Good morning,
I’ve needed to use these authenticator apps more and more recently. I know Proton has one that they just released.
Is Proton the best authenticator app that’s available?
It’s still very low on users compared to the competition like Microsoft’s authenticator app has more than 100 million users 
:
Compare that to Proton’s authenticator app:
What do the privacy experts here think?
Privacy Guides has their recommendations on this. Please read up. It’s a basic question that has been discussed on here before.
I personally prefer Ente Auth, Proton Authenticator, and my password manager’s built in feature for my 2FA needs. Go with Ente Auth, it’s a lot more versatile and you can also use the web version to view your 2FA info.
But under no circumstances should you use Microsoft’s or Google’s Auth apps.
You can find the Privacy Guides recommendations here.
I appreciate your replies!
Could someone explain to me why Proton’s authenticator app isn’t recommended? Proton is probably the most popular company amongst our community…
Probably just because it’s still pretty new. I believe it meets the minimum criteria. If you’d like you can open a new site development topic here on the forum to suggest adding it.
I appreciate your reply!
I don’t like the idea of taking up forum space!
However, I’m curious why MS’ and Google’s authenticator apps aren’t recommended when MS’s authenticator app has over 100million users…
You can find the minimum criteria at the bottom of the recommendations page:
Source code must be publicly available.
Must not require internet connectivity.
Cloud syncing must be optional; sync functionality, if available, must be E2EE.
I don’t believe either of those apps are open source. Both offer sync but I don’t believe either has E2EE sync functionality. I am not sure if they require internet or if cloud sync is optional, but regardless they don’t seem to meet the criteria.
You should feel welcome to create topics like this. I’m sure that others on the forum are using or have considered using Proton auth, so it would be good to start a discussion about it even if you aren’t sure if you would recommend it be added to the site.
Please take the time to use the search feature before posting, this was discussed in multiple threads already.
What you’re asking is has already been discussed. It’s prudent and necessary to do basic research here before asking simple questions.
You don’t look like a new user here so I’m surprised you do not realize how bad MSFT and Google are with anything they do from a privacy perspective so having this question is perplexing to me.
Slightly off-topic but I wonder why Yubico Authenticator is not recommended here too?
Yes, you need a Yubikey for that but it’s the best zero-trust tool and self-contained IMO. Also, I don’t need 15 features for any potential TOTP codes.
Also, you can have the TOTP code on all of your hardware keys, hence very safe backups.
I would still recommend Ente if I had to choose an app on my phone tho. 
If you’ve ever worked in a corporate environment, it’s pretty obvious why Microsoft Authenticator has the download count it has. It’s pretty much the go-to with most companies mandating it even if it means you have to use your personal device to do so. Some companies force their proprietary methods which leaves employees no choice.
Many people don’t give a second thought to authenticator apps to the point that they’ll have multiple installed due to thinking that Microsoft Authenticator is for Microsoft, Google Authenticator is for Google, etc.
I recently on-boarded with a company that asked me to install Microsoft Authenticator. I, reluctantly, complied but couldn’t progress with setup when the app crapped itself because I don’t have Google Play Services. They let me use TOTP (through Ente Auth) when they couldn’t figure out how to proceed. 
(I used to use Aegis, which is still a great option, but switched over to Ente Auth recently.)
I would just point out that users seem to think this is more of a choice then it is for the company. If your company is already embedded in the 365 ecosystem, like the majority of companies are, there are many services that only allow Microsoft authenticator (or a small handful of options such as Microsoft or Google).
I’m confused between Ente Auth and Aegis. which one I should choose for better privacy?
I like Ente Auth. Privacy & security is top notch. Plus its a lot more usable on more platforms.
If you want sync, go with Ente. If you don’t care, it really doesn’t matter
Both are probably just fine.
It’s not always a single winner, especially for something as basic as an Auth app. 
Aegis is rock solid. I put it on my Mom’s phone because of the painless backup with Google’s backup. Should she get a new phone, app and data will move.
Ente is rock solid. It has local functionality that you’ll have to manage your backups, or you can use their service and put your keys online. Beware of creating a loop if you put TOTP on your Ente account and use their app + service.
I use Aegis. I have Ente. Functionality is very closely similar.
I don’t think that any company has the right to force you to adopt any specific service providers when it comes to your own personal IT requirements. If your employer is requiring you to do so it certainly begs the question as to why. Obviously if you are using one of their devices I get it, but there is nothing to stop you buying your own.
I’m worried about using Ente Auth because, according to TrackerControl, I’ve seen that Ente apps have an entry tracker. Even Proton apps also have this tracker; I checked the F-Droid build as well. I don’t know if this is a privacy issue or not, but it looks strange to me.
Until now, I believed that apps on F-Droid didn’t contain any type of tracker, but it seems I was wrong.
May I ask why you chose Google Backup instead of any encrypted cloud storage?
The doubt that’s constantly running in my mind is whether it’s good for privacy to upload my keys to the cloud. I know Ente uses end-to-end encryption to sync this data, but still, since this is a way of verifying my online accounts, I have this concern.
My goal is not to compare Aegis and Ente Auth, but to determine whether it’s considered private and safe to keep my keys on an encrypted cloud. By the way, I’ve written down those security keys on paper, so there’s no need to worry about losing access to my online accounts.