30 open-source projects similar to google/google-authenticator, ranked by how many features they have in common. Compare stars, activity and what each one does to find the best Google Authenticator alternative.
This project is an Android password manager application that provides an end-to-end encrypted vault for storing and synchronizing login credentials, secure notes, and identities. It functions as a secure storage system using zero-knowledge encryption to ensure that only the user can decrypt their stored data. The application integrates directly with the Android system to provide an autofill service that populates usernames and passwords into mobile apps and browser login fields. It also serves as a passkey management wallet for FIDO2 cryptographic passkeys and a time-based one-time password a
Authenticator is a multi-factor authentication manager and browser extension designed to generate and store two-step verification codes directly within a web browser. It functions as an encrypted secret store that produces both time-based and counter-based security codes to protect online account access. The project distinguishes itself through cross-browser synchronization, replicating authentication accounts across different browser instances using cloud or local backups. It utilizes password-based encryption to protect authentication seeds and provides a synchronization tool to maintain co
Aegis is a mobile application designed to manage and store multi-factor authentication tokens. It functions as a local-first credential vault that generates time-based and counter-based one-time passwords to verify user identity across various online services. The application secures sensitive authentication data by employing authenticated symmetric encryption and hardware-backed key storage to protect credentials at rest. Access to the stored tokens is gated by system-level biometric authentication or password verification, ensuring that only authorized users can retrieve the generated secur
Authboss is a modular authentication framework designed to manage user identity and account orchestration. It provides a comprehensive system for handling user registration, email verification, and the full lifecycle of user profiles. The framework distinguishes itself through a focused suite of security and identity tools, including multi-factor authentication via time-based passwords and SMS, and identity integration with external providers using OAuth1 and OAuth2 protocols. It also includes a dedicated account security manager that implements brute-force protection through credential-based
2FAuth is a self-hosted two-factor authentication server and credential vault. It functions as a web-based authenticator app used to organize and generate time-based one-time passwords and other security codes for multiple accounts in a central location. The system distinguishes itself as an API-driven security manager, allowing authentication codes to be integrated into automated workflows and external applications. It also supports shared security credentialing through the use of isolated vaults and shared folders for team collaboration. The project covers a broad range of security and dat
This project is a Pluggable Authentication Module for Linux systems that enforces multi-factor identity verification. It integrates directly into the system authentication stack to require time-based one-time passwords alongside standard user credentials, providing a mechanism to secure local and remote shell access. The module distinguishes itself through its implementation of the time-based one-time password algorithm, which includes built-in support for clock-skew compensation to account for time discrepancies between servers and user devices. It manages individual user secret keys through
Authboss is a modular HTTP authentication framework for managing user identity, session lifecycles, and password security. It provides a system of identity access middleware to control route access and synchronize user identity across requests via standard web protocols. The framework is distinguished by a pluggable architecture that allows for the registration of independent modules to extend identity logic. It utilizes a hook-based event system to execute custom business logic during authentication state changes and employs a selector-verifier token pattern to protect against timing attacks
AuthenticatorPro is an open-source security application for Android designed to manage two-factor authentication. It functions as a client for generating time-based and counter-based one-time passwords to secure user accounts. The project distinguishes itself through Wear OS integration, which allows authentication codes to be synchronized from a mobile device to a companion wearable. It also includes a system for importing credentials from external services and using the device camera to scan QR codes for account configuration. The application provides a suite of security and organization c
MacPass is a native macOS password manager and encrypted database client designed to manage credentials using the KeePass standard. It serves as a secure credential vault for storing usernames and passwords within a hierarchical structure. The application integrates a TOTP authenticator to generate time-based and hash-based one-time passwords for multi-factor authentication. It utilizes a KeePass-compatible database engine to ensure data portability and supports keyfile-based authentication to increase decryption entropy. The project covers broader capabilities including automated credential
This project provides a complete OpenVPN server deployment packaged as a Docker container, with an integrated EasyRSA certificate authority for automated public-key infrastructure management. It handles the full lifecycle of a VPN server, from initial PKI bootstrap and server configuration generation to client certificate issuance and revocation, all within a containerized environment. The server is configured entirely through Docker environment variables, eliminating the need for manual configuration file editing. It supports time-based one-time password (TOTP) authentication as a second fac
Hanko is an open-source identity provider and customer identity and access management system. It serves as a passkey authentication service and an OAuth and SAML SSO gateway, allowing applications to authenticate users and issue tokens via standard identity protocols. The project distinguishes itself through a strong focus on passwordless access using WebAuthn-based passkeys and email-based passcodes. It provides framework-agnostic authentication interfaces as customizable web components that can be embedded directly into web applications to handle login, registration, and profile management.
Tinyauth is an authentication middleware service and identity provider that verifies user identities to grant system access. It operates as a standalone server or as an authentication gateway, utilizing a reverse proxy model to intercept requests and validate credentials before traffic reaches protected backend services. The project functions as an OpenID Connect provider for single sign-on experiences and an OAuth 2.0 gateway that delegates verification to external providers such as Google and GitHub. It also acts as an LDAP authentication server, allowing for centralized user management and
This project is a two-factor authentication manager that generates time-based and counter-based one-time passwords to secure online accounts. It functions as an encrypted credential manager for storing authentication seeds and producing security codes on mobile and wearable devices. The application includes a dedicated Android Wear OS client that synchronizes authentication data and UI states to allow security codes to be viewed directly from a smartwatch. The system supports the import and migration of authentication seeds from other applications and provides encrypted backup capabilities t
This project provides a comprehensive, self-hosted platform for zero-knowledge credential management and enterprise secrets orchestration. It functions as a secure vault that ensures all encryption and decryption processes occur exclusively on the client side, preventing the server from ever accessing plaintext data. By combining identity federation with robust access controls, the system enables organizations to centralize the management of passwords, passkeys, and sensitive infrastructure credentials. The platform distinguishes itself through its focus on both human-centric security and aut
Grav is a flat-file content management system that eliminates the need for a traditional database by storing site content and configuration in human-readable Markdown and YAML files. Built as a modular PHP web framework, it uses a hierarchical page routing system where the physical directory structure directly determines the site's URL paths. The platform is distinguished by its event-driven plugin architecture and a command-line interface that prioritizes system administration, deployment, and maintenance tasks. It utilizes a blueprint-driven system to generate administrative forms from stru
osTicket is an open-source help desk software and ticket management system designed to centralize customer support inquiries from emails, web forms, and API requests. It functions as a multi-channel support tool that converts incoming communications into a structured queue for agent resolution and IT help desk management. The platform features a dedicated customer support portal where users can submit requests, track ticket status, and access a self-service knowledgebase of help articles and FAQs. It integrates secure OAuth2 email authentication to retrieve and send messages without storing l
PasswordPusher is a self-hosted secret sharing service and file sharing platform used to create encrypted, self-destructing links for sensitive text and files. It functions as a white-label security gateway, allowing organizations to manage the distribution of secrets on their own internal infrastructure. The system supports corporate white-labeling through custom domain mapping and branding customization to align the interface with a professional identity. It provides a RESTful API and command-line interface for the automated distribution of secrets within external scripts and workflows. Th
KeePassDX is an Android password manager that opens, edits, and stores encrypted credential databases using the open KeePass 2.x file format. It keeps all password data stored locally on the device without requiring cloud sync or internet access, and supports multiple symmetric-key encryption algorithms including AES, Twofish, and ChaCha20 with Argon2 key derivation. The app unlocks the credential database by delegating authentication to the platform's biometric API, allowing users to bypass the master password entry using fingerprint or face recognition. It generates one-time passwords local
KeeWeb is a web-based password manager and vault that allows users to open and edit encrypted databases through a browser interface. It functions as a cross-platform tool for managing password vaults using the KeePass database format. The application provides a self-hosted password vault that can be deployed as a single HTML file or via Docker. It integrates with remote storage providers using OAuth to synchronize encrypted database files across multiple devices. The system includes capabilities for secure credential generation, two-factor authentication management through time-based one-tim
Warpgate is an SSH bastion host that authenticates users and proxies connections to internal servers while recording all session activity. It is distributed as a single standalone binary with no runtime dependencies, stores configuration and session data in a local SQLite database by default, and supports role-based access control to determine which users can reach which targets. The bastion verifies identity through a configurable chain of authentication methods including passwords, one-time codes, single sign-on, and time-limited ticket tokens. It captures and stores SSH session activity as
Stack Auth is an open-source authentication and authorization platform that provides pre-built UI components, OAuth integration, team management, and session handling for web applications. It offers a complete authentication lifecycle covering sign-in, sign-up, session management, password recovery, and multi-factor security, with support for passkey authentication and OAuth providers including Google, GitHub, and Apple. The platform includes a team-based permission system with role-based access control, allowing users to be organized into teams with granular permissions for membership manage
This project provides a comprehensive, modular framework for auditing and hardening personal digital and physical security. It functions as a structured, platform-agnostic knowledge base that breaks down complex security standards into granular, actionable tasks. By utilizing a static documentation architecture, the project ensures that its guidance remains accessible and transparent, allowing users to track their security posture incrementally through a persistent, manual progress-tracking system. The project distinguishes itself by bridging the gap between digital cybersecurity and physical
Octelium is a zero-trust network access platform and identity-aware proxy designed to secure private HTTP, SSH, and SQL resources. It functions as a secure gateway that validates human and workload identities using OIDC, SAML, and FIDO2 passkeys before granting access to internal applications and SaaS APIs. The system is distinguished by its secretless access broker, which injects credentials—such as API keys, passwords, and AWS Sigv4 signatures—at the gateway level so users can access databases and cloud resources without managing secrets. It further specializes in AI gateway administration,
This project is a comprehensive set of guides and frameworks designed to secure software-as-a-service infrastructure and company operations. It provides a collection of technical checklists, architectural patterns, and best practices for hardening cloud applications against cyber attacks. The project differentiates itself by providing specialized manuals for risk management and compliance readiness. It offers structured approaches to threat modeling, incident response planning, and the preparation of audit evidence required to meet industry security certifications and enterprise customer requ
rustdesk-server is a self-hosted remote desktop server infrastructure designed to manage ID signaling and relay traffic for remote connections between peers. It provides the necessary backend environment to coordinate remote access sessions through rendezvous-based signaling and relay-based traffic forwarding. The system distinguishes itself with a remote access management console for organizing devices and enforcing security policies, as well as an identity integrator for OIDC-based federation and LDAP directory synchronization. It utilizes geolocation-aware routing to distribute traffic acr
Dockhand is a multi-host Docker manager and container management interface used to control the lifecycle of containers, images, volumes, and networks. It functions as a Docker Compose orchestrator and GitOps deployment tool, enabling the synchronization of application stacks directly from remote Git repositories. The project distinguishes itself as an enterprise Docker access controller, providing role-based access control and identity verification through OIDC, LDAP, and multi-factor authentication. It secures sensitive data using AES-256-GCM encryption for credentials at rest and handles na
Misskey is a self-hosted, decentralized microblogging platform and federated social media server. It functions as a distributed content management system that allows users to communicate across multiple independent and interconnected server instances using the ActivityPub protocol. The platform distinguishes itself with a dynamic application engine that allows for the creation of interactive applications and custom page layouts using a scripting language. It also features a specialized markup language for rich text rendering, enabling the use of animations and custom styles for consistent con
Polis is a self-hosted identity provider designed to manage federated authentication and user lifecycle operations within private infrastructure. It functions as a centralized hub for identity management, enabling organizations to maintain control over user data while enforcing security policies across diverse environments. The platform distinguishes itself by acting as a protocol-bridging gateway that converts complex enterprise authentication standards, such as SAML and OIDC, into a unified OAuth 2.0 flow. It further automates administrative tasks by synchronizing user and group information
react-native-firebase is a modular set of libraries that integrates Firebase cloud services into cross-platform mobile applications. It serves as a native-SDK wrapper, mapping JavaScript method calls to native iOS and Android Firebase SDKs via the React Native bridge to provide a type-safe interface for mobile backend integration. The project enables connectivity to a wide array of cloud services, including user authentication and identity management, NoSQL cloud databases with real-time synchronization, and scalable cloud storage for media files. It also provides tools for sending push notif
This project is a Git credential helper that automates the storage and retrieval of authentication secrets for remote repository operations. It functions as an OAuth token manager and an operating system vault storage interface to ensure authentication secrets are encrypted at rest. The tool acts as a cross-platform authentication broker, enabling the sharing of secure credentials between a host operating system and a Linux subsystem. It also serves as an enterprise proxy gateway, routing authentication traffic through corporate proxy servers to reach restricted repository endpoints. The sys