phillip prado

It's open source, easy to use, privacy-friendly, and cross-platform.

A while ago, I wrote a post about what I believed was the best open-source two-factor authentication application on the market: Ente Auth. And though I still love and use Auth, what I didn't know was that there was already an older kid on the block. Enter 2FAS, another free software 2FA option you should consider.

What is 2FAS?

2FAS touts itself as “the internet's favorite open-source two-factor authenticator.” And though I can't speak for the entirety of the internet, I can definitely see why someone would choose to use 2FAS.

All things considered, 2FAS is really just like any other two-factor authentication application. It offers an easy way to enable 2FA on all of your accounts that support time-based one-time passwords (TOTP), it syncs those tokens across devices, it supports offline mode if you want, and it's available on all major platforms.

Something that sets 2FAS apart from some of the more popular competition, is the platform's support for exporting 2FA tokens. So, like Ente Auth, if you change your mind about what solution you want to use, there is no need to jump through unnecessary hoops to export your tokens to another platform.

On top of all of that, each one of the 2FAS clients are free and open source software under the GPL 3.0 license. That means whether it's on your Android device, iOS device, or in the browser, 2FAS doesn't lock you into using proprietary software.

It also supports multiple languages, there's no account required to get started, and it doesn't store any passwords or metadata. All-in-all, 2FAS is a win for the privacy and security community. And with its GPL source code, it's a win for the free software crowd as well.

The only real downside I see with 2FAS is something Ente Auth suffers from as well: the inability to self-host the sync server. Now, the server is open source like the rest of the 2FAS code, but if this GitHub issue is anything to go by, we shouldn't expect self-hosting support anytime soon.

How much does 2FAS cost

This surprised me the most, honestly. Even with such a robust feature set, open source code, and cross-platform availability, 2FAS costs absolutely nothing to use.

Instead, it appears 2FAS solely relies on user donations to keep the lights on. And though this is an honorable decision, it gives me a little bit of pause.

The Ente team also have the Photos app, which users can pay to use. It doesn't look like 2FAS has any similar cash flow, which naturally makes me worry about the project's future.

Obviously, apps and services can and often do survive thanks to the goodwill of its user base. But, personally, I would much rather pay a service to host and manage my data if it assures its continuation. At least as long as the source code is free and open, and self-hosting is an option. Which, as I mentioned, 2FAS does not support.

Conclusion and final thoughts

Overall, from my limited testing with the service, 2FAS seems to be another great alternative in the MFA space. Between Ente Auth and 2FAS, there really is no reason to use something like Authy, Duo Mobile, or Microsoft Authenticator anymore. There are tons of great FOSS two-factor authentication apps, both online and offline, that don't lock you in like their more widely adopted proprietary counterparts.

So, if you are looking to migrate away from your current two-factor authentication solution or are just getting started, you should really give 2FAS a look. You can download it for Android, iOS, and the browser at the links below.

Download 2FAS from the Google Play Store

Download 2FAS from the Apple App Store

Install the 2FAS browser extension

Tags: #Apps #Reviews Comments: Discuss...