Have you found a security vulnerability or bug affecting the 2FA Directory or Passkeys Directory?
Get in touch with us!
2factorauth hosts the 2FA Directory website
and API service along with the Passkeys Directory website and API service.
We also manage the GitHub repositories on github.com/2factorauth.
Vulnerabilities directly related to the code in these repositories can be reported to us.
If you've found an issue with one of our dependencies, please report your findings directly to the dependency in
question.
Note
Before reporting, please keep in mind that the Directories are static websites with API services that are public to everyone.
Therefore, potential DOM and cookie exfiltrations are outside our security vulnerability scope.
Please report your findings through our Security advisory platform.
If you're unable to use GitHub, send us an email instead at contact@2fa.directory.
PGP is available using the key 0xDD315F4D.
Important
Reports from automated security scans will be discarded.