Ente Auth vs Proton Authenticator — unclear points about local backup encryption

Questions
11

Hi everyone,

I’ve done some practical tests with Ente Auth and Proton 2FA and wanted to share my findings along with a few questions for the community.

Proton 2FA

  • Allows automatic local backups (daily, weekly, monthly).

  • Backups are encrypted, with a password set specifically for them.

  • Backups are saved in a folder chosen by the user, but they can only be decrypted via the Proton app client — not independently.

  • Manual export is always encrypted, same limitation: it’s not independently usable without the Proton client.

  • I also tested this on Android: the /data folder is visible from PC but empty, probably protected by the system and accessible only through the app.

Ente Auth

  • Does not create automatic local backups, at least as far as I can see.

  • Provides manual export, where the user can choose:

    • encrypted (requires access to the app to decrypt)
    • plaintext (can be stored independently and protected manually by the user)

  • Automatic local backups in Ente: I know Ente does not offer automatic local backups as a visible feature, but I want to ask if anyone knows whether it might create backups behind the scenes in a hidden folder, which would add an extra layer of security. I’d also like to hear your thoughts on whether having automatic local backups in this way is useful or not.

So:

  • Even though Ente does not have automatic local backups (unless it does behind the scenes), I prefer it because it lets me decide when and how to export my 2FA codes.

    • I plan to occasionally do manual plaintext exports, so I can encrypt and store them myself and access them independently whenever I want.

  • Proton provides automatic backups, which is great, but they are always tied to the client, so I can’t maintain independent copies easily.

Test with Discord

  • I also did a test using Discord: I used the same QR code simultaneously to set up 2FA on both Ente and Proton.

  • The TOTP codes generated were different in each app.

  • I haven’t tried logging in with these codes yet — the Discord passkey bypasses 2FA — but I wanted to ask if it is expected that the TOTP codes are different when using the same QR code.

Open Questions

  • Does Ente really create any automatic local backups behind the scenes, even in a hidden folder?

  • Is it normal that TOTP codes differ between Ente and Proton when using the same QR code for the same account?

  • Any thoughts on the trade-offs between automatic client-bound backups (Proton) and manual, user-controlled exports (Ente)?

I hope someone can help me, if they know about this or can do some tests.

1 Like