andOTP

[Unmaintained] Open source two-factor authentication for Android

andOTP is currently unmaintained, please check GitHub for additional details.

andOTP implements Time-based One-time Passwords (TOTP) like specified in RFC 6238 (HOTP support is currently in beta testing). Simply scan the QR code and login with the generated 6-digit code.

Features:

•  Free and Open-Source

•  Requires minimal permissions:

 •  Camera access for QR code scanning

 •  Storage access for import and export of the database

•  Encrypted storage with two backends:

 •  Android KeyStore (can cause problems, please only use if you absolutely have to)

 •  Password / PIN

•  Multiple backup options:

 •  Plain-text

 •  Password-protected

 •  OpenPGP-encrypted

•  Sleek minimalistic Material Design with three different themes:

 •  Light

 •  Dark

 •  Black (for OLED screens)

•  Great Usability

•  Compatible with Google Authenticator

Backups:

To keep your account information as secure as possible andOTP only stores it in encrypted data files. There are two methods of encryption which can be used: the Android KeyStore or a Password / PIN.

The KeyStore is a system component of Android for securely storing cryptographic keys, the advantage of this approach is that the key is kept separate from the apps data and, as a bonus, can be backed by hardware cryptography (if your device supports this). However, due to that separation, backups with 3rd-party apps like Titanium Backup can not be used if this method is chosen. Such apps only backup the encrypted data files and not the encryption key, which renders them useless. In this case you will have to rely on the internal backup functions provided by andOTP!

The KeyStore is known to cause a lot of problems, so please only use it if you absolutely have to and know what you are doing. In that case please make sure to make regular backups in case something goes wrong. It is always recommended to use a password or PIN instead!

Beta testing:

If you found a bug during beta testing, please submit your feedback directly on Github (https://github.com/andOTP/andOTP/issues) because for some reason I don't always get notified when new beta feedback is submitted on the Google Play Store.

Open source:

This app is fully open source (licenses under the MIT license), you can check out the source on GitHub: https://github.com/andOTP/andOTP

andOTP is a fork of the great OTP Authenticator app written by Bruno Bierbaumer, which has sadly been inactive for a while. All credit for the original version goes to Bruno. It has since been removed from Google Play, but you can still find the code of his app here: https://github.com/0xbb/otp-authenticator