I have been looking for a replacement 2FA app since Authy went downhill. Got my codes ready to move into another app. I don’t want to be in the same boat again where privacy and security is a problem so I’m doing more due diligence now. Found this site and like the approach. In terms of MFA, Ente Auth is recommended along with Aegis on the website.
Other places also state Aegis as the defacto standard. Don’t get me wrong I like it but I also like the convenience of a desktop app. This is where Ente seems to be good. What is putting me off is the threads on reddit which granted happened 3 years ago still seem shaky: https://www.reddit.com/r/PrivacyGuides/comments/rjzc9s/compare_cryptee_and_enteio/
It does all seem rather obtuse and not actually concrete on anything. However, even people on the reddit have reservations about Ente Auth being recommended in the v3.17 thread 10 months ago (Can’t link due to limit).
My ultimate question is… am I worrying too much? Everytime I look up what apps people moved to since Authy it’s all “went to ente and been great”.
Personally I use Standard Notes for most of my 2FA needs and then Aegis and 2FAS for a few other specific things. If you’re looking for desktop 2FA Ente is most likely fine, I’d probably be using it myself except I just happened to have a Standard Notes account when migrating from iOS and saw it’s recommended for 2FA by Michael Bazzel so figured I’d use it and it’s been great.
Yes, your link says “Dover, Delaware, United States”, but that’s not reassuring. The state of Delaware is a well-known tax haven for foreign companies… Low taxes, very favorable case law for businesses and easy creation of shell companies.
I’m not saying that Ente is one of them, but this argument doesn’t work well in my eyes. Having an address in Delaware does not confirm activities outside India.
Ente Technologies, Inc. is registered in Wilmington, Delaware, under company number 6668754. This information can be verified through the official Delaware Division of Corporations website. Consequently, Ente is legally subjected to US jurisdiction. However, this does not preclude Ente from conducting operations outside of the United States, nor does Ente assert otherwise. It is well-known that Ente’s development team is based in India.
Desktop operating systems, especially Linux, are a decade behind Android and iOS when it comes to modern privacy and security protections.
While it’s more convenient to have a desktop app, your TOTP seeds are significantly less secure by using one, and you’re also adding a lot of attack surface by having your TOTP seeds on two different devices.
My thoughts on this:
No, you just have been fearmongered by these people on Reddit.
