In “Two-Factor Authentication, Two-Step Verification, and 1Password” (10 July 2023), I explained that for true two-factor authentication, you needed to acquire your time-based one-time password (TOTP) from a device other than the one on which you’re entering. By having 1Password automatically enter those automatically generated six-digit codes for me, I’m instead using two-step verification. That’s much more secure than plain passwords, but not as strong as two-factor authentication because an attacker could compromise 1Password to access both the password and the verification code.
I’m willing to accept that slightly reduced level of security in return for a vastly better user experience, but if you’re not, the Swiss company Proton, best known for the security-focused ProtonMail service and Proton VPN (see “Do You Use It? VPN Use Is Widespread,” 26 May 2025), has introduced a new standalone app for generating two-factor authentication codes. The free and open source Proton Authenticator works like Google Authenticator and Authy, enabling you to add accounts that support two-factor authentication and display the six-digit codes they generate.
What sets Proton Authenticator apart from Google Authenticator and Authy is that it runs on more platforms—iOS, macOS, Windows, Android, and Linux—and can sync its accounts between them. Authy used to support both iOS and macOS and sync accounts between them but dropped its Mac support over a year ago (see “Authy Desktop to Reach End-of-Life on 19 March 2024,” 14 February 2024). In fact, Proton Authenticator’s “Mac app” is actually an iPad app, meaning that it doesn’t really look like a Mac app and runs only on Macs with Apple silicon.
Proton Authenticator claims that it can import existing accounts from itself and Proton’s password manager, Proton Pass (which features the same two-step verification capability as 1Password), plus other two-factor systems, including 2FAS, Aegis Authenticator, Authy, Bitwarden Authenticator, Ente Auth, Google Authenticator, LastPass Authenticator, and Microsoft Authenticator.
However, for Authy and Microsoft Authenticator, Proton Authenticator just indicates that they don’t offer export options, so there’s no way to import from them. Why include them in the interface when there’s no chance they could work?
Missing from the import list are 1Password and Apple’s Passwords. 1Password seems like an understandable omission, since I see no way of extracting the two-factor authentication seed. However, Apple’s Passwords does allow copying of a setup URL that contains a secret attribute you can paste in when manually creating a Proton Authenticator account.
otpauth://totp/Example%3A%20ace%40tidbits.com?secret=h62c5sy3kq3fs4rdsslh3yje&issuer=Example
When creating manual accounts, Proton Authenticator allows you to configure the number of digits it will display and how often they will rotate. For the algorithm, you can choose from SHA1, SHA256, and SHA512, and for the type, between TOTP and STEAM. I honestly have no idea when those might be necessary, but Thag the Security-Conscious Caveman approves.
Other nice touches include:
- When used within the Apple ecosystem, Proton Authenticator lets you sync accounts via iCloud, which is easier than Authy’s separate account.
- To boost security, Proton Authenticator can restrict access using Face ID on the iPhone and Touch ID on the iPad and Mac.
- An option to hide codes ensures that no one can shoulder-surf your codes after you’ve unlocked the app.
- It displays both the current code and the next one (and lets you copy either on the Mac from the contextual menu). This feature is particularly helpful when the current code is about to expire—instead of having to wait for the new code to generate, you can use the next code that’s already displayed.
Overall, Proton Authenticator looks like a solid entry in the burgeoning category for two-factor authentication apps, which—based on a quick App Store search—is flooded with approximately 31,742 entries from aspiring developers who pasted a TOTP library from GitHub into an Xcode project.