Moat keeps your 2FA codes and passwords encrypted on your device — and end-to-end encrypted in the cloud. No tracking. No one can read them but you.
Generates codes for thousands of services that support two-factor authentication
Personalize
Four hand-crafted app icons and full light/dark theming. A small touch that makes a security app feel like it belongs to you.
Passwords too
An optional password vault lives right alongside your codes — encrypted in the iOS Keychain, revealed only after Face ID.
Switch in a minute
Move from Google Authenticator in one scan, then keep everything safe across devices with optional encrypted backup.
Moatotpauth:// links & photos
Security, in plain terms
No vague promises. Here's exactly how your data is protected — and why even we can't read it.
2FA secrets and passwords live in the iOS Keychain, protected by device encryption and excluded from unencrypted backups. They never leave in readable form.
Turn on backup and everything is encrypted on-device before upload with AES-256-GCM. Our servers only ever store ciphertext.
Your key is derived with PBKDF2-SHA256 at 210,000 iterations (current OWASP guidance), with random salts. Keys never leave your device.
We have no ability to read your secrets or passwords. Lose your recovery key and not even we can restore them — that's the point.
No analytics SDKs, no advertising, no web beacons, no third-party logo fetches. We don't sell or share your data — there's nothing to sell.
Codes follow TOTP (RFC 6238) and HOTP (RFC 4226), so they work with thousands of services worldwide.
No sign-up required. No analytics, no trackers, no ads. The only data that ever leaves your device is end-to-end encrypted — and we can't read it. Read our privacy policy →
Free to start. Upgrade anytime for unlimited accounts, encrypted backup, and sync across your devices.
Download on the App Store