At Two Factor Authentication Service, Inc., security is our top priority. If you encounter a potential security issue in 2FAS Pass, please report it following the guidelines below.

If you believe you've discovered a security vulnerability in 2FAS Pass, please do not post it publicly on GitHub. Instead, contact our security team directly by emailing [email protected]. If possible, please encrypt your message using our PGP key (here) To help us address the issue quickly, please include the following information:

• The specific product affected (e.g., 2FAS Pass iOS, 2FAS Pass Android, 2FAS Pass Browser Extension, 2FAS Pass Server, etc.)
• Type of issue (e.g., unauthorized data access, privilege escalation, encryption bypass, etc.)
• Detailed steps to reproduce the issue
• Any relevant details about the affected environment (e.g., device model, OS version, browser version)
• Potential impact and any proof-of-concept code, if available

You should expect a response within 72 hours. If you don't receive a confirmation, please follow up to ensure we received your report.

We prefer all communications to be in English.

Two Factor Authentication Service, Inc. adheres to the principles of Coordinated Vulnerability Disclosure.

Copyright © 2025 Two Factor Authentication Service, Inc.