Ente Auth Guide

Two-factor authentication (2FA) has become indispensable for securing our online accounts. In addition to your usual password, it requires a temporary code, usually generated by a dedicated application. This mechanism, known as TOTP (Time-Based One-Time Password), guarantees that even if your password is compromised, an attacker will not be able to access your account without possessing this second factor, renewed every 30 seconds.

However, choosing the right authentication application is not trivial. Google Authenticator, though popular, has major limitations: proprietary code impossible to audit, synchronization without end-to-end encryption, and risk of total loss of codes in the event of a problem with your phone. Other solutions, such as Authy, require a phone number and do not guarantee total confidentiality.

Ente Auth stands out as a modern, secure alternative. This free, open source, cross-platform application, developed by the team behind Ente Photos, offers end-to-end encrypted cloud backups and seamless synchronization between all your devices. Unlike proprietary solutions, Ente Auth gives you total control over your authentication codes without compromising your privacy.

In this tutorial, we’ll show you step-by-step how to install and use Ente Auth, and why this solution differs from traditional authenticators.

Introducing Ente Auth

Ente Auth was developed by the team behind Ente Photos, an end-to-end encrypted and privacy-friendly photo storage service. True to the Ente philosophy (“Ente” means “mine” in Malayalam, symbolizing control over your data), Ente Auth was designed to give users back full control over their two-factor authentication codes.

Main features

• Standard TOTP codes: Ente Auth generates temporary codes compatible with most services (GitHub, Google, Binance, ProtonMail, etc.). You can add as many 2FA accounts as you need, and the application calculates the codes based on the secrets provided.

• End-to-end encrypted cloud backup: Your codes are securely stored online. Only you can decrypt them - the encryption key is derived from your password and known only to you. Ente (the server) has no knowledge of your secrets, or even of your account titles, as everything is encrypted on the client side using a zero-knowledge architecture.

• Multi-device synchronization: You can install Ente Auth on several devices (smartphone, tablet, computer) and access your codes on all of them. Any changes are automatically and instantly propagated to your other devices via the encrypted cloud, giving you great flexibility in your day-to-day work.

• Minimalist, intuitive Interface: The application offers a streamlined Interface, easy to learn even for non-technical users. 2FA accounts are displayed with the service name, your login and the 6-digit code, updated in real time. Ente Auth also displays the next code a few seconds in advance to avoid being caught short by expiration.

• Open source and audited: Ente Auth’s source code is public on GitHub under the AGPL v3.0 license. Any developer can audit it to check for flaws or undesirable behavior. The cryptography implemented has been the subject of an independent external audit, a guarantee of the seriousness of the application’s security.

Advantages and limitations

• Benefits:
  • Privacy by design with end-to-end encryption
  • Secure synchronization between all your devices
  • Auditable open source code
  • Interface clear, intuitive user interface
  • Automatic back-up to prevent loss of codes
  • Available on all platforms (mobile and desktop)
• Limits:
  • Internet connection required for synchronization
  • Advanced users may prefer 100% offline solutions like Aegis (Android only)
  • Relatively recent compared with established solutions

Installation

Ente Auth is available on most popular platforms. You can download the application from the official website or from the official stores.

Ente Auth download page with all available platforms

Android

You have several options:

• Google Play Store: Search for “Ente Auth” for classic installation
• F-Droid: Available from the Android open-source application catalog, with a guarantee of verified construction and no proprietary content
• Manual installation: APK files can be downloaded from the project’s GitHub page with integrated notification of new versions

iOS (iPhone/iPad)

Install Ente Auth directly from the Apple App Store by searching for the app name. The iOS app can also be run on Macs equipped with Apple Silicon chips (M1/M2) via the Mac App Store.

Computers (Windows, macOS, Linux)

Ente Auth offers native desktop applications. Visit ente.io/download or the Releases section of GitHub:

• Windows: An EXE installer is supplied
• macOS: Drag-and-drop DMG disk image in Applications
• Linux: Several formats available (AppImage portable, .deb for Debian/Ubuntu, .rpm for Fedora/Red Hat)

Note: This tutorial is based on Ente Auth v4.4.4 and later. Earlier versions may have minor Interface differences.

Interface Web

Without installation, you can access your codes via auth.ente.io from any browser. Interface web is limited to viewing codes (useful for troubleshooting), as adding accounts requires the mobile or desktop application for security reasons.

First configuration

Account creation

When you first launch Ente Auth, you have two options:

Ente Auth home screen with account creation options

• With account (recommended): Choose “Create Account” and enter your e-mail address and a password. Important: this password serves as the master password for encrypting your data. Choose a strong, unique password, as there is no conventional reset procedure without data loss. If you misplace it, your encrypted data will be irretrievable.

• Offline mode: Select “Use without backups” to use the application locally without a cloud. In this mode, your codes remain on the device, but you’ll need to export them manually to avoid losing them.

Email verification process and generation of 24-word recovery key

An e-mail verification may be requested to validate account creation and enable recovery on a new device. Ente Auth will also provide you with a 24-word recovery key (based on the BIP39 method). It’s imperative that you save this key in a safe place: it’s your only means of recovering your data if you forget your password.

Local security

I strongly recommend enabling local protection by code or biometrics. Go to Settings → Security → Lockscreen and configure:

• Biometric unlocking: Face ID, fingerprint depending on your device’s capabilities
• Application-specific PIN/password
• Auto-Lock delay: e.g. “Immediately” or after 30 seconds of inactivity

This protection prevents unauthorized access to your codes if someone gains access to your unlocked phone. Note that this lock is an additional barrier: your data remains end-to-end encrypted even without this protection.

Add 2FA accounts

Standard procedure

To add a new 2FA account, let’s take the concrete example of activating 2FA on Bull Bitcoin:

Ente Auth’s main Interface ready to add first 2FA account

Service side (Bull Bitcoin): Log in to your Bull Bitcoin account, go to security settings, and enable two-factor authentication.

Interface Bull Bitcoin security settings menu

Option to enable two-factor authentication on Bull Bitcoin

The service will then display a QR code for you to scan with your authentication application:

QR code generated by Bull Bitcoin to be scanned with your authenticator

In Ente Auth: Click on “Enter a setup key” then scan the QR code displayed by Bull Bitcoin. Ente Auth will automatically recognize the account and fill in the fields.

Configuring Bull Bitcoin account details in Ente Auth

You can customize the name of the service and your login to make it easier to find. Advanced settings (SHA1 algorithm, 30s period, 6 digits) are generally correct by default.

Service-side validation: Return to Bull Bitcoin and enter the 6-digit code generated by Ente Auth to finalize activation.

Enter code generated by Ente Auth to validate 2FA activation

Confirmation of successful 2FA activation on Bull Bitcoin

Backup codes: Bull Bitcoin will provide you with recovery codes. Save them in a safe place, separate from your authenticator.

Option to generate emergency backup codes on Bull Bitcoin

List of recovery codes to keep in a safe place

Organization and management

Ente Auth offers several practical features:

• Quick Copy: Press the code to copy it automatically to the clipboard.
• Context-sensitive actions: Press and hold (or right-click on desktop) to edit, delete, share or pin an entry.
• Tags and search: Organize your accounts with tags (personal/professional, by service category) and use the search bar to filter quickly.

Tag creation process: contextual menu and creation dialog

Tag “Bitcoin” successfully applied on Bull Bitcoin account

• Automatic icons: Each entry can be illustrated with the service’s logo, thanks to the integration of the Simple Icons icon pack.

• Temporary secure sharing: A unique Ente Auth feature, secure sharing lets you transmit a 2FA code to a colleague without revealing the underlying secret. Generate an encrypted link valid for 2, 5 or 10 minutes maximum - the recipient sees the code in real time, but cannot export it or access account data. This method is ideal for technical assistance or temporary collaboration, offering a level of security not possible with a simple screenshot or text message.

Interface temporary secure sharing: choose duration (5 min)

• Secure export/import: Ente Auth lets you export your codes to other applications, or import them from Google Authenticator and other solutions. Export is via an encrypted file or QR code, guaranteeing portability of your data without compromising security.

• BIP39 recovery key: The application automatically generates a 24-word recovery phrase according to the BIP39 (Bitcoin Improvement Proposal) standard, identical to cryptocurrency wallets. This phrase is your ultimate recovery key, enabling you to restore all your codes even if you forget your master password.

Configuration and settings

Ente Auth offers numerous customization options accessible via the application settings:

Overview of parameters available in Ente Auth

Account and data management

Advanced security options: email verification, PIN code, active sessions

The security settings allow you to:

• Enable e-mail verification for new connections
• Activate Passkey
• View active sessions on your various devices
• Setting up a PIN code or biometrics

Interface and usage options

Interface parameters and application customization

General settings include:

• Language: Interface multilingual
• Display: Large icons, compact mode
• Privacy: Hide codes, quick search
• Telemetry: Error reporting (can be disabled)

Backup and synchronization

How encryption works

When you add an account with a connected Ente account, the application immediately encrypts this sensitive data locally using your master key (derived from your password). The encrypted data is then sent to the Ente server for storage.

Thanks to this mechanism, an end-to-end encrypted cloud backup of your codes is always available. If you lose your device, simply reinstall Ente Auth and reconnect: the application will automatically download and decrypt all your codes.

Multi-device synchronization

If you use Ente Auth on both smartphone and computer, any additions or changes on one device appear within seconds on the other. This synchronization goes through Ente’s cloud, but as the data is end-to-end encrypted, the server only sees unreadable encrypted content.

Synchronization demo: same Bull Bitcoin account accessible on mobile and desktop

Synchronization is seamless: install Ente Auth on your smartphone, log in with your credentials, and all your 2FA codes (here Bull Bitcoin) appear automatically. The example above shows perfect synchronization between desktop and mobile - the same Bull Bitcoin code is accessible on both devices.

In terms of confidentiality, neither Ente nor any third party has access to your 2FA secrets. Even metadata (tags, notes, service names) are encrypted before being sent. This zero-knowledge architecture ensures that only you can decipher your codes.

Offline use

Synchronization requires the Internet, but Ente Auth works perfectly offline on every device, since all data is stored locally. Offline changes are queued and synchronized as soon as the connection is restored.

Security and privacy

Cryptographic guarantees

Ente Auth is based on robust end-to-end encryption with zero-knowledge architecture. Your codes are encrypted with a key you alone hold, derived from your master password using advanced key derivation functions.

• Zero-knowledge architecture: Ente cannot physically access your data. Even metadata (service names, tags, notes) is encrypted on the client side before transmission. This approach ensures that, in the event of an attack on your servers or a government request, Ente can only disclose encrypted data that cannot be read without your password.

• Local encryption: The encryption process takes place entirely on your device before it is sent to the cloud. Ente’s servers receive and store only encrypted data, making unauthorized access impossible, even for service administrators.

Transparency and audits

As the code is open source, the community can verify the absence of backdoors. Ente has had multiple external audits carried out to validate the security of its implementation:

• Cure53 (Germany): Application and cryptographic security audit
• Symbolic Software (France): Specialized cryptographic expertise
• Fallible (India): Penetration testing and vulnerability analysis

These independent audits, carried out by recognized firms, guarantee that Ente Auth’s cryptographic implementation complies with best security practices and has no critical flaws.

Privacy policy

Ente Auth applies an exemplary privacy policy based on minimal data collection. Only information strictly necessary for the operation of the service is kept: your e-mail address for authentication and account recovery.

• No tracking or telemetry: Unlike most applications, Ente Auth collects no usage metrics, no identifying crash data, and no behavioral information. The application works without intrusive advertising or analytics trackers.

• GDPR compliance: Ente fully complies with the European General Data Protection Regulation. You have the right to access, correct, or delete your data at any time. Data export is just a click away, and permanently deleting your account deletes all your data from the servers.

• Decentralized, secure storage: Your encrypted data is replicated on 3 different providers, in 3 different countries, guaranteeing optimum availability while avoiding dependency on a single cloud provider.

Ente’s business model is based on the paid Ente Photos service, enabling us to offer Ente Auth free of charge and without limitations without compromising your privacy by monetizing your data. This approach guarantees the sustainability of the service without relying on advertising or the resale of personal data.

Comparison with other solutions

Application	Open Source	Cloud Backups	E2EE	Sync multi-devices	Plateforms
Ente Auth	✅	✅	✅	✅	Android, iOS, Linux, macOS, Windows
Google Authenticator	❌	✅ (sans E2EE)	❌	✅	Android, iOS
Aegis	✅	❌	✅	❌	Android
Authy	❌	✅	❌	✅	Android, iOS (apps desktop supprimées août 2024)
Proton Auth	✅	✅	✅	✅	Android, iOS (récent, moins établi)

Ente Auth stands out as one of the few solutions to combine all the advantages: source code transparency, encrypted cloud backup and cross-platform synchronization.

Recommended use cases

Individual users

Ente Auth is ideal for security-conscious individuals who systematically activate 2FA. You’ll no longer have to worry about losing your codes when changing phones, or having to choose between convenience and security.

Family and multi-device use

The app comes into its own if you use several devices. You can save your codes on smartphones and tablets, or share certain family codes (Netflix, family cloud) synchronously and securely.

Professional use

For teams managing sensitive accounts, Ente Auth facilitates collaboration while preserving security, thanks to its advanced sharing features integrated into the “Organization and management” section.

Best practices

• Save your emergency codes: Keep the recovery codes provided by each service away from your phone.
• Use a strong master password: Your Ente Auth master password must be unique and robust, as it protects all your codes.
• Activate local protection: Configure PIN or biometrics to prevent unauthorized physical access.
• Don’t over-customize: Avoid advanced modifications that could compromise synchronization.
• Keep the application up to date: Updates correct security flaws and improve functionality.
• Test restoration: Occasionally check that you can restore your codes on another device.

Conclusion

Ente Auth represents a modern, comprehensive solution for two-factor authentication. By combining security, transparency and ease of use, this open source application meets the needs of demanding users without sacrificing convenience.

Unlike proprietary solutions that lock you into an opaque ecosystem, Ente Auth gives you back control of your authentication data while protecting you against accidental loss thanks to its encrypted backups.

Whether you’re an individual looking to secure your personal accounts, or a team managing business access, Ente Auth is a smart choice for modernizing your approach to digital security without compromising privacy.

Resources and support

Official documentation

• Official website: ente.io/auth
• Help center: help.ente.io/auth
• Technical blog: ente.io/blog

Source code and transparency

• GitHub: github.com/ente-io/auth
• Cryptography audit: ente.io/blog/cryptography-audit

Community

• Discord: discord.gg/z2YVKkycX3
• Reddit: r/enteio