Open source Local vault P2P sync

OTPeer Authenticator

Open-source two-factor authentication (2FA) with serverless peer-to-peer sync. Your codes stay on your devices — no cloud, no account, no telemetry.

 

One authenticator, three surfaces

Same encrypted vault logic across CLI and Desktop. Mobile is on the way.

CLI

Ready

Live codes in your terminal via npm.

npm install -g authenticator-clui

Mobile

Coming soon

React Native for iOS and Android — App Store, Play, and F-Droid planned.

Sync without a server

Pair two devices with a QR code and merge vaults directly over your local network. No relay, no middleman — your secrets never touch the internet.

  1. Unlock your vault Codes stay encrypted at rest on each device.
  2. Pair with a QR code One device shows the code, the other scans it. That's the whole handshake.
  3. Merge peer-to-peer Vaults reconcile over your LAN — both devices end up complete and current.

Download Desktop

Latest build from GitHub Releases. Pick your platform if auto-detect is wrong.

 

Why OTPeer

How OTPeer compares to other authenticator apps

Most authenticator apps route your two-factor secrets through someone else's cloud. OTPeer doesn't.

Feature OTPeer Authenticator Google Authenticator Authy Twilio
Open source Yes No No
Where your codes live Only your devices Google's cloud when backup is on Authy's servers
Sync method Peer-to-peer over your network Google Account Authy cloud
Account required None Google Account for backup Phone number
Telemetry None Yes Yes
Desktop + CLI apps Yes No Desktop discontinued

Frequently asked questions

What is OTPeer Authenticator?

OTPeer Authenticator is a free, open-source authenticator that generates TOTP two-factor (2FA) codes on desktop (macOS, Windows, Linux) and in the terminal via CLI. Your encrypted vault lives on your devices and syncs peer-to-peer — no cloud, no account, no telemetry.

How does sync work without a server?

You pair two devices with a QR code (or a short pairing code), and they merge vaults directly over your local network. There is no relay and no backend server — your secrets never touch the internet.

What happens if I lose a device?

Every synced device holds a complete copy of your vault, so any other paired device keeps working and can pair a replacement. Keep at least two devices in sync, or keep an encrypted export as a backup.

Can I import from Google Authenticator or other apps?

Yes. OTPeer imports Google Authenticator, Microsoft Authenticator, and Facebook export codes, plus backups from Aegis, 2FAS, and andOTP.

Is my vault encrypted?

Yes. Your vault is stored locally and protected with AES encryption when you set a password. Nothing is uploaded anywhere, and there is nothing to sign up for.

Before you install on macOS

Phase 1 builds of OTPeer Authenticator aren’t Apple-signed yet. The first open may say the app is “damaged” — that’s Gatekeeper quarantine, not a bad file.

  1. Download the installer and drag OTPeer Authenticator into Applications.
  2. Open Terminal and run these two commands once — they clear quarantine and launch the app:
xattr -cr "/Applications/OTPeer Authenticator.app"
open "/Applications/OTPeer Authenticator.app"