The following is a general comparison of OTP applications that are used to generate one-time passwords for two-factor authentication (2FA) systems using the time-based one-time password (TOTP) or the HMAC-based one-time password (HOTP) algorithms.
Implementation | Description | Online sync. | Operating system / Platform | Non-default | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Windows | Mac | Linux | iOS | Android | J2ME | Other | Value length, d | Hash, H | Interval, TX | Epoch, T0 | Steam | |||
Aegis Authenticator | Free and open source app for Android to manage your 2-step verification tokens. [1] | Automatic backup to a location of your choosing | No | No | No | No | Yes | No | No | Yes | Yes | No | Yes | Yes |
Apple Keychain | Native password manager on Apple devices. Not on tvOS. [2] | Yes [3] | Yes [4] | Yes | No | Yes | No | No | Apple Vision Pro | Unknown | Unknown | Unknown | Unknown | Unknown |
Bitwarden | Open Source Cross platform password manager. 2FA is a premium feature. [5] | Yes | Yes | Yes | Yes | Yes | Yes | No | No | Yes | Yes | Yes | Unknown | Yes [6] |
Bitwarden Authenticator | Free and open source app for Android and iOS to manage your 2-step verification tokens. [7] | No | No | No | No | Yes | Yes | No | No | No | No | No | No | No |
SAASPASS Authenticator [8] | Cross-platform 2FA Authenticator with TOTP & HOTP generator with sharing capabilities and password manager integration. Multiple device support, Mobile app and web access with multiple backup capabilities. | Yes | Yes | Yes | Yes | Yes | Yes | No | No | Yes | Yes | Yes | Yes | Yes |
Google Authenticator | Yes | No | No | No | Yes | Yes | No | No | No | No | No | No | No | |
Yandex Key [9] | Simple app for phones from Russian company | Yes, manually, for 1 year | No | No | No | Yes | Yes | No | No | Unknown | Unknown | Unknown | Unknown | Unknown |
IBM Security Verify | Unknown | No | No | No | Yes | Yes | No | No | Unknown | Unknown | Yes | Unknown | Unknown | |
Microsoft Authenticator | Yes | No | No | No | Yes | Yes | No | No | No | No | No | No | No | |
1Password | Cross-platform password manager [10] | Yes | Yes | Yes | Yes | Yes | Yes | No | No | No | Unknown | Unknown | Unknown | Unknown |
Authy | By Twilio, from 2015, originally Authy. [11] Previously available for Chrome. [12] | Yes | Discontinued March 19, 2024 [13] | Yes | Yes | No | No | Yes | No | No | No | No | ||
Enpass [14] | Password manager by Sinew Software Systems. Syncs over multiple back-ends. | Yes | Yes | Yes | Yes | Yes | Yes | No | No | Yes | No | Yes | Unknown | No |
FreeOTP [15] | Maintained by RedHat, and based on Google Authenticator. | No | No | No | No | Yes | Yes | No | No | Yes | Yes | Yes | No | No |
oathtool [16] | Command-line tool for generating OTP tokens. | No | No | No | Yes | No | No | No | No | Yes | Yes | Yes | Yes | Unknown |
privacyIDEA Authenticator [17] | For use with privacyIDEA Authentication Server, with a secure enrollment process. | No | No | No | No | Yes | Yes | No | No | Yes | Yes | Yes | No | Unknown |
andOTP [18] (unmaintained) [19] | Open-source app for Android 4.4+. Compatible with Google Authenticator. | No | No | No | No | No | Yes | No | No | No | No | Yes | No | No |
Invantive Authenticator [20] | Focuses on integration with Invantive Keychain. | No | Yes | No | No | No | No | No | No | Yes | Yes | Yes | Yes | No |
LastPass Authenticator [21] | Cross-platform OTP for mobile devices with support for online backup. | Yes | No | No | No | Yes | Yes | No | No | No | No | No | No | No |
Symantec VIP | Unknown | No | No | No | Yes | Yes | No | Unknown | Unknown | Unknown | Unknown | Unknown | Unknown | |
TOTP.APP [22] | Web-based authenticator not requiring registration. | No | Yes | Yes | Yes | Yes | Yes | No | No | No | No | No | No | No |
Yubico Authenticator for Desktop [23] | By Yubico, for use with Yubikeys. | No | Yes | Yes | Yes | — | — | No | No | Yes | Yes | Yes | No | No |
Yubico Authenticator for Mobile | — | — | — | Yes | Yes | |||||||||
KeePassXC [24] | Password manager | Through user setup with Syncthing, [25] or only within the KeeWeb [26] online web App [27] | Yes | Yes | Yes | No | KeePassDX [28] | No | No | Yes | Yes | Yes | No | Yes |
2FAS [29] | Popular, feature rich open-source two-factor authenticator. No account required. | Online backup/sync via iCloud or Google Drive | Through browser extension connected to mobile app | Yes | Yes | No | No | Yes | Yes | Yes | No | No | ||
2FAuth [30] | An open-source PHP web based self-hosted OTP generator, designed for both mobile and desktop. | Yes, web based | No | No | Yes | Yes | Yes | No | Yes | |||||
totp-cli [31] | Popular, feature rich open-source two-factor authenticator. No account required. | Manually | No | No | Yes | Yes | No | No | No | Unknown | Unknown | Unknown | Unknown | Unknown |
Open Authenticator [32] | Free, open-source and multiplatform app to manage your TOTPs. | Yes, requires a subscription for more than 6 TOTPs | Yes | Yes | No | Yes | Yes | No | No | Yes | Yes | Yes | No | No |
TOTP ME [33] | Free, open-source J2ME MIDlet app to manage your TOTPs. | Manually | Using MicroEmulator app [34] | Unknown | Using J2ME Loader app [35] | Yes | Any with J2ME support or emulator | Yes | Yes | Yes | Time correction in seconds | No | ||
Hotpants [36] | Free, open-source J2ME MIDlet app to manage your TOTPs and HOTPs. | Import via scanning QR code on screen | No | No | No | No | No | Yes | No | Unknown | Unknown | Unknown | Unknown | No |
Tessera [37] | Free, open-source Qt for Symbian and desktop app to manage your TOTPs. | Unknown | Initial support for desktop | No | Could be ported | No | Symbian S60 5th Edition | Unknown | Unknown | Unknown | Unknown | Unknown |
An authenticator is a means used to confirm a user's identity, that is, to perform digital authentication. A person authenticates to a computer system or application by demonstrating that he or she has possession and control of an authenticator. In the simplest case, the authenticator is a common password.
A one-time password (OTP), also known as a one-time PIN, one-time passcode, one-time authorization code (OTAC) or dynamic password, is a password that is valid for only one login session or transaction, on a computer system or other digital device. OTPs avoid several shortcomings that are associated with traditional (static) password-based authentication; a number of implementations also incorporate two-factor authentication by ensuring that the one-time password requires access to something a person has as well as something a person knows.
Time-based one-time password (TOTP) is a computer algorithm that generates a one-time password (OTP) using the current time as a source of uniqueness. As an extension of the HMAC-based one-time password algorithm (HOTP), it has been adopted as Internet Engineering Task Force (IETF) standard RFC 6238.
KeePass Password Safe is a free and open-source password manager primarily for Windows. It officially supports macOS and Linux operating systems through the use of Mono. Additionally, there are several unofficial ports for Windows Phone, Android, iOS, and BlackBerry devices, which normally work with the same copied or shared (remote) password database. KeePass stores usernames, passwords, and other fields, including free-form notes and file attachments, in an encrypted file. This file can be protected by any combination of a master password, a key file, and the current Windows account details. By default, the KeePass database is stored on a local file system.
Google Authenticator is a software-based authenticator by Google. It implements multi-factor authentication services using the time-based one-time password and HMAC-based one-time password, for authenticating users of software applications.
1Password is a password manager developed by the Canadian software company AgileBits Inc. It supports multiple platforms such as iOS, Android, Windows, Linux, and macOS. It provides a place for users to store various passwords, software licenses, and other sensitive information in a virtual vault that is locked with a PBKDF2-guarded master password. By default, the user’s encrypted vault is hosted on AgileBits’ servers for a monthly fee.
LinOTP is Linux-based software to manage authentication devices for two-factor authentication with one time passwords. It is implemented as a web service based on the python framework Pylons. Thus it requires a web server to run in.
multiOTP is an open source PHP class, a command line tool, and a web interface that can be used to provide an operating-system-independent, strong authentication system. multiOTP is OATH-certified since version 4.1.0 and is developed under the LGPL license. Starting with version 4.3.2.5, multiOTP open source is also available as a virtual appliance—as a standard OVA file, a customized OVA file with open-vm-tools, and also as a virtual machine downloadable file that can run on Microsoft's Hyper-V, a common native hypervisor in Windows computers.
Dashlane is a subscription-based password manager and digital wallet application available on macOS, Windows, iOS and Android. Dashlane uses a freemium pricing model with a subscription plan option.
The YubiKey is a hardware authentication device manufactured by Yubico to protect access to computers, networks, and online services that supports one-time passwords (OTP), public-key cryptography, and authentication, and the Universal 2nd Factor (U2F) and FIDO2 protocols developed by the FIDO Alliance. It allows users to securely log into their accounts by emitting one-time passwords or using a FIDO-based public/private key pair generated by the device. YubiKey also allows storing static passwords for use at sites that do not support one-time passwords. Google, Amazon, Microsoft, Twitter, and Facebook use YubiKey devices to secure employee accounts as well as end-user accounts. Some password managers support YubiKey. Yubico also manufactures the Security Key, a similar lower-cost device with only FIDO2/WebAuthn and FIDO/U2F support.
Universal 2nd Factor (U2F) is an open standard that strengthens and simplifies two-factor authentication (2FA) using specialized Universal Serial Bus (USB) or near-field communication (NFC) devices based on similar security technology found in smart cards. It is succeeded by the FIDO2 Project, which includes the W3C Web Authentication (WebAuthn) standard and the FIDO Alliance's Client to Authenticator Protocol 2 (CTAP2).
'pH7Builder is an open-source social community software written by Pierre-Henry Soria that allows the creation of online communities and social dating services.
Enpass is a cross-platform offline password management app available as a freemium software with subscription plans as also with one time payment licence.
FreeOTP is a free and open-source authenticator by RedHat. It implements multi-factor authentication using HOTP and TOTP. Tokens can be added by scanning a QR code or by manually entering the token configuration. It is licensed under the Apache 2.0 license, and supports Android and iOS.
privacyIDEA is a two factor authentication system which is multi-tenency- and multi-instance-capable. It is open source, written in Python and hosted at GitHub. privacyIDEA is a LinOTP's fork from 2014.
KeePassXC is a free and open-source password manager. It started as a community fork of KeePassX.
Bitwarden is a freemium open-source password management service that is used to store sensitive information, such as website credentials, in an encrypted vault. The platform hosts multiple client applications, including a web interface, desktop applications, browser extensions, mobile apps, and a command-line interface. The platform offers a free US or European cloud-hosted service as well as the ability to self-host.
NordPass is a proprietary password manager launched in 2019. It allows its users to organize their passwords and secure notes by keeping them in a single encrypted vault. NordPass, which operates on a freemium business model, was developed by the VPN service NordVPN.
Proton Pass is a password manager developed by the Swiss software company Proton AG. It stores login credentials, email aliases, credit card data, passkeys, 2FA secret keys, and notes in virtual vaults that are encrypted using 256-bit AES-GCM.
OnlyKey is a multi-function hardware security key combining features of a password manager, two-factor authentication (2FA) token, file encryption token, and secure storage device. The device incorporates hardware storage for password and username combinations, while also acting as a portable password manager.
{{cite web}}
: CS1 maint: url-status (link){{cite web}}
: CS1 maint: url-status (link)