2FAS Icon

Free, secure and open source authenticator app for both iOS and Android. Supports creating encrypted backups and syncing between devices without the need for an account.

Open Source

2FAS Privacy Policy

Privacy Policy Summary

  • You can request access, correction and/or deletion of your data
  • This service is only available to users over a certain age
  • Terms may be changed any time at their discretion, without notice to you
  • Accessibility to this service is guaranteed at 99% or more
  • Your personal data is used for limited purposes


About the Data

This data is kindly provided by tosdr.org. Read full report at: #8201

2FAS Source Code




2FAS server-side API





12 Dec 22

Last Updated

06 Jun 24

Latest version


Primary Language



403 KB







Language Usage

Language Usage

Star History

Star History

Recent Commits

  • Krzysztof Dryś (09 Apr 24)

    fix: race condition in hub (#39)

  • Krzysztof Dryś (04 Apr 24)

    fix: race condition in tests (#38)

  • Krzysztof Dryś (26 Mar 24)

    chore: improve error messages in WebsocketApiClient.SendMessage (#37) * chore: improve error messages in WebsocketApiClient.SendMessage * fix logger variable --------- Co-authored-by: Tobiasz Heller <[email protected]>

  • KobeW50 (08 Mar 24)

    fix issues with README and contributing guidelines (#33)

  • Tobiasz Heller (16 Mar 24)

    feat: multiple fixes in logger (#32)

  • Tobiasz Heller (16 Mar 24)

    feat: ci (#36)

  • KobeW50 (07 Mar 24)

    init: Issue creation config (#35)

  • Tobiasz Heller (04 Jan 24)

    fix: log less fields on ws connection

  • Tobiasz Heller (02 Jan 24)

    feat: rate limit using redis (#20)

  • Krzysztof Dryś (14 Dec 23)

    fix: typo (#19)

  • Krzysztof Dryś (14 Dec 23)

    feat: don't update collection id when updating web service (#18)

  • Tobiasz Heller (11 Dec 23)

    Update README.md with security

  • Krzysztof Dryś (29 Nov 23)

    fix: error handling for icons (#17) fix: error handling for icons Second batch of error handling in icon handlers

  • Krzysztof Dryś (28 Nov 23)

    fix: error handling in icons endpoints (first batch) (#16) fix: error handling in icons endpoints (first batch) Update error handling for some icons endpoints.

  • Krzysztof Dryś (22 Nov 23)

    fix: concurrency problems in ws handler (#14) * fix: concurrency problems in ws handler Synchronise access to hubs, properly remove hubs when they no longer have clients.

  • Krzysztof Dryś (22 Nov 23)

    fix: complete removal of swagger ui (#15)

  • Krzysztof Dryś (14 Nov 23)

    feat: investigate memory leak (#13)

  • Tobiasz Heller (24 Oct 23)

    Support empty fcm token (#12)

  • Tobiasz Heller (24 Oct 23)

    Fix e2e tests after separating admin api (#11) * Fix e2e tests after separating admin api

  • Tobiasz Heller (17 Oct 23)

    Update go version and dependencies (#10) * Update go to 1.21 * update all dependencies

  • Krzysztof Dryś (13 Oct 23)

    feat: remove admin ep from public server (#9) * feat: remove admin ep from public server --------- Co-authored-by: Tobiasz Heller <[email protected]>

  • Tobiasz Heller (10 Oct 23)

    remove swaggers definitions

  • Tobiasz Heller (04 Oct 23)

    ios: add default sound for push notification

  • Krzysztof Dryś (22 Sept 23)

    feat: create admin api (#5) * feat: create admin api Create admin api as a standalone application.

  • Tobiasz Heller (05 Jul 23)

    Merge pull request #4 from twofas/dependabot/go_modules/golang.org/x/net-0.7.0 Bump golang.org/x/net from 0.5.0 to 0.7.0

  • dependabot[bot] (05 Jul 23)

    Bump golang.org/x/net from 0.5.0 to 0.7.0 Bumps [golang.org/x/net](https://github.com/golang/net) from 0.5.0 to 0.7.0. - [Commits](https://github.com/golang/net/compare/v0.5.0...v0.7.0) --- updated-dependencies: - dependency-name: golang.org/x/net dependency-type: indirect ... Signed-off-by: dependabot[bot] <[email protected]>

  • Tobiasz Heller (05 Jul 23)

    ws: handle error on conn upgrade

  • Tobiasz Heller (29 May 23)

    various fixes to enable tests

  • Tobiasz Heller (22 May 23)

    Merge pull request #3 from twofas/fix/do-not-log-client-ip Disable client-ip logging

  • Tobiasz Heller (22 May 23)

    Disable client-ip logging

2FAS Website


2FAS - the Internet's favorite open-source authenticator

Meet your favorite 2FA app. We are an open-source, community-driven, private and simple solution for Internet's biggest threat - security breaches.


Does not redirect

Security Checks

All 65 security checks passed

Server Details

  • IP Address
  • Location San Francisco, California, United States of America, NA
  • ISP CloudFlare Inc.
  • ASN AS13335

Associated Countries

  • US

Saftey Score

Website marked as safe


Blacklist Check

2fas.com was found on 0 blacklists

  • ThreatLog
  • OpenPhish
  • PhishTank
  • Phishing.Database
  • PhishStats
  • URLhaus
  • RPiList Not Serious
  • AntiSocial Blacklist
  • PhishFeed
  • NABP Not Recommended Sites
  • Spam404
  • CRDF
  • Artists Against 419
  • CERT Polska
  • PetScams
  • Suspicious Hosting IP
  • Phishunt
  • CoinBlockerLists
  • MetaMask EthPhishing
  • EtherScamDB
  • EtherAddressLookup
  • ViriBack C2 Tracker
  • Bambenek Consulting
  • Badbitcoin
  • SecureReload Phishing List
  • Fake Website Buster
  • TweetFeed
  • CryptoScamDB
  • StopGunScams
  • ThreatFox
  • PhishFort

Website Preview

2FAS Android App

Update Info

  • App 2FAS Auth
  • Creation Date 12 Sept 23
  • Last Updated 05 Dec 23
  • Current Version 4.7.0


  • Google CrashLytics


  • Access Network State
  • Access Wifi State
  • Camera
  • Foreground Service
  • Internet
  • Post Notifications
  • Receive Boot Completed
  • Schedule Exact Alarm
  • Use Biometric
  • Use Fingerprint
  • Vibrate
  • Wake Lock
  • Receive
  • Dynamic Receiver Not Exported Permission

2FAS iOS App

App Info

2FA Authenticator (2FAS)

2FAS is the easiest way to enable two-factor authentication (or multi-factor authentication) to verify your identity and securely log in to accounts to keep your personal data and passwords protected from cyber threats — all from one app, 100% free! The world’s most secure, private, and simple 2FA app. Secure: • Easily restore your tokens with backups. • Add app protection with your passcode or biometrics. • 2FAS is open-source, transparent, and community-driven. Simple: • 2FAS syncs across your mobile devices. • An interface designed for simplicity. • One-tap authentication with 2FAS Browser Extensions. • Multi-language support. • Quick guides for setup and support. Private: • 2FAS works offline. • 2FAS doesn't store any passwords or metadata. • 100% anonymous use, no account required. It’s not too late to protect your data, so what are you waiting for? Protect your online accounts and services now with TOTP and HOTP algorithms. Start using the 2FAS authenticator app today! If you have any questions, talk with us on our Discord server: https://discord.gg/q4cP6qh2g5 Learn more about 2FAS: • Check our GitHub repository: https://github.com/twofas • Visit our website at: https://2fas.com/ • Follow us on Twitter: https://twitter.com/2FAS_com • Subscribe on YouTube: https://www.youtube.com/@2FAS


Rated 4.74 out of 5 stars by 23,964 users

Version Info

  • Current Version 5.3.0
  • Last Updated 02 Mar 24
  • First Released 04 Aug 17
  • Minimum iOS Version 16.4
  • Device Models Supported 93

App Details


2FAS Socials

2FAS Reviews

More 2-Factor Authentication

About the Data: 2FAS


You can access 2FAS's data programmatically via our API. Simply make a GET request to:


The REST API is free, no-auth and CORS-enabled. To learn more, view the Swagger Docs or read the API Usage Guide.

About the Data

Beyond the user-submitted YAML you see above, we also augment each listing with additional data dynamically fetched from several sources. To learn more about where the rest of data included in this page comes from, and how it is computed, see the About the Data section of our About page.

Share 2FAS

Help your friends compare 2-Factor Authentication, and pick privacy-respecting software and services.
Share 2FAS and Awesome Privacy with your network!

View 2-Factor Authentication (8)