Bulletproof authentication

Security isn’t a feature here. It’s the product.

Vaultr layers authentication with a depth rarely seen in a consumer app — and runs on infrastructure engineered to survive.

Every layer locked

Four ways to prove it’s you.

Passkeys / FIDO2

The full WebAuthn spec — registration challenges, attestation, assertion verification, and counter tracking to stop replay. Unphishable, unforgeable, no password to steal.

Face authentication

A 128-dimension descriptor is computed on your device with liveness detection. Vaultr stores only a SHA-256 hash of it — not your face, not your photo, not even the descriptor.

OTP, done right

SendGrid email + Twilio SMS. Six digits, timing-safe comparison, max 5 attempts, with progressive cooldowns that escalate from 60 seconds to an hour under abuse.

PIN & auto-lock

A 6-digit PIN gates hidden profiles, stored only as a hash, with configurable auto-lock from one minute to never.

The architecture of trust

Built to survive.

API gateway

Longest-prefix routing, per-service circuit breakers, unified request logging with trace IDs.

Saga orchestration

42 multi-step workflows with automatic compensating rollback on any failure — no dangling state.

Distributed locks

Redis-backed per-user locks prevent duplicate transactions, even under network failure.

Idempotency

Every workflow is keyed, so client retries never double-execute.

Zero-downtime key rotation

Fallback JWT secret support rotates signing keys without invalidating active sessions.

Immutable audit trail

Every login, device, passkey, and security event written to an indelible record.

Circuit breaker trips on repeated failure and auto-recovers; the orchestrator’s 42 workflows each roll back cleanly if any step fails.

FAQ

Questions, answered

What authentication methods does Vaultr support?

WebAuthn/FIDO2 passkeys (hardware security keys, Windows Hello, Face ID), on-device face authentication with liveness detection, email and SMS one-time codes, and a PIN for hidden profiles. Wallet transactions add a separate, independent 2FA layer on top.

Does Vaultr store my biometrics?

No. Face descriptors are computed on your device; Vaultr stores only a SHA-256 hash. The raw image never leaves your phone, and the hash can verify you without exposing anything about your face.

How is the backend protected?

Vaultr is a distributed system of independently deployed microservices, each owning its own database and auth layer. An API gateway adds per-service circuit breakers and request tracing; a saga orchestrator runs 42 multi-step workflows with automatic rollback; Redis distributed locks and idempotency keys prevent duplicate or partial operations.

Is there an audit trail?

Yes — every login, failed attempt, password change, new device, passkey registration, face enrollment, and session is written to an immutable audit log.

Keep exploring

Encrypted Vault Coercion-resistant slots + a full secrets manager. Explore Smart Wallet ERC-4337 account abstraction across 9 chains. Explore Messaging E2E unified inbox with in-chat payments. Explore Social Recovery Guardians, backups, device migration. Explore Cards Spend crypto anywhere. (Coming soon) Explore

Every other app asks you to trust it.
Vaultr trusts you.

Your vault. Your keys. Your messages. Your money. Your identity. Your rules. Get it on every platform — and if they’ve blocked the stores where you live, install the PWA and walk right in.

iOSApp Store AndroidGoogle Play Install PWABlocked in your country? Install it anyway.Open on WebUse it in any browser