2FA Directory is maintained by 2factorauth, a nonprofit organization registered in Sweden. It positions itself as an independent information source that catalogs whether online services support multi-factor authentication, and which authentication methods they support. It is not a typical enterprise SaaS console; it is closer to an open security data directory, with JSON files/API access so developers can reuse the data programmatically.
The site currently supports API Version 4 and Version 3, while v1/v2 are no longer supported. Version 4 is designed for third-party applications and provides JSON datasets such as all, sms, email, totp, u2f, custom-hardware, and custom-software. Fields include methods, documentation, recovery, notes, and custom software/hardware methods. Changes in the GitHub repository are reflected in roughly one minute, making it suitable for security tools, browser extensions, enterprise account security audits, and research reports.
No commercial plans, subscription pricing, or trial mechanism were found. The data is released under the MIT License, and attribution is required if the data is visible to users. The organization is funded through GitHub Sponsors, Open Collective donations, and static ad sponsorships. All JSON files also come with PGP-signed versions that can be verified with GPG. The public key is published via the CERT record for security.2fa.directory, which is a plus for data integrity and supply-chain trust.
Its strengths are that it is open, lightweight, and structured, with clear categorization of authentication methods. Users can download specific datasets as needed, reducing bandwidth and processing costs. PGP signatures and clear version EOL notices also show good developer awareness. Its limitations are that it is not a full SaaS product: there is no team collaboration, permission management, dashboard, audit workflow, SLA, or enterprise support documentation. Frequent requests may also be blocked by Cloudflare, so the official recommendation is to cache data locally.
It is well suited for developers, security researchers, enterprise security teams, and media organizations as a data source for 2FA/MFA support status. It is not suitable for teams looking for an out-of-the-box enterprise security management platform. The page does not provide information about access from mainland China or supported payment methods, so china_access can only be marked as unknown. For use in a corporate environment in China, it is recommended to test network connectivity first and prepare local caching or mirrored data. Alternatives include Passkey Directory, or building an internal authentication capability directory using an enterprise IAM/SSO platform together with an internal asset inventory.
β This review is compiled from public sources and does not constitute a purchase recommendation. Verify all facts on the vendor's official site. Verify on 2fa.directory official site.
2fa.directory is an United States SaaS Tools provider. TG4G tracks its product information, an overall rating of 8.0/10, and a China-accessibility score of China direct-connect friendly. Click "Visit Official Site" to reach 2fa.directory directly.