Authentication, not password sprawl
TOTPBOX keeps a strict product boundary: protect authentication factors and recovery flows without becoming a general-purpose password manager.
About
Building a safer bridge from TOTP to Passkeys
TOTPBOX exists to reduce security debt in modern authentication. We focus on the transition window where users still depend on TOTP but need practical migration to Passkeys.
Local-first by default
Sensitive records are encrypted on-device first. Cloud functionality is optional and designed around ciphertext handling.
Passkeys as the destination
TOTP is important today, but the long-term strategy is migration to phishing-resistant, hardware-bound credentials.
Operational clarity
Security tooling should explain what to do next, not just show codes. That is why migration guidance and account posture are core features.
Team and contact
TOTPBOX is currently built and maintained by Perry Lei, with a focus on security architecture, product reliability, and clear migration workflows for real-world authentication operations.