Ente Auth is an open-source, end-to-end encrypted two-factor authentication app for Mac that stores your TOTP codes in a private, cross-device vault you actually control.
What is Ente Auth?
Ente Auth is a dedicated authenticator application — a privacy-first alternative to Google Authenticator, Authy, and Raivo — built on the same encrypted storage infrastructure that powers Ente Photos. Every secret key and one-time code is encrypted on your device before it ever leaves for the cloud, meaning Ente's servers see only ciphertext. That single design decision separates it from most authenticator apps, which store vault data in plaintext or with provider-held keys.
The Mac app is a native desktop client that keeps your 2FA codes in sync with Ente's mobile apps (iOS and Android) without sacrificing the end-to-end encryption guarantee. Open-source under AGPL-3.0, the code is publicly auditable — not a marketing claim you have to take on faith.
What does Ente Auth do best?
Ente Auth's strongest suit is trustworthy cloud backup with zero knowledge on the provider's side. This is the combination that rivals consistently fumble: Authy has cloud backup but isn't open-source and keeps key derivation server-side; Raivo is open-source but iOS-only; Bitwarden Authenticator recently dropped cloud sync from its free tier.
- End-to-end encrypted vault — your TOTP secrets are encrypted with keys derived from your password before sync. Even a data breach at Ente exposes nothing usable.
- Real desktop presence — unlike mobile-first apps that grudgingly ship an Electron wrapper, the Mac client feels considered: a clean list view, quick search, and a keyboard-accessible code display that makes copying codes into a browser effortless.
- Cross-platform sync — the same vault works on Mac, iPhone, Android, and a web interface. Switch devices without re-scanning a hundred QR codes.
- Offline access — codes are cached locally, so TOTP generation works on an airplane or in a dead zone without any network dependency.
- Icon tagging and organization — Ente ships an automatic icon library for popular services, which sounds cosmetic but genuinely speeds up scanning a long list of accounts at a glance.
Is Ente Auth free?
Ente Auth is free to use as a local and syncing authenticator. The app itself costs nothing to download, and basic sync between devices is covered by a free tier. Ente's paid plans (which also unlock higher storage for Ente Photos) extend the vault further, but for most users protecting their 2FA codes, the free offering is sufficient. There are no ads, and the business model is straightforward subscription storage — not selling your metadata.
Who should use Ente Auth?
Anyone who has already felt the anxiety of being locked out of accounts when a phone breaks or is stolen should move to Ente Auth immediately. It is especially well-suited to power users who want verifiable privacy guarantees — developers, journalists, privacy-conscious professionals — because the open-source code and public audit history let you verify the encryption claims rather than trusting a press release.
If you work across Mac and iPhone heavily, the seamless sync removes the friction of fetching your phone every time a login requires a code. And if you are currently using Authy and have grown uneasy about its closed-source nature and past API incidents, Ente Auth's built-in migration importer makes the switch straightforward.
It is not the right fit if you need hardware-key workflows (YubiKey OTP, FIDO2) — for that, pair it with a physical key. And if your threat model is purely offline with no cloud sync at all, a fully local app like Strongbox or KeePassXC with TOTP might be a better philosophical match.
How does Ente Auth compare to Authy and Raivo?
Authy is the incumbent: mature, polished, widely supported — but closed-source, and the company has full access to your vault keys under its architecture. Raivo is beloved in the Apple ecosystem for its clean design and open-source code, but it remains iOS and macOS only, with sync locked to iCloud. Ente Auth threads the needle: open-source, cross-platform, end-to-end encrypted with a business model (paid storage) that does not require monetising your data. The Mac app is newer and lacks some of Authy's fit-and-finish in edge cases, but for the combination of auditability and cloud convenience, nothing else currently matches it.
What are the best Ente Auth alternatives?
On Mac, the realistic alternatives are Authy (slick, cloud-synced, closed-source), Raivo (open-source, iCloud-only, iOS-first), Bitwarden Authenticator (open-source, but sync is tied to a Bitwarden account), and 1Password's built-in TOTP (convenient if you already pay for it, but conflates your password manager and authenticator into one attack surface). For a purely offline approach, KeePassXC handles TOTP natively. Ente Auth is the only option that combines cross-platform sync, end-to-end encryption, and a fully open-source codebase at no mandatory cost.