💡 Cross-device tip: Your .vaultbak file works on any device — copy it to OneDrive, Dropbox, or a USB drive to keep multiple devices in sync. You'll enter the password you're about to set in Step 2 to unlock it.
Step 2 of 4 — Vault Password
Set Your Password
⚠ Important: This password encrypts your vault data and all backup files. It is never stored anywhere. If you forget it, your data cannot be recovered. Write it somewhere safe.
Shown on the login screen as a memory aid. Never make it the password itself.
Step 3 of 4 — Login Preference
How should this device authenticate?
🔓
Stay Logged In
Trusted device — vault opens automatically between visits
🔒
Password Every Time
Enter password on each visit — close the browser tab when done
⚠ When using password-each-time mode, close the entire browser tab (not just navigate away) when finished. Simply switching tabs does not clear the session.
Step 4 of 4 — Backup & Sync
Backup Settings
Auto-backup after changes
Downloads .vaultbak automatically on each save
☁ OneDrive / Cloud Sync: MFA Vault backups are fully portable. Save the .vaultbak file to your OneDrive, iCloud Drive, or Dropbox folder — then import it on any other device to keep tokens in sync. The file is AES-256 encrypted with your password, so it's safe to store in the cloud.
MFAVAULT
// ENTER PASSWORD //
Show hint
MFAVAULT
30
NEXT CODE
Add Token
The Base32 secret shown by the service during 2FA setup. Spaces are ignored.
Click to browse, drag & drop, or paste screenshot
Ctrl+V / ⌘+V pastes from clipboard
Starting camera...
Paste an otpauth:// URI, a URL with secret=, or any text that might contain the secret. MFA Vault will try all known patterns automatically.
Restore Backup
💡 Sync between devices: Store your .vaultbak in OneDrive, Dropbox, or iCloud Drive. Import it here on any device — the file is encrypted with your vault password so it's safe in the cloud.
Drop .vaultbak here or click to browse
Settings
Session
Stay logged in
Disable to require password on every visit
Backup
Auto-backup on change
Downloads encrypted .vaultbak after each save
☁ Cloud Sync: Save .vaultbak to a shared OneDrive / Dropbox folder, then import on each device to keep in sync. The file is AES-256 encrypted with your vault password — safe to store in any cloud service.
Change Password
Danger Zone
⚠ Plain-text export contains your MFA secret keys unencrypted. Anyone with this file can generate your 2FA codes.
MFAVAULT
VERSION 1.00
Backup File vs Plain Text Export
🔐 Encrypted Backup (.vaultbak)
The backup file is fully encrypted using AES-256 with your vault password. The secret keys inside are completely unreadable without the correct password. This is the safe way to move your vault between devices or store it in the cloud. If your browser cookies are ever cleared, this is how you restore your tokens — just import the .vaultbak file and enter your password.
⚠ Plain Text Export (.txt)
The plain text export contains every secret key in clear, human-readable form — no encryption whatsoever. Anyone who obtains this file can immediately generate your 2FA codes for every account listed. Use it only when you specifically need to migrate to another authenticator app, and delete it as soon as you are done.
How Your Data Is Stored
MFA Vault stores all token data in an encrypted browser cookie on your device. The cookie contains two layers of AES-256 encryption — one with your personal vault password, and one with an application-level key — so the raw cookie value is unreadable even if someone accesses your browser storage directly. No data is ever sent to any server.
Important: If your browser cookies are cleared or expire, your tokens will disappear from this device. Always keep an up-to-date .vaultbak backup file so you can restore your vault at any time.
Contact & Support
For questions, feedback, or bug reports, contact the developer at: dev@walker-jones.eu
Disclaimer
MFA Vault is provided as-is, with no warranties of any kind, express or implied. Use entirely at your own risk. The developer accepts no liability for lost tokens, inaccessible accounts, data loss, or any other damages arising from the use or misuse of this software. You are solely responsible for maintaining your own backup files and ensuring access to your accounts. Always keep backup codes provided by your services in a separate secure location.
Edit Token
When the code is clicked, this URL will open and the code copied automatically.