Proton Just Launched Its Own Privacy-Focused Authenticator App
Authenticators from Google and Microsoft are already well-established, but the recently released Proton Authenticator might be worth a look. Proton is the company behind Proton Pass, our top pick for the privacy-conscious password manager , as well as other services like Proton Mail and Proton VPN. While Proton Pass has two-factor authentication (2FA) built into its premium version, anyone can use Proton Authenticator for free, even if you use another service to manage your passwords.
How Proton is Different from Other Authentication Apps
Functionally, Proton Authenticator is no different from other popular apps like Google Authenticator and Microsoft Authenticator, as well as alternatives like Duo and Authy. You can add TOTPs manually or by scanning a QR code, and you can import some or all of your existing codes from authenticator apps that support the feature (Google does, Microsoft doesn’t). In my testing, it was easy to take screenshots of QR codes from Google Authenticator, save them, and upload them from my photos to Proton Authenticator, which quickly filled in all of my codes.
For added security, Proton Authenticator can be locked with biometrics like Face ID and hide codes from prying eyes (handy if you just need to copy and paste them on one device). Codes refresh every 30 seconds, and Proton shows both the current TOTP and the one that will be filled in next. While most authenticators are limited to iOS and Android, Proton also supports Windows, macOS, and Linux, with encrypted syncing across devices.
Again, the authentication apps are largely similar in both form and function, but Proton Authenticator has a potential advantage: It’s made by a company that puts privacy first. Unlike most of its competitors, the platform is open source and free of ads and tracking, so it’s worth considering if you’re looking to ditch Google and Microsoft’s services. (Bitwarden, another excellent open-source password manager, also offers a free standalone authenticator app.)
Given the regularity of data breaches and the prevalence of phishing schemes aimed at compromising your data, you should enable multi-factor authentication (MFA) for any account that offers this extra layer of security. As I’ve written before , some authentication methods, such as SMS codes, are still easily cracked by phishing scams such as man-in-the-middle attacks. Biometrics and hardware keys are among the most secure alternatives, but an authenticator app is also preferable to SMS because TOTPs are generated locally on your device and change every 30 to 60 seconds, rather than being sent in an unencrypted text message.