Peer-to-Peer TOTP Authenticator Sync Across Your Own Devices (No Vendor Cloud)

mobile app real project ••• trending

The recurring privacy-vs-convenience trap in 2FA apps: Aegis is offline-only and recovery is painful, Ente Auth is E2EE but still syncs through Ente's servers, Authy is widely distrusted post-Twilio, and Bitwarden Auth gates sync behind a paid plan. Multiple users want a TOTP app that syncs only between *their* devices — over LAN, Tailscale, or BLE — without trusting any third-party cloud.

builder note

The marketing line writes itself: 'Your seeds never leave your network.' Use the pairing flow Signal/Wire popularized — QR-code device pairing over LAN. Skip the 'social' features (sharing codes) — that's a different product and adds threat surface.

landscape (4 existing solutions)

There's a clean unfilled slot: TOTP app that syncs E2EE between your own devices via mDNS/LAN or Tailscale-style overlay, with optional encrypted-blob upload to your own WebDAV/S3. The Syncthing workaround proves the demand and validates the technical pattern.

Aegis Authenticator FOSS, encrypted vault, no cloud. But Android-only, no native sync — recovery means manually re-enrolling every TOTP if you lose the phone.

Ente Auth FOSS and E2EE cross-platform sync, but the data still rides Ente's infrastructure. Cannot self-host. Some users explicitly don't want their seeds on anyone else's server.

Bitwarden Authenticator Multi-device sync exists but is paywalled to paid Bitwarden plans. Free users get a single-device island.

Syncthing-as-workaround Real workaround being recommended for Aegis users — but it's a CLI-class hack, not user-friendly, and breaks if a non-tech spouse needs to set it up.

sources (2)

reddit https://www.reddit.com/r/androidapps/comments/1t1tfby/lookin... "I don't want my data floating around on some company's server" 2026-05-02

other https://github.com/beemdevelopment/Aegis/issues/1348 "Multi Device Syncing (open feature request)" 2026-05-04

2fatotpprivacyself-hostedp2p