Can Moat or its staff read my 2FA codes or passwords?

No. Moat is zero-knowledge by design. Secrets are stored in the iOS Keychain and any backup is end-to-end encrypted on your device with AES-256-GCM before upload. Our servers only ever hold ciphertext, so there is nothing readable for us or anyone else to access.

What encryption does Moat use?

Backups are encrypted with AES-256-GCM. The encryption key is derived from your recovery key using PBKDF2-SHA256 at 210,000 iterations with random salts, on your device. Codes follow the TOTP (RFC 6238) and HOTP (RFC 4226) standards.

What happens if I lose my recovery key?

Your recovery key never leaves your device and is never sent to us, so if it is lost we cannot restore your encrypted backup. This is a deliberate property of zero-knowledge encryption — keep your recovery key somewhere safe.

How do I report a security vulnerability?

Email security@auth-2fa.cloud with details and steps to reproduce. We investigate all reports, do not pursue good-faith researchers, and aim to acknowledge within a few business days.

Moat

Security overview

Built so we can't read your data.

Q: Does Moat protect against phishing?

TOTP defeats password-only attacks and credential stuffing, but no shared-secret one-time code can fully stop a real-time phishing page that captures a live code. Always confirm the domain before entering a code. For the highest assurance, combine 2FA with vigilance and, where available, passkeys.

Moat's entire architecture starts from one rule: your 2FA secrets and passwords are yours alone. Here's exactly how that's enforced — the encryption, the key handling, our threat model, and the standards we follow. No vague promises.

✓ Zero-knowledge ✓ AES-256-GCM ✓ PBKDF2 · 210k ✓ No tracking ✓ RFC 6238 / 4226

The simplest way to understand it

What stays on your device — and what we ever see.

Two columns tell the whole story. Everything sensitive lives with you; we only ever hold encrypted blobs we can't open.

🔒 On your device only

Stored in the iOS Keychain, encrypted, and never sent in readable form.

✓ Your 2FA secret keys (the values behind every code)
✓ Your saved passwords and vault items
✓ Your recovery key and all encryption keys
✓ The plaintext of anything you back up

☁️ What our servers hold

Only if you turn on backup — and only ever as ciphertext.

· Encrypted blobs we cannot decrypt
· A random, anonymous account identifier
· An optional email, only if you add one for login
✕ Never: your secrets, passwords, keys, or any analytics

The protection stack

Every layer, in plain terms.

From the moment a secret is created to the moment an encrypted backup leaves your phone.

✓ Encrypted on your device

2FA secrets and passwords live in the iOS Keychain, protected by hardware-backed device encryption and excluded from unencrypted backups. They never leave in readable form.

✓ End-to-end encrypted sync

Turn on backup and everything is encrypted on-device before upload with AES-256-GCM, an authenticated cipher that also detects tampering. Our servers only ever store ciphertext.

✓ Keys derived from your recovery key

Your encryption key is derived with PBKDF2-SHA256 at 210,000 iterations (current OWASP guidance) using random per-item salts. The recovery key and derived keys never leave your device.

✓ Zero-knowledge by design

We have no ability to read your secrets or passwords. Lose your recovery key and not even we can restore them — that's the point, and the trade-off worth making.

✓ Face ID & App Switcher blur

Lock the app behind Face ID, and Moat blurs its contents in the iOS App Switcher so codes and passwords aren't exposed in previews or to a glance over your shoulder.

✓ Safe deletion

Deleted items move to Recently Deleted, then are permanently erased — including the secret key in the Keychain. Removing the app wipes all local data.

✓ No tracking, no ads

No analytics SDKs, no advertising identifiers, no web beacons, no third-party logo fetches. We don't sell or share your data — there is nothing to sell.

✓ Open, published standards

Codes follow TOTP (RFC 6238) and HOTP (RFC 4226), so they interoperate with thousands of services and can be independently scrutinised.

Honest threat model

What Moat defends against — and what it doesn't.

Good security is specific. No app stops every threat, so here's the candid version.

✓ Protects against

✓ Password leaks & credential stuffing — a stolen password alone can't log in without your live code.
✓ Server breaches at Moat — there's only ciphertext to steal, and the keys aren't here.
✓ SIM swapping & SMS interception — codes are generated offline, never texted.
✓ Casual device access — Face ID and App Switcher blur guard a borrowed or glanced-at phone.
✓ Tracking & profiling — no analytics means no behavioural trail to leak or subpoena.

✕ Can't fully stop

✕ Real-time phishing — a convincing fake site that relays a live code as you type it. Always check the domain.
✕ A fully compromised device — malware with OS-level control can undermine any app.
✕ A lost recovery key — by design, we cannot recover your encrypted backup for you.
✕ Weak account recovery elsewhere — if a service lets attackers reset 2FA via email, that's outside Moat.

For the very highest assurance, pair Moat with good habits (verify the domain before entering a code) and use passkeys where a service offers them. TOTP remains a major upgrade over SMS and password-only logins. Read how TOTP works →

Standards & references

Nothing proprietary where an open standard exists.

The building blocks are public and well-studied — you don't have to take our word for any of it.

TOTP — RFC 6238: Time-based one-time passwords. The algorithm behind your rotating six-digit codes.
HOTP — RFC 4226: HMAC-based one-time passwords using an event counter; the basis TOTP builds on.
AES-256-GCM: Authenticated encryption for every backup — confidentiality plus tamper detection.
PBKDF2-SHA256 · 210,000: Key derivation following current OWASP iteration guidance, with random salts.
iOS Keychain: Apple's hardware-backed secure storage for secrets and passwords on device.
otpauth:// URIs: The interoperable QR / link format for importing and exporting accounts.

Responsible disclosure

Found something? Tell us.

We welcome reports from security researchers and treat them seriously. If you believe you've found a vulnerability, email security@auth-2fa.cloud with a clear description and steps to reproduce.

We aim to acknowledge reports within a few business days and keep you updated as we investigate.
Please give us reasonable time to remediate before any public disclosure.
Act in good faith, avoid privacy violations and service disruption, and we won't pursue action against you.
Never include real secret keys, passwords, or other people's data in your report.

Security FAQ

Straight answers.

More on the support page or in our zero-knowledge explainer.

No. Moat is zero-knowledge. Secrets sit in the iOS Keychain, and any backup is end-to-end encrypted with AES-256-GCM on your device before upload. Our servers only ever hold ciphertext — there's nothing readable for us, an attacker, or a legal demand to obtain.

Your 2FA secrets and passwords are encrypted at rest in the Keychain. Backups add a second layer: encrypted with AES-256-GCM using a key derived from your recovery key via PBKDF2-SHA256 at 210,000 iterations with random salts — all on your device.

Your recovery key never leaves your device and is never sent to us, so a lost key means your encrypted backup cannot be restored — by anyone, including us. That's the deliberate cost of true zero-knowledge. Store it somewhere safe and offline.

TOTP stops password-only attacks and credential stuffing, but no shared-secret code can fully prevent a real-time phishing page that captures a live code. Always confirm the domain before entering a code, and use passkeys where offered. More on 2FA strength →

Email security@auth-2fa.cloud with details and reproduction steps. We investigate every report, aim to acknowledge within a few business days, and won't pursue good-faith researchers.

Security you don't have to take on faith.

Encrypted on your device, end-to-end in the cloud, and yours alone. Free to start.

Get Moat free