Add 2FAS (Authenticator App)

What do you think, do you recommend it? Surely it would be much more practical than Aegis, and do you trust the synchronization with Google Drive?

I consider Aegis as better than 2FAS. It has more functionality and a better privacy policy. In evaluating 2FAS I have also seen some odd behavior which concerns me.

As for using Google Drive, I do not. I go to a lot of trouble to minimize what information Google has about me, so I do not connect to anything Google if I don’t have to.

1 Like

2FAS is recommended to replace Raivo(iOS). I don’t think syncing with Google is a good option.

Their policy states that even they don’t have access to Google’s drive, but I still don’t trust them.
I’m going to stick with Aegis for the time being, which has more functions as well.

1 Like

That’s not an official recommendation, is it?

No, I mean it’s suggested by people to be listed by PG.

1 Like

Here’s an observation I have made on Apple mobile devices:

  • You install 2FAS Auth on a device (in my case an iPhone)
  • You set a PIN and activate biometrics
  • You install the app on another trusted device (in my case an iPad)
  • The app will immediately sync all the 2FA codes

So if somebody has access to your Apple ID they’d also have all your TOTP tokens, They’d just need to do a clean install of 2FAS Auth.

I guess the only workaround is to deactivate iCloud sync?

1 Like

If sb can access our appleid, then we may have a bigger problem than only 2FAS codes, I think. But it’s still not good to sync via iCloud.

Are they open source?

Yes, see first post.

However, if you’re using additional features like cloud sync or Browser Extension – the communication between your phone and your clouds or Browser is e2e encrypted by default. For cloud sync, we are using AES CGM encryption. For Browser Extension we’re using RSA OAEP encryption with SHA-512 algorithm.

after looking into @jonah’s previous post and this, I really do not understand how 2fas can E2EE the cloud backups. Does it mean E2EE for outsiders like 2FAS or does it include Icloud and google?

There’s a reply on Reddit regarding this same question: Their privacy policy is outdated and being reworked. They say they do not collect any personal data.


Just put on toggle off under iCloud section. Settings → Apple ID → iCloud → “APPS USING ICLOUD” → press “Show All” and uncheck the App.
Screenshot attached


So, cloud backups are not encrypted on Android either from what I read in this post, right? It only lets me set a password to a backup, with what I saw in the settings.

I don’t know if this is the ideal place to comment on it but I’m in doubt about whether to use this or Ente Auth (which has improved a lot in recent months) to replace the service I used (Authy)

Marking this suggestion as rejected, the lack of E2EE is confirmed here:

Hi, yes, currently on iOS only the export to file backup is encrypted by custom password. The iCloud backup is encrypted, but using a constant key.

The guidance posted by the developer in that same thread to enable Advanced Data Protection is incorrect, because ADP will not encrypt CloudKit fields that aren’t marked as encrypted values by the developer. Since 2FAS iCloud Backup is enabled by default and not E2EE, this tool doesn’t meet our criteria:

  • Must not sync to a third-party cloud sync/backup service.
    • Optional E2EE sync support with OS-native tools is acceptable, e.g. encrypted sync via iCloud.

ente Auth is probably our next best option on iOS, so we’ll be prioritizing that discussion from now on.


If you deactivate the cloud backups, is there any difference with ente auth? Similar to Aegis on Android with manual backups?

I’m one of the people who moved from Raivo to 2FAs. My preference is to sacrifice a little bit of privacy if this means a good user experience. I’m not sure if this sentiment suits this forum the best, but it’s the one I follow.

But while I think the developers of 2FAs are doing a good job, I don’t feel comfortable with people working on security/privacy tools while using Discord at the same time.

I might move away again, I guess…

Well that requires some manual setting that many will over look while Ente Auth has security out of the box and you can decide easily to use it offline only of sync eith e2ee if you wish. A much more safe recommendation to make to the masses.


It seems to me that they bothhave tradeoffs

Ente auth

1 Like

Disagree. Diagnostics are optional.

The others are used only when you have an account. That’s also optional.