Comparison of OTP applications

Last updated

The following is a general comparison of OTP applications that are used to generate one-time passwords for two-factor authentication (2FA) systems using the time-based one-time password (TOTP) or the HMAC-based one-time password (HOTP) algorithms.

Contents

Authenticated implementations

ImplementationDescriptionOnline sync.Operating system / PlatformNon-default
WindowsMacLinuxiOSAndroidJ2MEOtherValue length, dHash, HInterval, TXEpoch, T0 Steam
Aegis AuthenticatorFree and open source app for Android to manage your 2-step verification tokens. [1] Automatic backup to a location of your choosingNoNoNoNoYesNoNoYesYesNoYesYes
Apple Keychain Native password manager on Apple devices. Not on tvOS. [2] Yes [3] Yes [4] YesNoYesNoNoApple Vision ProUnknownUnknownUnknownUnknownUnknown
Bitwarden Open Source Cross platform password manager. 2FA is a premium feature. [5] YesYesYesYesYesYesNoNoYesYesYesUn­knownYes [6]
Bitwarden AuthenticatorFree and open source app for Android and iOS to manage your 2-step verification tokens. [7] NoNoNoNoYesYesNoNoNoNoNoNoNo
SAASPASS Authenticator [8] Cross-platform 2FA Authenticator with TOTP & HOTP generator with sharing capabilities and password manager integration. Multiple device support, Mobile app and web access with multiple backup capabilities.YesYesYesYesYesYesNoNoYesYesYesYesYes
Google Authenticator YesNoNoNoYesYesNoNoNoNoNoNoNo
Yandex Key [9] Simple app for phones from Russian companyYes, manually, for 1 yearNoNoNoYesYesNoNoUn­knownUn­knownUn­knownUn­knownUn­known
IBM Security VerifyUn­knownNoNoNoYesYesNoNoUn­knownUn­knownYesUn­knownUn­known
Microsoft AuthenticatorYesNoNoNoYesYesNoNoNoNoNoNoNo
1Password Cross-platform password manager [10] YesYesYesYesYesYesNoNoNoUn­knownUn­knownUn­knownUn­known
AuthyBy Twilio, from 2015, originally Authy. [11] Previously available for Chrome. [12] YesDiscontinued March 19, 2024 [13] YesYesNoNoYesNoNoNoNo
Enpass [14] Password manager by Sinew Software Systems. Syncs over multiple back-ends.YesYesYesYesYesYesNoNoYesNoYesUn­knownNo
FreeOTP [15] Maintained by RedHat, and based on Google Authenticator.NoNoNoNoYesYesNoNoYesYesYesNoNo
oathtool [16] Command-line tool for generating OTP tokens.NoNoNoYesNoNoNoNoYesYesYesYesUn­known
privacyIDEA Authenticator [17] For use with privacyIDEA Authentication Server, with a secure enrollment process.NoNoNoNoYesYesNoNoYesYesYesNoUn­known
andOTP [18] (unmaintained) [19] Open-source app for Android 4.4+. Compatible with Google Authenticator.NoNoNoNoNoYesNoNoNoNoYesNoNo
Invantive Authenticator [20] Focuses on integration with Invantive Keychain.NoYesNoNoNoNoNoNoYesYesYesYesNo
LastPass Authenticator [21] Cross-platform OTP for mobile devices with support for online backup.YesNoNoNoYesYesNoNoNoNoNoNoNo
Symantec VIPUn­knownNoNoNoYesYesNoUn­knownUn­knownUn­knownUn­knownUn­knownUn­known
TOTP.APP [22] Web-based authenticator not requiring registration.NoYesYesYesYesYesNoNoNoNoNoNoNo
Yubico Authenticator for Desktop [23] By Yubico, for use with Yubikeys.NoYesYesYesNoNoYesYesYesNoNo
Yubico Authenticator for MobileYesYes
KeePassXC [24] Password managerThrough user setup with Syncthing, [25] or only within the KeeWeb [26] online web App [27] YesYesYesNoKeePassDX [28] NoNoYesYesYesNoYes
2FAS [29] Popular, feature rich open-source two-factor authenticator. No account required.Online backup/sync via iCloud or Google DriveThrough browser extension connected to mobile appYesYesNoNoYesYesYesNoNo
2FAuth [30] An open-source PHP web based self-hosted OTP generator, designed for both mobile and desktop.Yes, web basedNoNoYesYesYesNoYes
totp-cli [31] Popular, feature rich open-source two-factor authenticator. No account required.ManuallyNoNoYesYesNoNoNoUn­knownUn­knownUn­knownUn­knownUn­known
Open Authenticator [32] Free, open-source and multiplatform app to manage your TOTPs.Yes, requires a subscription for more than 6 TOTPsYesYesNoYesYesNoNoYesYesYesNoNo
TOTP ME [33] Free, open-source J2ME MIDlet app to manage your TOTPs.ManuallyUsing MicroEmulator app [34] Un­knownUsing J2ME Loader app [35] YesAny with J2ME support or emulatorYesYesYesTime correction in secondsNo
Hotpants [36] Free, open-source J2ME MIDlet app to manage your TOTPs and HOTPs.Import via scanning QR code on screenNoNoNoNoNoYesNoUn­knownUn­knownUn­knownUn­knownNo
Tessera [37] Free, open-source Qt for Symbian and desktop app to manage your TOTPs.Un­knownInitial support for desktopNoCould be portedNo Symbian S60 5th EditionUn­knownUn­knownUn­knownUn­knownUn­known

See also

Related Research Articles

An authenticator is a means used to confirm a user's identity, that is, to perform digital authentication. A person authenticates to a computer system or application by demonstrating that he or she has possession and control of an authenticator. In the simplest case, the authenticator is a common password.

<span class="mw-page-title-main">One-time password</span> Password that can only be used once

A one-time password (OTP), also known as a one-time PIN, one-time passcode, one-time authorization code (OTAC) or dynamic password, is a password that is valid for only one login session or transaction, on a computer system or other digital device. OTPs avoid several shortcomings that are associated with traditional (static) password-based authentication; a number of implementations also incorporate two-factor authentication by ensuring that the one-time password requires access to something a person has as well as something a person knows.

Time-based one-time password (TOTP) is a computer algorithm that generates a one-time password (OTP) using the current time as a source of uniqueness. As an extension of the HMAC-based one-time password algorithm (HOTP), it has been adopted as Internet Engineering Task Force (IETF) standard RFC 6238.

<span class="mw-page-title-main">KeePass</span> Computer password management utility

KeePass Password Safe is a free and open-source password manager primarily for Windows. It officially supports macOS and Linux operating systems through the use of Mono. Additionally, there are several unofficial ports for Windows Phone, Android, iOS, and BlackBerry devices, which normally work with the same copied or shared (remote) password database. KeePass stores usernames, passwords, and other fields, including free-form notes and file attachments, in an encrypted file. This file can be protected by any combination of a master password, a key file, and the current Windows account details. By default, the KeePass database is stored on a local file system.

<span class="mw-page-title-main">Google Authenticator</span> Two-step verification app

Google Authenticator is a software-based authenticator by Google. It implements multi-factor authentication services using the time-based one-time password and HMAC-based one-time password, for authenticating users of software applications.

<span class="mw-page-title-main">1Password</span> Password management software

1Password is a password manager developed by the Canadian software company AgileBits Inc. It supports multiple platforms such as iOS, Android, Windows, Linux, and macOS. It provides a place for users to store various passwords, software licenses, and other sensitive information in a virtual vault that is locked with a PBKDF2-guarded master password. By default, the user’s encrypted vault is hosted on AgileBits’ servers for a monthly fee.

LinOTP is Linux-based software to manage authentication devices for two-factor authentication with one time passwords. It is implemented as a web service based on the python framework Pylons. Thus it requires a web server to run in.

multiOTP Authentication system

multiOTP is an open source PHP class, a command line tool, and a web interface that can be used to provide an operating-system-independent, strong authentication system. multiOTP is OATH-certified since version 4.1.0 and is developed under the LGPL license. Starting with version 4.3.2.5, multiOTP open source is also available as a virtual appliance—as a standard OVA file, a customized OVA file with open-vm-tools, and also as a virtual machine downloadable file that can run on Microsoft's Hyper-V, a common native hypervisor in Windows computers.

<span class="mw-page-title-main">Dashlane</span> Password manager software

Dashlane is a subscription-based password manager and digital wallet application available on macOS, Windows, iOS and Android. Dashlane uses a freemium pricing model with a subscription plan option.

<span class="mw-page-title-main">YubiKey</span> Hardware authentication device

The YubiKey is a hardware authentication device manufactured by Yubico to protect access to computers, networks, and online services that supports one-time passwords (OTP), public-key cryptography, and authentication, and the Universal 2nd Factor (U2F) and FIDO2 protocols developed by the FIDO Alliance. It allows users to securely log into their accounts by emitting one-time passwords or using a FIDO-based public/private key pair generated by the device. YubiKey also allows storing static passwords for use at sites that do not support one-time passwords. Google, Amazon, Microsoft, Twitter, and Facebook use YubiKey devices to secure employee accounts as well as end-user accounts. Some password managers support YubiKey. Yubico also manufactures the Security Key, a similar lower-cost device with only FIDO2/WebAuthn and FIDO/U2F support.

Universal 2nd Factor (U2F) is an open standard that strengthens and simplifies two-factor authentication (2FA) using specialized Universal Serial Bus (USB) or near-field communication (NFC) devices based on similar security technology found in smart cards. It is succeeded by the FIDO2 Project, which includes the W3C Web Authentication (WebAuthn) standard and the FIDO Alliance's Client to Authenticator Protocol 2 (CTAP2).

pH7Builder

'pH7Builder is an open-source social community software written by Pierre-Henry Soria that allows the creation of online communities and social dating services.

<span class="mw-page-title-main">Enpass</span> Password manager

Enpass is a cross-platform offline password management app available as a freemium software with subscription plans as also with one time payment licence.

<span class="mw-page-title-main">FreeOTP</span> Free and open-source two-factor authentication app

FreeOTP is a free and open-source authenticator by RedHat. It implements multi-factor authentication using HOTP and TOTP. Tokens can be added by scanning a QR code or by manually entering the token configuration. It is licensed under the Apache 2.0 license, and supports Android and iOS.

privacyIDEA

privacyIDEA is a two factor authentication system which is multi-tenency- and multi-instance-capable. It is open source, written in Python and hosted at GitHub. privacyIDEA is a LinOTP's fork from 2014.

<span class="mw-page-title-main">KeePassXC</span> Free software password manager

KeePassXC is a free and open-source password manager. It started as a community fork of KeePassX.

<span class="mw-page-title-main">Bitwarden</span> Open-source password manager


Bitwarden is a freemium open-source password management service that is used to store sensitive information, such as website credentials, in an encrypted vault. The platform hosts multiple client applications, including a web interface, desktop applications, browser extensions, mobile apps, and a command-line interface. The platform offers a free US or European cloud-hosted service as well as the ability to self-host.

NordPass is a proprietary password manager launched in 2019. It allows its users to organize their passwords and secure notes by keeping them in a single encrypted vault. NordPass, which operates on a freemium business model, was developed by the VPN service NordVPN.

<span class="mw-page-title-main">Proton Pass</span> Password management software

Proton Pass is a password manager developed by the Swiss software company Proton AG. It stores login credentials, email aliases, credit card data, passkeys, 2FA secret keys, and notes in virtual vaults that are encrypted using 256-bit AES-GCM.

<span class="mw-page-title-main">OnlyKey</span> Hardware security token

OnlyKey is a multi-function hardware security key combining features of a password manager, two-factor authentication (2FA) token, file encryption token, and secure storage device. The device incorporates hardware storage for password and username combinations, while also acting as a portable password manager.

References

  1. "Aegis Authenticator - Secure 2FA app for Android". Aegis Authenticator. Retrieved 29 April 2023.
  2. "Sending passwords to other users or Apple devices". Apple Support. 18 February 2021. Retrieved 23 August 2024.{{cite web}}: CS1 maint: url-status (link)
  3. "Set up iCloud Keychain". Apple Support. 5 August 2024. Archived from the original on 6 August 2024. Retrieved 23 August 2024.
  4. "Set up iCloud Passwords on your Windows computer — in: iCloud for Windows User Guide". Apple Support. Retrieved 23 August 2024.{{cite web}}: CS1 maint: url-status (link)
  5. "Pricing for Individuals and Families | Bitwarden". Bitwarden. Retrieved 23 March 2023.
  6. "Steam Guard TOTPs". Bitwarden. Retrieved 23 March 2023.
  7. "Bitwarden just launched a new authenticator app. Here's what it means to users. | Bitwarden Blog". Bitwarden.
  8. "The 5 Best Two-Factor Authentication Apps for iPhone & Android". Gadget Hacks. 28 February 2020. Retrieved 28 February 2020.
  9. "Yandex Key - Yandex ID. Help". yandex.com. Retrieved 28 May 2024.
  10. "Use 1Password as an authenticator for sites with two-factor authentication". 1Password. Retrieved 7 September 2018.
  11. Lardinois, Frederic (24 February 2015). "Twilio Acquires Two-Factor Authentication Service Authy". TechCrunch. Retrieved 5 March 2018.
  12. "Authy for Chrome App & Extension End of Life". Authy Support. Retrieved 14 February 2024.
  13. "Business customer guide: End of Life (EOL) for use of Authy API with Twilio Authy Desktop apps". Authy Support. Retrieved 14 February 2024.
  14. "Best password manager for iOS, Android, Windows, Linux, Mac | Enpass". www.enpass.io. Retrieved 7 September 2018.
  15. "FreeOTP". freeotp.github.io.
  16. "OATH Toolkit". www.nongnu.org. Retrieved 7 September 2018.
  17. "privacyIDEA Authenticator". GitHub. Retrieved 7 September 2018.
  18. "andOTP/andOTP". GitHub.
  19. flocke (15 July 2017). "[Unmaintained][App][4.4+][Open source] andOTP - Open source two-factor authentication for Android". XDA Forums. Retrieved 12 March 2023.
  20. B.V., Invantive Software. "Invantive Authenticator". two-step-verification.solutions. Retrieved 7 September 2018.
  21. "LastPass - LastPass Authenticator". lastpass.com. Retrieved 7 September 2018.
  22. "Online one-time password generator / TOTP (Google Authenticator) Online". totp.app. Retrieved 7 September 2018.
  23. "Using Your YubiKey with Authenticator Codes : Yubico Support". support.yubico.com. Archived from the original on 2 October 2018. Retrieved 11 March 2023.
  24. Team, KeePassXC. "KeePassXC 2.2.0 released - KeePassXC". keepassxc.org.
  25. "KeePassXC + KeePassDX (Android) Sync guide. A complete starting guide for new users". reddit.com. 10 September 2021. Retrieved 7 July 2023.
  26. "Free Password Manager Compatible with KeePass: KeeWeb". keeweb.info. Retrieved 7 July 2023.
  27. "KeeWeb". keeweb.info. Retrieved 7 July 2023.
  28. "KeePassDX". keepassdx.com. Retrieved 7 July 2023.
  29. "2FA Authenticator App (2FAS)". 2FAS. Retrieved 12 March 2023.
  30. "GitHub - Bubka/2FAuth: A Web app to manage your Two-Factor Authentication (2FA) accounts and generate their security codes". GitHub. Bubka. Retrieved 19 March 2023.
  31. "Authy/Google Authenticator like TOTP CLI tool written in Go". GitHub . Retrieved 28 May 2024.
  32. "Open Authenticator : Secure your online accounts with a free, open-source and lovely-crafted app". Skyost. Retrieved 22 July 2024.
  33. Cacek, Josef (14 April 2024), kwart/totp-me , retrieved 12 August 2024
  34. "totp-me - TOTP for Java ME - Google authenticator". SourceForge .
  35. Shakarun, Nikita, nikita36078/J2ME-Loader
  36. Matti (4 August 2024), baumschubser/hotpants , retrieved 12 August 2024
  37. Janiszewski, Maciej (10 April 2024), ksiazkowicz/Tessera , retrieved 12 August 2024