What is "2FA (Two-Factor Authentication)" extension and how does it work?

This extension is a privacy-focused two-factor authentication (2FA) manager that lets you securely store and manage TOTP and HOTP tokens directly in your browser using the same encrypted vault format as Aegis Authenticator. After installation, open the extension popup from the browser toolbar, enter the password for your encrypted vault, and click the Open button to load an Aegis-compatible JSON database. The extension can optionally remember previously opened vault file handles, allowing you to quickly reopen your database from the "Handles" section during future sessions. You can also enable optional session-only password memory from the Settings menu available in the extension's right-click context menu; stored passwords are kept only for the current browser session and are automatically cleared by your browser when it closes.

Once the vault is unlocked, the extension displays all stored entries and allows sorting by account name or issuer. Each entry includes fields such as name, issuer, groups, and icon, all of which can be edited directly inside the interface. After making changes, press the "Save" button to permanently update the encrypted vault. For additional safety, the extension first creates a backup copy of the existing database in your default downloads directory before overwriting the original file.

The extension also includes fuzzy search, allowing you to quickly find entries without typing exact matches. Partial searches are ranked automatically based on matching relevance. Keyboard shortcuts are fully supported for fast navigation, including Ctrl + F (or Command + F) for instant search and Arrow keys for navigating between entries.

How can I test this extension?

Open the extension popup by clicking the action button. Enter a password and click Create a New Database. A save file picker will appear and suggest vault.json as the filename. Save the file to a local directory.

You will then be prompted to re-enter your password. After confirming it, the extension will open the credentials page.

Click the + button to add a new credential and import the following sample OTP URI:

otpauth://totp/Example:[email protected]?secret=JBSWY3DPEHPK3PXP&issuer=Example

You can use the Edit button to customize the credential, such as assigning an icon or moving it to a different group. Make sure to click Save for any changes to take effect.

Once finished, save the database. The next time you open the database, the stored credential should be displayed.

You can also use the extension's right-click context menu to store the database password for the current browser session. If a password is stored, opening the popup and clicking Use Last Handle will reopen the most recently used database without requiring you to select the file again or re-enter the password.

What's new in this version?

Please check the Logs section.

Is my data encrypted?

Yes. Your vault is encrypted locally using the same encryption format as Aegis Authenticator before anything is written to disk. The extension uses password-based encryption with the scrypt key derivation function to securely derive an encryption key from your password, helping protect against brute-force and password-guessing attacks. Vault data is then encrypted using strong industry-standard cryptography, ensuring that the contents cannot be accessed without the correct password. All encryption and decryption operations happen entirely offline on your device.

Can I use the same vault file across multiple devices or browsers?

Yes. Because the vault is stored as a regular encrypted file, you can synchronize it using any file-sharing, cloud-sync, or backup solution you prefer.

Which authentication methods are supported?

The extension supports both TOTP (Time-Based One-Time Password) and HOTP (HMAC-Based One-Time Password) tokens.

What are the supported keyboard shortcuts?

You can define a shortcut to open the extension's interface from your default browser extension manager. Also the following shortcuts work inside the extension's popup interface:

• Ctrl + C or Command + C on the "Search" interface to copy the currently generated token to the clipboard
• Ctrl + E or Command + E on the "Search" interface to edit the currently selected entry
• Ctrl + D or Command + D on the "Search" interface to delete the currently selected entry
• Ctrl + N or Command + N on the "Search" interface to add a new OTP from a "otpauth://..." data uri
• Ctrl + F or Command + F on the "Search" interface to focus the search box
• Arrow Down or Arrow Up on the "Search" interface to change focus to the previous or next entry on the list
• Ctrl + O or Command + O on the "Login" interface to open a new Aegis JSON file
• Ctrl + N or Command + N on the "Login" interface to create a new database (disabled for now)
• Ctrl + L or Command + L on the "Login" interface to use the last file handle.

Why does this extension use local files instead of browser storage?

Using local encrypted files gives you full control over your data, makes backups easier, and allows seamless sharing between browsers, computers, and compatible applications without being tied to browser-specific storage systems.

Can I use this extension with a remote source? My Aegis database is hosted on a remote server.

Yes. Starting with version 0.1.5, the extension supports both reading from and writing to remote sources.

To use a remote database, the server must:

• Return valid JSON in response to GET requests.
• Accept content updates via POST requests (if you want the database to be editable through the extension).

As with local files, the extension will ask for permission to access the remote source. Once access is granted, it reads the content and interacts with the remote database in the same way it would with a local database file. Here is a sample NodeJS server that supports both reading with GET and writing with POST.

const http = require('http');
const fs = require('fs/promises');
const path = require('path');

http.createServer(async function (req, res) {
  var target = path.resolve('.', '.' + decodeURIComponent(req.url));

  try {
    var stat = await fs.stat(target);
    var mime = {
      '.html': 'text/html; charset=utf-8',
      '.json': 'application/json',
      '.txt': 'text/plain; charset=utf-8'
    };

    if (req.method === 'GET') {
      if (stat.isDirectory()) {
        var entries = await fs.readdir(target, { withFileTypes: true });
        var rel = decodeURIComponent(req.url);

        res.setHeader('Content-Type', 'text/html; charset=utf-8');

        var html = '<!doctype html>\n<html>\n<body>\n<h1>' + rel + '</h1>\n<ul>\n';

        if (req.url !== '/') {
          html += '<li><a href="../">..</a></li>\n';
        }

        entries.forEach(function (e) {
          var href = (req.url.endsWith('/') ? req.url : req.url + '/') + encodeURIComponent(e.name);
          html += '<li><a href="' + href + (e.isDirectory() ? '/' : '') + '">' + e.name + (e.isDirectory() ? '/' : '') + '</a></li>\n';
        });

        html += '</ul>\n</body>\n</html>\n';
        res.end(html);
        return;
      } else {
        var ext = path.extname(target).toLowerCase();
        res.setHeader('Content-Type', mime[ext] || 'application/octet-stream');
        res.end(await fs.readFile(target));
        return;
      }
    }

    if (req.method === 'POST') {
      var body = '';

      req.on('data', function (chunk) {
        body += chunk;
      });

      req.on('end', async function () {
        try {
          await fs.mkdir(path.dirname(target), { recursive: true });
          await fs.writeFile(target, body);
          res.end('OK');
        } catch (err) {
          res.statusCode = 500;
          res.end(err.message);
        }
      });

      return;
    }

    res.statusCode = 405;
    res.end('Method Not Allowed');
  } catch (err) {
    res.statusCode = 404;
    res.end(err.message);
  }
}).listen(3000);

console.log('http://localhost:3000');