Updated: 24th Aug 2024 Reading: 6 minutes

Authenticator

Privacy-friendly Alternatives to Google/Microsoft Authenticator

Weve all been there. Youre trying to get into your bank account at 3 in the morning, only to get hit with that dreaded prompt. “Please verify your identity by entering the code sent to your phone.” Its a minor inconvenience that stacks as more and more services mandate 2FA. Why is it even a thing?

Two-factor authentication (2FA) is an essential security tool in todays digital landscape. Sure, but does it have to be so annoying? Why do you even need an authenticator app at all when you can get SMS codes? Well, the obvious answer is that you cant receive SMS without your phone, so losing it locks you out of all your accounts. Less obvious, but equally important, is the risk of SIM swapping and cloning. This allows hackers to access your accounts without needing your device itself.

You might think, “but why would anyone want to hack a nobody like me?”. You see, hackers arent looking for fame or fortune, theyre looking for opportunity. Even if you think you have nothing worth stealing, your personal information is valuable to hackers. You see, its not just about you, as getting hacked could also affect those you care about. Your accounts and pictures can be used to scam your loved ones. Your information can be used to impersonate you financially by taking out loans in your name. Even your IP address can be used to commit crimes that trace back to you.

But its not just hackers you need to worry about. Your insurance provider, for example, would find great value in your private messages. Say you recently discovered you have a genetic condition. Or maybe you fell off the wagon again after your divorce. Such small clues could alert your insurance that your healthcare costs might go up in the future. This could lead to higher premiums or denied coverage. All based discriminately on your health or lifestyle choices.

So thats why you should be using an authenticator app. If youve tried Googles Authenticator, you already know its terrible. Microsofts is better, but not by much. Until recently, Authy was my go-to recommendation, even though its not open-source. Authy uniquely offered a desktop client, bringing your 2FA tokens cross-device. Of course Authy has its own set of problems, and in early 2024 they discontinued their desktop app. So clearly we need better options.

Cross-platform


Ente Auth

After revolutionizing the photo backup landscape with Ente, they went after 2FA. Ente Auth is a gift to the world from the same developers. Their authenticator is the best Ive ever tried. Not because its beautiful and FOSS. Its also not because it shows you the next code before its even active. Its not the logos, pinning, or organizational tags either. Not even the passkey support or the app lock.

The best thing about Ente Auth is the combination of all the above that makes you want to use 2FA more often. We all know that we should 2FA all the things, but its a hassle. Ente takes the insanity out of 2FA and makes it easy to manage. A big part of this is the desktop app too, which ensures you always have 2FA available to you even if you lose your phone.

At the end of the day, theres no point to enhanced security if youre not going to use it. If youre just getting into security, a single app for passwords and 2FA is certainly easier to manage. But when youre ready to level up your security with a dedicated authenticator app, Ente is as good as it gets.

ProtonPass

ProtonPass is not a standalone 2FA solution. Instead, its bundled into Proton‘s password manager. Sadly, it’s a premium feature. ProtonPass is open-source and available on all devices and browsers.

Bitwarden

Like ProtonPass, Bitwarden is not a dedicated 2FA app. Its the gold standard when it comes to self-hosted password management, and it comes with 2FA. Their free tier doesnt include 2FA, but you can unlock it with a $10/year subscription or by self-hosting it.

Nextcloud

OTPManager is a simple 2FA provider as a Nextcloud app. It does what it says on the tin and nothing more. It offers official Android and iOS clients, as well as browser extensions.

Theres also Nextclouds Password manager. It doesnt include 2FA by default, but some of its third-party mobile apps do.

Android


FreeOTP Plus

FreeOTP Plus is the authenticator app for developers. Its a simple yet rather advanced authenticator. On top of the basics, it allows you to add tokens with custom configurations. You can choose the algorithm, secret, number of digits, interval, and even whether its a TOTP or HOTP. Most users will never use these options, now that QR codes are ubiquitous. Theyre more for developers integrating 2FA into their own projects.

FreeOTP Plus also stands out by giving you the option to export specific tokens to other auth apps. Of course you can still export all your tokens at once.

Aegis

Aegis is the most popular recommendation in the category. The UX is very polished and customizable, but retains FreeOTP Plus‘s advanced setup. In fact, it even allows for more OTP types beyond TOTP and HOTP.

With Aegis, you can protect the app with a password (or biometrics) for added security. You also get the option of backing up your tokens using Androids built-in backup.

iOS


Tofu

Tofu is an open-source authenticator app for iOS. Its a lot like FreeOTP Plus in simplicity and developer-friendliness. Tofu is completely offline and uses the built-in security and backup backbones of iOS. This makes it seamless to migrate between (iOS) devices.

Raivo

Raivo is an attractive FOSS alternative for iOS and Mac. It automatically syncs across your Apple devices and even allows you to set custom app icons. Like Aegis, it keeps the features beloved by developers but in a more polished package.

Authenticator

Authenticator is not open-source!

Authenticator is a commercial 2FA solution for all Apple devices, including watches. They also offer extensions for every web browser out there. Its not open-source though, and calling it “free” would be deceptive. You can only add two accounts to it for free. I only included it for the interesting Apple watch support.

Link copied to clipboard

Get in touch