Communities

Writing
Writing
Codidact Meta
Codidact Meta
The Great Outdoors
The Great Outdoors
Photography & Video
Photography & Video
Scientific Speculation
Scientific Speculation
Cooking
Cooking
Electrical Engineering
Electrical Engineering
Judaism
Judaism
Languages & Linguistics
Languages & Linguistics
Software Development
Software Development
Mathematics
Mathematics
Christianity
Christianity
Code Golf
Code Golf
Music
Music
Physics
Physics
Linux Systems
Linux Systems
Power Users
Power Users
Tabletop RPGs
Tabletop RPGs
Community Proposals
Community Proposals
tag:snake search within a tag
answers:0 unanswered questions
user:xxxx search by author id
score:0.5 posts with 0.5+ score
"snake oil" exact phrase
votes:4 posts with 4+ votes
created:<1w created < 1 week ago
post_type:xxxx type of post
Search help
Notifications
Mark all as read See all your notifications »
Users Search
Help Dashboard Sign In Sign Up
Q&A Meta
Q&A
Posts Tags Edits
Ask Question

Welcome to the Power Users community on Codidact!

Power Users is a Q&A site for questions about the usage of computer software and hardware. We are still a small site and would like to grow, so please consider joining our community. We are looking forward to your questions and answers; they are the building blocks of a repository of knowledge we are building together.

Post History

75%
+4 −0
Q&A Synchronize OTP across multiple devices

You at least have a couple options for open-source alternatives, though cross-platform, open-source, and dedicated authenticators is a very, very small pool of options. This list is therefore mixed...

posted 1mo ago by Zoe‭

Answer
#1: Initial revision by user avatar Zoe‭ · 2024-09-12T22:22:42Z (about 1 month ago) 
You at least have a couple options for open-source alternatives, though cross-platform, open-source, and dedicated authenticators is a very, _very_ small pool of options. This list is therefore mixed with some other alternatives:

1. [Aegis](https://getaegis.app/); android-only, and doesn't _quite_ support sync. However, it does let you export _significantly_ more easily for  backup and multi-device use, so you can store it in whatever other places you feel comfortable with. 

    This only addresses backups and not losing access to your accounts, however. You can also in theory export it to a dedicated desktop authenticator, though as per option 2 and 3, you may have other alternatives that don't require 2+ different authenticators and manual synchronisation. 
2. [Bitwarden](https://bitwarden.com/); cross-platform and cross-browser, but there are some caveats. 

    First, you either need premium (10 dollars per year; quite affordable really), or you need to self-host it. You can either self-host the [official version](https://github.com/bitwarden/server), or [this unofficial version](https://github.com/dani-garcia/vaultwarden) designed to be easier and lighter to self-host.

    Second, this is more of a controversial option. Not because of Bitwarden itself, but because it's also a password manager. If you use it as both an authenticator and a password manager, the argument goes that keeping passwords and 2FA together weakens the security benefit of 2FA; if someone breaches the password manager with your authenticator, the attacker gets your passwords and your 2FA codes in one go.

    Arguments in favour include that [you may already have 2FA and passwords together](https://passwordbits.com/2fa-inside-password-manager/) on your phone, so if someone steals your phone, they get both, and that the benefit of having a secure syncing backup outweighs the risks. The arguments boil down to the reality of the real-world vs. the theoretical steps for max security, and what level of risk you're willing to accept. As that post outlines, there's also a trick you can take if you plan to store passwords alongside 2FA secrets. If you're willing to accept this tradeoff (which I personally am, FWIW), Bitwarden is an option, and it does sync your 2FA tokens. It also lets you export your entire vault if you want an extra backup.

    [This post](https://community.bitwarden.com/t/security-risks-of-using-bitwarden-as-authenticator-and-password-manager/17028) from the Bitwarden forums is also a good read on the topic.
3. [Ente Auth](https://github.com/ente-io/ente?tab=readme-ov-file#ente-auth); cross-platform and dedicated authenticator. The only thing I'm not clear on here is precisely how the sync works, i.e. whether or not the 2FA secrets are also stored in the cloud for backup, or if you need at least one device to operate. The E2EE branding makes it hard to tell if it's P2P mediated by a central server, or if a copy is stored in an encrypted form on a server that only the end-devices can decrypt. I've only heard this one mentioned in passing, so I haven't tried it myself.

    Not sure if it makes a practical difference, but something to keep in mind if you plan to look into it. 

It's also worth noting that Aegis is capable of [importing from google authenticator](https://old.reddit.com/r/Bitwarden/comments/vhkj90/how_to_switch_from_google_authenticator_to_a/id88kja/). Ente Auth is supposed to be able to as well, but if anything is flaky, Aegis is pretty reliable with specifically the import. If you're considering Bitwarden, you will need to use Aegis [or some other way to extract secret keys](https://community.bitwarden.com/t/import-totp-from-google-authenticator/44996/4) from the Google Auth-specific QR codes. Aegis also lets you export the secrets directly, so you can copy them out manually into whatever else you end up using.

 When I migrated away from Google Authenticator, it was incredibly tedious to export stuff out of it. IIRC, the export format differs from the TOTP standard, so you need special support to import it.

Regardless of what you end up using, Aegis can at least be one step in letting you properly move away from Google Authenticator without having to manually set up _every single 2FA thing_ from scratch if the thing you switch to doesn't let you import directly.