Use this section to tell people about which versions of your project are currently being supported with security updates.
| Version | Supported |
|---|---|
| 1.0.x | ✅ |
We take the security of Auto2FA seriously. If you believe you've found a security vulnerability, please follow these steps:
-
Do Not disclose the vulnerability publicly until it has been addressed by our team.
-
Email your findings to [email protected].
-
Provide detailed information about the vulnerability:
- Type of vulnerability
- Steps to reproduce
- Potential impact
- Suggested fixes (if any)
-
We will acknowledge your email within 48 hours and aim to:
- Confirm the vulnerability
- Keep you informed of our progress
- Release a fix as soon as possible
Auto2FA implements several security measures to protect user data:
- All sensitive data is stored in the macOS Keychain
- Credentials are never stored in plain text
- Memory is cleared after use
- No data is sent to external servers
- All processing happens locally
- Regular security audits
- Dependency updates
- Code review process
When using Auto2FA:
- Keep your macOS and Safari up to date
- Use strong master passwords
- Enable FileVault on your Mac
- Regularly review your account mappings
- Report any suspicious behavior
We believe in responsible disclosure and will:
- Acknowledge receipt of vulnerability reports
- Keep reporters informed of progress
- Credit reporters in our security changelog
- Release fixes promptly
- Maintain transparency about security issues
Security updates will be released as needed and will be clearly marked in the release notes. We recommend always using the latest version of Auto2FA.