Skip to content

Security: 2factorauth/twofactorauth

SECURITY.md

Security Reporting

Have you found a security vulnerability or bug affecting the 2FA Directory or Passkeys Directory?
Get in touch with us!

Vulnerability Scope

2factorauth hosts the 2FA Directory website and API service along with the Passkeys Directory website and API service.
We also manage the GitHub repositories on github.com/2factorauth.
Vulnerabilities directly related to the code in these repositories can be reported to us.
If you've found an issue with one of our dependencies, please report your findings directly to the dependency in question.

Note

Before reporting, please keep in mind that the Directories are static websites with API services that are public to everyone.
Therefore, potential DOM and cookie exfiltrations are outside our security vulnerability scope.

Reporting Vulnerabilities

Please report your findings through our Security advisory platform.
If you're unable to use GitHub, send us an email instead at [email protected]. PGP is available using the key 0xDD315F4D.

Important

Reports from automated security scans will be discarded.

There aren’t any published security advisories