Live
← all projects
ShardPass
Local-first TOTP authenticator with inline autofill.
About
Local-first Chrome MV3 TOTP authenticator with inline autofill, an encrypted local vault, QR / otpauth import, and per-domain account matching for 2FA-heavy workflows.
Features
AES-256-GCM vault, PBKDF2-HMAC-SHA256 (250k iterations)
TOTP (RFC 6238) + HOTP (RFC 4226) with inline floating chip
Import via manual entry, QR image, otpauth:// URI or backup
Optional E2EE sync with Ente Auth (SRP + libsodium)
Per-domain account matching for auto-suggest
Biometric unlock on supported devices
Tech Stack
TypeScript React Tailwind Vite Chrome MV3
Security Architecture
Vault Encryption
AES-256-GCM
Key Derivation
PBKDF2-HMAC-SHA256, 250k rounds
TOTP Standard
RFC 6238 (time-based)
HOTP Standard
RFC 4226 (counter-based)
Optional Sync
E2EE via SRP + libsodium
Data Location
Local-only (chrome.storage)