Losing your phone with Google Authenticator installed can lock you out of every account permanently. Ente Auth solves this with end-to-end encrypted cloud backup — your TOTP codes sync across devices and survive phone loss, without Ente or anyone else being able to read them.
Why Not Google Authenticator?
Google Authenticator added cloud backup in 2023, but it’s not end-to-end encrypted — Google can read your TOTP secrets. If Google’s servers are breached or your Google account is compromised, all your 2FA codes are exposed.
Authy (the popular alternative) also backs up to Twilio’s servers without true E2E encryption.
What Is Ente Auth?
Ente Auth is a free, open-source TOTP authenticator built by the team behind Ente Photos (an end-to-end encrypted Google Photos alternative). It uses the same encryption architecture: your secrets are encrypted on your device with your password before being stored on Ente’s servers.
Key features:
- End-to-end encrypted backup (your password = your key)
- Cross-platform: Android, iOS, macOS, Windows, Linux, and a web app
- No account required if you just want a local-only authenticator
- Open source: both the app and server code are on GitHub
- Self-hostable: run your own Ente server if you want zero trust
- TOTP and HOTP support
- Encrypted export: export your codes to an encrypted file for local backup
Setup
Mobile (Android / iOS)
- Download Ente Auth from Google Play or App Store
- Open → Sign Up (or Skip for local-only mode)
- Enter an email and a strong password — this password cannot be recovered
- Add accounts by scanning QR codes or entering keys manually
Desktop (Windows/macOS/Linux)
Download from ente.io/auth — native apps available.
Or use the web app at auth.ente.io — fully functional in any browser.
Migrating from Other Authenticators
From Google Authenticator
Google Authenticator (as of 2024) allows exporting as a QR code. Ente Auth can scan this:
Mobile: Ente Auth → Import → Google Authenticator → scan the displayed QR code
From Authy
Authy doesn’t offer a direct export. Use android-authenticator-export tools (requires ADB and a non-rooted Android device in some cases). The process is more involved — search for “Authy export” for current methods.
From any TOTP app
Most authenticators export a standard text file or URI list:
- Export from source app
- Ente Auth → Import → select format
- Supported formats: Google Authenticator, Aegis, Bitwarden, 2FAS, plain text
Backup Verification
After setting up, verify your backup works:
- Sign out of Ente Auth
- Sign back in with your email and password
- Confirm all codes are restored
Do this before you need it, not after phone loss.
Local Encrypted Export
For offline backup:
Settings → Data → Export Codes → Encrypted Export
This creates an AES-256 encrypted JSON file containing all your TOTP secrets. Store it in:
- A password-manager secure note
- Encrypted drive (VeraCrypt)
- Printed QR code in a physical safe
Keep multiple backup copies in different locations.
Ente vs. Aegis vs. Authy
| Feature | Ente Auth | Aegis | Authy |
|---|---|---|---|
| E2E encrypted backup | ✓ | Manual (local file) | ✗ |
| Open source | ✓ | ✓ | ✗ |
| Cross-platform sync | ✓ | Manual | ✓ |
| Android | ✓ | ✓ | ✓ |
| iOS | ✓ | ✗ | ✓ |
| Desktop | ✓ | ✗ | ✗ |
| Self-hostable | ✓ | N/A | ✗ |
Aegis (Android-only) is excellent for local-only use. Ente Auth wins for cross-platform with E2E cloud backup.
Self-Hosting
If you want zero dependency on Ente’s servers:
# Clone and run ente server
git clone https://github.com/ente-io/ente
cd ente/server
docker-compose up
Point the Ente Auth app to your self-hosted server URL in Settings → Developer.
Ente Auth is the right choice for anyone who wants 2FA backup they can trust. The combination of E2E encryption, open source code, and cross-platform sync makes it the best-in-class option for privacy-conscious users who’ve outgrown local-only authenticators.