A secure, cross-platform mobile app for 2FA (TOTP) code generation and password management. Inspired by Google Authenticator and Bitwarden.
- TOTP (RFC 6238) 6-digit code generator
- Add accounts via QR code or manual entry
- AES-256 encrypted password vault (master password protected)
- Biometric unlock (fingerprint/face)
- Optional: Cloud sync (Firebase/Supabase)
- Optional: Password strength & breach check (HaveIBeenPwned)
- Optional: Autofill support (Android/iOS)
- Built with Flutter for Android & iOS
- Flutter (mobile framework)
otp(TOTP)flutter_secure_storage(secure storage)- AES-256 + PBKDF2 (encryption)
local_auth(biometrics)qr_code_scanner- State management: Provider / Riverpod / Bloc
- Backend: Firebase/Supabase/Node.js (optional)
- Clone repo:
git clone https://github.com/yourusername/MeAuth.git cd MeAuth - Install dependencies:
flutter pub get
- (Optional) Set up Firebase/Supabase for sync
- Run app:
flutter run
- TOTP generation & display
- QR code/manual account entry
- Encrypted password vault
- Master password + biometrics
- Cloud sync (optional)
- Password strength/breach check (optional)
- Autofill (advanced)
- UI/UX polish
- All secrets/passwords encrypted locally (AES-256)
- Master password derives encryption key (PBKDF2)
- Biometric unlock for quick access
- End-to-end encrypted sync (if enabled)
- No sensitive data logged or sent in plain text
MIT License
Name: Mohd Harish
Email: harishjs1006@gmail.com
Project: github.com/Hellkryptonium/MeAuth
- Core Features (Parity with Google Authenticator)
- TOTP (RFC 6238) & HOTP (RFC 4226) support
- QR code scanning and manual entry
- Multiple account support with custom labels/icons
- Backup & restore (encrypted, user-controlled)
- Cross-platform (Android/iOS) with smooth UX
- No cloud storage by default (privacy-first)
- Security Best Practices
- All secrets/passwords encrypted at rest (AES-256)
- Master password with PBKDF2 or Argon2 for key derivation
- Biometric unlock (fingerprint/face) with fallback to device PIN/password
- Zero-knowledge: secrets never leave device unencrypted
- Clipboard auto-clear for copied codes
- No analytics or tracking
- App integrity checks (detect tampering/root/jailbreak)
- Secure storage using flutter_secure_storage or platform keystore
- Advanced Features (Go Beyond Google Authenticator)
- Password manager (AES-256 encrypted vault)
- Cloud sync (optional, end-to-end encrypted, user-controlled)
- Password strength & breach check (HaveIBeenPwned API)
- Autofill support for passwords and OTPs
- Export/import (encrypted, user-initiated)
- App lockout after failed attempts
- Inactivity timeout auto-lock
- Customizable themes (dark/light/system)
- Accessibility support
-
Development Plan MVP:
- TOTP/HOTP generation & display
- QR/manual account entry
- Local encrypted storage
- Biometric/device authentication
- Security Hardening:
- Key derivation (PBKDF2/Argon2)
- Clipboard auto-clear
- App integrity checks
- Password Vault:
- Add, edit, delete, search passwords
- Master password protection
- Optional Cloud Sync:
- End-to-end encrypted sync (Firebase/Supabase/self-hosted)
- Advanced UX:
Export/import Accessibility Theming Testing & Audit:
Unit/integration tests Security audit (manual & automated)
- Super Secure Practices Never store master password or secrets in plain text Use secure random for key/IV generation Lock app on background/switch Wipe sensitive data from memory after use Regularly update dependencies Open source for transparency