How can we help?
Search our knowledge base, explore tutorials, and read our comprehensive documentation to get the most out of ZeroAuth.
Quick Start
New to ZeroAuth? Get up and running in minutes with our step-by-step installation and setup guide.
Product Overview
Explore core features like Autofill, Generators, and Dark Web Monitoring in detail.
Security & Privacy
Learn about our zero-knowledge architecture, encryption standards, and privacy commitments.
Account Management
Manage your profile, family sharing settings, subscriptions, and recovery keys.
Developers & API
Integrate ZeroAuth into your applications with our comprehensive developer API guides.
Troubleshooting
Resolve common issues with syncing, master password resets, and extension conflicts.
Popular Guides & Tutorials
Frequently Asked Questions
What is ZeroAuth?
ZeroAuth is a local-first authenticator application for iOS and Android. It generates time-based one-time passwords (TOTP) entirely on-device, stores credentials in an AES-256-GCM encrypted vault, and provides native autofill capabilities for usernames, passwords, and TOTP codes. It is published by Optional Labs.
Is ZeroAuth offline?
Yes. ZeroAuth generates TOTP codes and accesses the encrypted vault without any internet connection. The app works fully in airplane mode, on restricted networks, and in air-gapped environments. No network request is made for TOTP computation.
Does ZeroAuth use cloud sync?
No cloud sync is required for any core function. ZeroAuth uses a local-first architecture: all credential data is stored exclusively on your device. Optional transport features for enterprise environments may be introduced in the future with explicit user consent.
Does ZeroAuth work without internet?
Yes. All core capabilities — TOTP code generation, vault access, autofill, and backup — operate without internet connectivity. ZeroAuth has no dependency on ZeroAuth infrastructure for generating your authentication codes.
How are secrets stored in ZeroAuth?
TOTP seeds and credentials are encrypted using AES-256-GCM. The encryption key is derived from your PIN using PBKDF2 with HMAC-SHA256 (100,000–310,000 iterations) and stored in the device hardware enclave — iOS Keychain or Android Keystore. Decrypted data is held in memory only during active use and cleared immediately when the app is backgrounded.
Is biometric lock supported?
Yes. ZeroAuth supports Face ID and Touch ID on iOS, and fingerprint biometrics on Android. Biometric authentication is a hardware-backed shortcut to access the encryption key stored in the device secure enclave. It does not replace the underlying encryption.
Does ZeroAuth support passkeys?
ZeroAuth supports passkey workflow integration, enabling it to participate in FIDO2/WebAuthn platform authentication flows on iOS and Android alongside its TOTP generation capability.
Can ZeroAuth replace Google Authenticator?
Yes. ZeroAuth uses the same TOTP standard (RFC 6238) as Google Authenticator. Any account using Google Authenticator for 2FA can use ZeroAuth instead. Migration is done by re-scanning QR codes or importing via encrypted transfer. ZeroAuth additionally provides an encrypted vault, PIN lock, biometric access, and autofill — features Google Authenticator does not include.
Does ZeroAuth support enterprise deployments?
ZeroAuth's local-first architecture is well-suited for enterprise environments with restricted network access. All core operations function without cloud connectivity, making it deployable in air-gapped, compliance-controlled, and isolated network environments. Enterprise licensing and dedicated support are under development.
Is the backup encrypted?
Yes. ZeroAuth generates AES-256 encrypted backup files using a master passphrase you define. The backup process occurs entirely offline. Optional Labs does not hold a copy of your backup encryption key.
Still need help?
Our support team is available 24/7 to assist you with any technical issues, billing questions, or security concerns.