Get Free Estimate
KeyPass - Passwords & Passkeys app icon

KeyPass - Passwords & Passkeys

Two-factor authentication (2FA) in KeyPass

Last updated June 13, 2026

Two-factor authentication (2FA) adds an extra layer of protection on top of your password. KeyPass supports TOTP-based 2FA—the same standard used by Google Authenticator, Authy, and most websites—so you can store setup keys with your logins, view live codes in Authenticator, and autofill verification codes when you sign in on iPhone, iPad, and Mac.

Note

KeyPass cannot turn on 2FA on a website for you. You must enable 2FA in the site’s security settings first, then add the setup key or QR code to KeyPass.

How to add a 2FA Token?

Follow these steps to save a 2FA token in KeyPass. Each token is linked to a password entry and appears in Authenticator under Logins with 2FA.

Step 1: Enable 2FA on the website or app

  1. Open the site or app’s Security or Account settings.
  2. Enable 2FA, 2-step verification, or authenticator app.
  3. Choose the authenticator app option (not SMS or email, if offered).
  4. The site shows a QR code or setup key (sometimes called a secret key).
  5. Add that token to KeyPass using one of the methods below.

Step 2: Add the token to KeyPass

Method 1: From Authenticator (recommended)

  1. Open Authenticator from the sidebar.
  2. Tap Add 2FA Token.
  3. Read the intro: Setting up 2-factor authentication (2FA) adds an extra layer of protection to your account.
  4. Choose Scan QR Code or Enter setup code.
  5. KeyPass opens Add Password with 2FA prefilled—save the entry.
  6. The token appears under Logins with 2FA with a live code.

Method 2: Add to an existing password

  1. Open a password entry → Edit.
  2. In 2-factor authentication (2FA), tap Add 2FA Token.
  3. Follow the same Scan QR Code or Enter setup code flow.
  4. Save the entry—the live code appears on the detail/edit screen.

Method 3: Enter setup key manually

  1. Tap Enter setup code.
  2. Pick a site from the list or enter a custom site, then add account details.
  3. Paste the base32 setup key or full otpauth:// URL in the field (Enter setup key or otpauth:// URL).
  4. Save the password entry.

Important

If you see Invalid setup key. Please try again., re-copy the key from the site, remove spaces and dashes, or paste the full otpauth:// URL.

Before you start

  • 2FA enabled on the website or app — KeyPass stores and generates codes after you set up 2FA on the site
  • KeyPass installed with your vault unlocked
  • Camera permission (if you plan to Scan QR Code)
  • KeyPass set as Autofill provider (for 2FA Code autofill on iOS 18+)
  • iOS 18 or later for 2FA code autofill (passkey autofill is separate and requires iOS 17+)

Tip

Open Autofill settings from KeyPass → SettingsAutofill, or go to Settings → Passwords → Password Options → AutoFill Passwords and select KeyPass.

Use the Authenticator screen

  1. Open Authenticator from the sidebar.
  2. Under Logins with 2FA, find your login.
  3. View the live 6-digit code (refreshes every 30 seconds).
  4. Watch the countdown timer to know when the code expires.
  5. Tap Copy or use Copy 2FA Token to copy the current code.
  6. Paste the code into the website or app.

Empty state: “No 2FA tokens yet. Add 2FA to a password entry to see it here.”

Copied confirmation: “2FA token copied to clipboard”

Autofill 2FA codes

Requires KeyPass Autofill enabled and iOS 18 or later.

  1. On a verification screen, invoke KeyPass Autofill.
  2. Choose 2FA Code.
  3. If your saved login matches the site, KeyPass fills the current code automatically.
  4. If there is no match, pick a token from the list of all 2FA tokens.
  5. If no tokens exist: “No 2FA tokens found. Add 2FA to a password in KeyPass first.”

Note

2FA autofill is separate from passkey sign-in. Passkeys require iOS 17+; 2FA code autofill requires iOS 18+.

Copy a 2FA code without Autofill

  • Authenticator — tap the copy button on any token
  • Password detail or edit screen — tap Copy 2FA Token
  • Password list — long-press a login → Copy 2FA Token (if 2FA is configured)

Change or remove 2FA

Change 2FA Token when a site rotates your secret:

  • Edit the password → Change 2FA Token, or
  • Re-scan / re-enter the new setup key

Remove 2FA:

  • Authenticator: swipe the token → Remove 2FA, or use the menu (⋯)
  • Edit password: choose Remove 2FA

Confirmation: Remove 2FA from [account]? Your password entry will be kept.

Your password entry remains; only the 2FA secret is deleted.

Backup, restore, and new device

Important

Unlike passkeys, 2FA setup secrets are included in KeyPass backups. After you restore on a new device, your 2FA tokens should work immediately—no re-registration required.

2FA (TOTP) Passkeys
Included in backup Yes (setup secret) Metadata only
After restore Codes work right away Must re-register per site

What is 2FA and how KeyPass supports it

2FA (two-factor authentication) asks for something you know (your password) and something you have (a time-based code). KeyPass generates TOTP codes—a 6-digit number that refreshes every 30 seconds.

Unlike a standalone authenticator app, KeyPass stores each 2FA setup secret inside a password entry. That means:

  • Each 2FA token is linked to a login record
  • Authenticator shows all logins with 2FA in one place
  • Backup and restore includes 2FA secrets (unlike passkeys)
  • Removing 2FA keeps your password; only the token is deleted

Where to find 2FA in KeyPass

  • Sidebar → Authenticator
  • Password entry → Add/Edit → 2-factor authentication (2FA)
  • Password list → long-press → Copy 2FA Token (if configured)
  • KeyPass Autofill extension → 2FA Code

2FA vs passkeys

2FA (TOTP) Passkeys
What it is 6-digit time-based code Passwordless sign-in
Stored in vault Setup secret (yes) Metadata only
Private key export Secret included in backup Private key stays in device Keychain
After restore/new device Works immediately Must re-register on each device
Autofill 2FA Code (iOS 18+) Sign-in with passkey (iOS 17+)
Typical use Second step after password Replaces password entirely

What KeyPass does not support

KeyPass does not support:

  • SMS-based 2FA codes
  • Email verification codes
  • Push notification approval (e.g. “Approve sign-in”)
  • HOTP / counter-based tokens
  • Import from Google Authenticator export files (unless you have the setup key or QR)
  • Standalone tokens not linked to a password entry

Troubleshooting

Problem Solution
Invalid setup key Re-copy from the site; remove spaces/dashes; try the full otpauth:// URL
Code not accepted by site Check device time is correct; wait for the next 30-second code
No tokens in Autofill Add 2FA to a password first; ensure KeyPass Autofill is enabled
Autofill doesn’t auto-match Pick the token manually from the 2FA Code list
QR scan fails Use Enter setup code and paste the manual key instead
Token missing after restore Restore from a backup that includes the password entries
2FA not configured Shows 2FA not configured until you add a token to the password

Security notes

  • 2FA secrets are stored in your encrypted vault
  • Copied codes can auto-clear based on KeyPass clipboard timer settings
  • Do not share setup keys or QR code screenshots
  • Protect your vault with master password, Face ID/Touch ID, PIN, and auto-lock

FAQ

What is 2FA and how does KeyPass support it?

Two-factor authentication (2FA) adds a time-based one-time code (TOTP) on top of your password. KeyPass stores 2FA setup keys with your password entries and generates current codes in the Authenticator tool and Autofill extension.

How do I add a 2FA token to a password?

Open Authenticator from the sidebar, tap Add 2FA Token, then scan the site’s QR code or enter the setup key manually. KeyPass creates a password entry with the token attached. You can also add or change 2FA when editing a password.

What is the Authenticator screen used for?

Authenticator lists every login that has 2FA configured. Each entry shows a live 6-digit code that refreshes every 30 seconds, a countdown timer, and a copy button for quick sign-in.

Can I scan a QR code to set up 2FA?

Yes. During setup, tap Scan QR Code in the 2FA flow. KeyPass reads standard otpauth:// QR codes used by most websites and apps, then fills in the setup key and account details for your password entry.

Can KeyPass autofill 2FA codes when I sign in?

Yes. When a site or app asks for a verification code, open KeyPass Autofill and choose 2FA Code. If your saved login has a matching token, KeyPass supplies the current code. You can also pick from all tokens in the list. Requires iOS 18 or later.

How do I copy or remove a 2FA token?

Tap the copy button on a token in Authenticator or on the password detail screen. To remove 2FA, swipe the token in Authenticator or choose Remove 2FA when editing the password—your password entry is kept.

Need more help?

Contact KeyPass support:

Email: support@navynexa.com
Website: https://www.navynexa.com

KeyPass - Passwords & Passkeys is developed by Navynexa Technologies LLP