andOTP is a two-factor authentication App for Android 4.4+
- Free • Open Source
- Android Tablet
What is andOTP?
It implements Time-based One-time Passwords (TOTP) and HMAC-Based One-Time Passwords (HOTP). Simply scan the QR code and login with the generated 6-digit code.
This project started out as a fork of the great OTP Authenticator app written by Bruno Bierbaumer, which has sadly been inactive since 2015. By now almost every aspect of the app has been changed/re-written so the fork status of the Github repository got detached upon user request. But all credit for the original version and for starting this project still goes to Bruno!
- Free and Open-Source
- Requires minimal permissions
- Camera access for QR code scanning
- Storage access for import and export of the database
- Encrypted storage with two backends: Android KeyStore Password / PIN
- Multiple backup options: Plain-text Password-protected OpenPGP-encrypted
- Sleek minimalistic Material Design with three different themes: Light Dark Black (for OLED screens)
- Great Usability
- Compatible with Google Authenticator
- Supported algorithms: TOTP (Time-based One-time Passwords) as specified in RFC 6238 HOTP (HMAC-based One-time Passwords) as specified in RFC 4226
Unmaintained, see https://github.com/andOTP/andOTP and developers announcement on XDA https://forum.xda-developers.com/t/app-4-4-open-source-andotp-open-source-two-factor-authentication-for-android.3636993/post-87021655
- 3,691 Stars
- 355 Forks
- 201 Open Issues
Comments and Reviews
- Password Manager
- Security & Privacy
Unlike FreeOTP you can export/save/backup your database.
Great open source app.
The developer is working on a new app that will have more futures but it will take some time to release it.
The developer said: "I sadly have to admit that the part about the crypto of andOTP being pretty bad is true. This is partially due to the fact that I had absolutely no clue about cryptography and very little coding experience when I forked it. In the beginning I just wanted to add backup functionality but then feature request kept comming in and it kind of snowballed from there. By the point I had enough experience to actually somewhat know what I was doing the code was already pretty bad, which is why I decided to rewrite everything from scratch rather than trying to fix it. Sadly I currently have basically no time to work on it, so this will have to wait."
Just wanted to explain the bad crypto a bit, now I'm off to download you app and play with it a bit. I'm glad to see that there are more open source 2FA alternatives emerging.
"I just want to follow up on this and add that I just now finished fixing the backup encryption. It now uses proper key derivation (PBKDF2 with random salt and iterations). The next release will include this fix. The second point, where the output of the PBKDF2 is split, is still the same. But as /u/beemdevelopment said, it's not nearly as bad as the backup stuff. This part of the code is also only used for the internal database, not for the backups, which should limit it's impact on security a bit (since getting your hands on the internal database file should be way harder than getting a backup file). Nevertheless it will be fixed at some point as well, I just don't have enough time to work on it right now." (Source)
Moved from Authy to andOTP, and I'm glad I did.
Pros: • Everything is saved locally (no cloud backup) • Beautiful UI • Encrypted backup
Con: • I need to remember to keep an additional backup of andOTP backup somewhere other than my phone
Highly configurable, allowing for manual entry or automatic from QR codes. Lots of icons for different applications/accounts. Able to backup!
Much better than any other similar app!
The best and opensource!!! Safe and fast!