for helping keep TOTP-Authenticator secure!