The 2FA authenticator for
your browser, secured with
your typing pattern

They are locally stored on your device. The secret codes are stored at the location you installed the extension - on that particular Device/OS/OSUser/ChromeBrowser/ChromeUser, in the local storage.

Yes. You can use the 2FA Authenticator for Free. The main difference between Free and Premium versions is that the Free version is not secured with your email+password+typing pattern anymore. The secured experience only comes with the Premium version. That being said, the Free version experience is faster, as it doesn't require login. Some users prefer this experience.

No. Your user account is stored locally on your device and it only works on the same device and in the same browser, particularly only at the location you created the account (location is defined by Device, OS, OS User, Chrome Browser, and Chrome User). However, you can use the same email address to create new accounts in different locations. In this case, it will be considered a new/different user.

Note that if you have a Premium license, you will be able to use Premium features with the same email address on up to 5 different locations. These would be different accounts, but since they are made with the same email address you will be able to access all premium features on each.

Any two typing patterns are different, even those from the same individual. In order to perform typing biometrics authentication, we need to rely heavily on artificial intelligence technology.

On very different keyboards people tend to type differently. Since a larger reject rate is expected when you switch keyboards please try to type as natural and normal as possible on different keyboards. Note that at any time, if, for example, your keyboard or typing style changes for any reasons, you will be able to reset your typing pattern and password from the app, with a code that will be sent to your email address.

The chance of being rejected by our authentication systems reduces gradually as you use the authenticator. Immediately after installation and during first days of usage we do have a larger false reject rate and from time to time we ask you to type a second time (double verification). False rejects happen mostly when you type in a different/uncomfortable position, with random pauses, and at very different speeds.

For someone to be able to see your 2FA OTP codes (or your secret codes), if you're using the Secured/Premium version, they need to 1. have full access to your computer/browser/user/location, 2. know your credentials (email + password) and 3. type like you. That being said, some people do type very similarly. Our current penetration rate is similar to face recognition when using regular web cameras.

Any TOTP authenticator has to be able to store a secret code, and to generate the 6-digit OTP code whenever requested. However, most authenticators run on a phone (such as Google Authenticator). Our 2FA Authenticator works as a Chrome extension, allowing you to generate your 6-digit codes without the need to use a phone. That being said, you can still use a mobile device as a backup TOTP authenticator.

In addition, our 2FA Authenticator has the ability to encrypt and protect your secret codes, at rest, by using your typing pattern (the TypingDNA technology also known as typing biometrics authentication). This is considered a much safer way to protect your codes and allow you to run 2FA authentication in your apps without compromising your security posture.

If you use a Secured/Premium account, the account is created locally to store the secret codes, however the encryption key will be stored in our authentication cloud, protected with your credentials and your typing pattern. When you log in we collect the following:

• 1. Your unique ID combining: Device + OS + OS User + Chrome Browser + Chrome User + Email Address.
• 2. Your Email address (to be able to reset your account/password, and to activate your Premium license).
• 3. Your Password (for extra security).
• 4. Your Typing Pattern (the way you type your credentials above).
• 5. Commercial license details (if any).

Note that we don't store your secret codes online. In order to migrate secret codes from one Device/OS/OSUser/ChromeBrowser/ChromeUser/EmailAddress to another you will need to use the migration method described below.

To migrate your codes from the 2FA Authenticator (Premium/previous versions) to the Free version, you can always use the import/export secrets functionality, which you can find right below your TOTP codes, and in the Settings section (if you log in the Premium version).

Here is what you have to do if you previously registered a 2FA Authenticator account:

• 1. Log in as usual in the Secured/Premium section with your existing account.
• 2. Go to the Settings menu, and select “Export secrets to file…”.
• 3. Now, switch to the “Free” version from the top-right dropdown menu.
• 4. Choose the “Import secrets…” button at the bottom of the page and import your previously exported file.

Note that you can use the same method to move your codes to a different computer, and/or account. Or to simply export your codes for backup. We suggest further encrypting the file with a password for added security while the backup sits somewhere on your hard drives, or in your cloud.

No. If at any point you lose your device, or ability to log into your Chrome browser, at the location where your 2FA Authenticator was installed, there is NOTHING we can technically do to help you restore your codes, as they were only saved on that particular Device/OS/OSUser/ChromeBrowser/ChromeUser/ location, tagged with your email address. Even if you try to create a separate local account with the same email address on a separate location, you will not be able to access your codes that are saved on the initial location. We say “location” instead of “device” because one device can have multiple operating systems on it, which can have multiple users, which can have multiple Chrome browsers installed, which can have multiple Chrome users logged in, under which you may keep your 2FA Authenticator installed with an email address of your choice.

Yes, you can reset both your typing pattern and your password altogether. You need to open the exact Chrome extension, in the location where you created your account (on the exact same Device/OS/OSUser/ChromeBrowser/ChromeUser). Then select “Unsecured/Premium” in the top-right corner and click the Menu button below. Then, click the “Ask for a reset code” button. Immediately after, we'll send an email message with a temporary reset code that you will have to paste in the above page, then click the “Reset password” button. After this you will be taken through the standard enrollment process, where you will have to put in exactly the same email address, and a new password. During this step, we will also collect your typing biometrics (how you type the email address and password, just the timings between keys, not the actual keys that you type).

Yes, it is possible to create local accounts on separate locations using exactly the same email address, and they will always be completely different local accounts that don't communicate with each other. The only thing that we enabled, is if you have a commercial account with us, you can use Premium local accounts, and log in with the same email address on up to 5 unique locations (different Device/OS/OSuser/ChromeBrowser/ChromeUser). Each of these accounts can have different passwords, as they are separate accounts.

Yes, you can create and log into multiple local accounts on the same device/location (same Device/OS/OSuser/ChromeBrowser/ChromeUser), however, since your commercial account is tight to your email address only a subscribed email address will be able to use the Premium features (for up to 5 unique installs).

Until April 2024, all accounts were secured in the same way, and available freely. We made the change to create the Unsecured+Free version and the Secured+Premium version, because many of our users expressed that they don't need the added security and they actually prefer to not have to log in the app, while others expressed that they would be willing to pay for the added security, and asked us to keep it.

Any user can still access the Secured/Premium version, even if now it is labeled as “Secured/Premium”. Once logged in however you will not be able to see your TOTP codes, nor your secret codes. However, if you have any secret codes stored already, they are still protected in the same way as before. Going forward, you will be able to either purchase a Premium subscription/license, or to export your secret codes to a file. Once you export the secret codes, you can switch to our Free version, and import your codes there. You will be able to use the app in the same way as before, but you will not have to log in anymore. This, however, comes at the expense of reduced security (due to the fact that the Free version does not use your email address, password and typing pattern to keep your secret codes encrypted).

We recommend downloading the technical white paper available above this current section, and if that information is still not enough to give clarity to your problem, you can send us an email to support @ typingdna.com. Note that if your issue sounds somehow similar to “I have lost the device, browser, email access and need to get my codes back” we have no way to solve this problem for you, as your codes are not stored with us, they are stored exclusively on your device at the location you installed the authenticator and created your account. There are many users who come to us with the hope that we could produce their codes once they realize they were lost. Unfortunately, we can't.