NTIK8

Two-Factor Authentication Manager

What is NTIK8?

NTIK8 is a privacy-focused, offline-first Progressive Web Application (PWA) that generates Time-Based One-Time Passwords (TOTP) for two-factor authentication. It stores your 2FA secrets securely on your device and never transmits them anywhere.

How It Works

Local Storage Only

All your account data is stored exclusively on your device using IndexedDB, a browser-based database. No data is ever sent to any server.

Encryption

Your 2FA secrets are protected using military-grade encryption:

  • AES-256-GCM encryption - Industry-standard encryption algorithm
  • PBKDF2 key derivation - Your 6-digit PIN is converted into a secure encryption key using 100,000 iterations
  • Unique salt - Each installation uses a random salt to prevent rainbow table attacks
  • Random initialization vectors (IV) - Each encryption operation uses a unique IV for maximum security

Offline Functionality

NTIK8 works completely offline once installed. It does not require an internet connection to generate your authentication codes.

Security Features

⚠️ Important Security Information

3 Failed Attempts = Complete Data Wipe

After 3 incorrect PIN attempts, all local data will be permanently deleted for your security. This cannot be undone.

PIN Protection

  • 6-digit numeric PIN required to unlock your accounts
  • PIN is never stored in plain text
  • PIN is used to derive the encryption key
  • Automatic lockout after 3 failed attempts

Data Isolation

  • Your encrypted data never leaves your device
  • No analytics or tracking
  • No third-party services
  • No advertisements

Privacy Policy

Zero Data Collection

NTIK8 collects zero personal information. We have no way to access, view, or recover your data.

No Server Communication

NTIK8 does not communicate with any servers after initial installation. All operations happen locally on your device.

No Cookies

NTIK8 does not use cookies. The only browser storage used is:

  • IndexedDB - For encrypted account storage
  • LocalStorage - For theme preference (dark/light mode) only

No Account Required

NTIK8 does not require any account creation, email address, or personal information.

Data Backup & Recovery

⚠️ Critical: No PIN Recovery

If you forget your PIN, there is no way to recover your accounts. The encryption is designed to be unbreakable without the correct PIN.

Export Your Data

You can export your encrypted data as a backup file. This file contains your encrypted secrets and can be imported on another device or after reinstalling NTIK8.

Important: The exported file is still encrypted with your PIN. You must remember your PIN to import and decrypt the backup.

Recommendations

  • Choose a PIN you will remember
  • Create regular encrypted backups using the export feature
  • Store backup files securely
  • Keep backup codes from your 2FA providers as a fallback

Limitations & Disclaimers

  • Device-specific: Data is stored on the device where NTIK8 is installed
  • Browser-dependent: Clearing browser data will delete your accounts
  • No cloud sync: NTIK8 does not sync across devices
  • User responsibility: You are responsible for remembering your PIN and maintaining backups
  • No warranty: NTIK8 is provided "as is" without warranty of any kind

Technical Specifications

  • Encryption: AES-256-GCM
  • Key Derivation: PBKDF2 with 100,000 iterations, SHA-256
  • TOTP Algorithm: RFC 6238 compliant
  • Time Step: 30 seconds
  • Code Length: 6 digits
  • Storage: IndexedDB (encrypted)

Open Source

NTIK8 is built with transparency in mind. The code uses standard web technologies and well-established cryptographic libraries.

Your Rights

Since NTIK8 collects no data about you:

  • There is no data to request, modify, or delete from any server
  • You have complete control over your local data
  • You can delete all data at any time by clearing your browser storage or uninstalling the app