Ghost Auth
open-source authenticator
A free, privacy-first authenticator for all your two-factor accounts. Your secrets are encrypted locally by default — no servers, no accounts, no tracking.
Features
-
TOTP codes — RFC 6238, SHA-1 / SHA-256 / SHA-512
-
QR code scanning
-
Manual entry
-
Encrypted storage — AES-256-GCM, keys in OS keychain
-
PIN lock — Argon2-hashed
-
Biometric unlock — on supported devices
-
Encrypted backups
-
Device-to-device sync — QR pairing, E2E encrypted over LAN
-
Search, filter & reorder
Privacy
Ghost Auth is offline-first. It does not use cloud APIs, collect analytics, or share data with third parties. Network activity only occurs if you explicitly start device-to-device sync over LAN.
Windows
macOS
iOS
Android