

andOTP
78 likes
It implements Time-based One-time Passwords (TOTP) and HMAC-Based One-Time Passwords (HOTP). Simply scan the QR code and login with the generated 6-digit code.
License model
- Free • Open Source
Application types
Country of Origin
Germany
EU
Platforms
- Android
- Android Tablet
Discontinued
Unmaintained, see https://github.com/andOTP/andOTP and developers announcement on XDA https://forum.xda-developers.com/t/app-4-4-open-source-andotp-open-source-two-factor-authentication-for-android.3636993/post-87021655. The GitHub repository was also archived in June 2022.
Features
andOTP News & Activities
Highlights All activities
Recent News
No news, maybe you know any news worth sharing?
Share a News TipRecent activities
- dlfinch added andOTP as alternative to Allthenticator
- rgnos liked andOTP
- OpenSourceSoftware added andOTP as alternative to Chronos Authenticator
- K0RR added andOTP as alternative to MFAuth - 2FA Auth + Cloud Sync and 2FA-Auth
What is andOTP?
andOTP information
AlternativeTo Categories
Security & Privacy, Backup & Sync, DevelopmentGitHub repository
- 3,746 Stars
- 374 Forks
- 198 Open Issues
- Updated Jun 14, 2022 (Archived)
Comments and Reviews
Unlike FreeOTP you can export/save/backup your database.
The developer said: "I sadly have to admit that the part about the crypto of andOTP being pretty bad is true. This is partially due to the fact that I had absolutely no clue about cryptography and very little coding experience when I forked it. In the beginning I just wanted to add backup functionality but then feature request kept comming in and it kind of snowballed from there. By the point I had enough experience to actually somewhat know what I was doing the code was already pretty bad, which is why I decided to rewrite everything from scratch rather than trying to fix it. Sadly I currently have basically no time to work on it, so this will have to wait."
Just wanted to explain the bad crypto a bit, now I'm off to download you app and play with it a bit. I'm glad to see that there are more open source 2FA alternatives emerging.
"I just want to follow up on this and add that I just now finished fixing the backup encryption. It now uses proper key derivation (PBKDF2 with random salt and iterations). The next release will include this fix. The second point, where the output of the PBKDF2 is split, is still the same. But as /u/beemdevelopment said, it's not nearly as bad as the backup stuff. This part of the code is also only used for the internal database, not for the backups, which should limit it's impact on security a bit (since getting your hands on the internal database file should be way harder than getting a backup file). Nevertheless it will be fixed at some point as well, I just don't have enough time to work on it right now." (Source)
Moved from Authy to andOTP, and I'm glad I did.
Pros: • Everything is saved locally (no cloud backup) • Beautiful UI • Encrypted backup
Con: • I need to remember to keep an additional backup of andOTP backup somewhere other than my phone
Highly configurable, allowing for manual entry or automatic from QR codes. Lots of icons for different applications/accounts. Able to backup!
Pros:
Much better than any other similar app!
The best and opensource!!! Safe and fast!
Great open source app.
The developer is working on a new app that will have more futures but it will take some time to release it.