4OTP Frequently Asked Questions

4OTP is a two-factor authentication (2FA) application. It helps you secure your online accounts to various websites and apps by generating time-based one-time passwords.

These are 6-digits codes that change each 30 seconds. They complement your password, making sure that even if an attacker has found your password, they still can't access your account because they won't have the 2FA code.

4OTP has free apps for Windows, macOS, iOS (iPhone and iPad), and Android (phones and tablets). Please visit the Download page to download the app for your devices, as well as learn the minimum version of each system 4OTP may require.

All 4OTP apps on all platforms include 22 languages: Arabic, Chinese, Czech, Danish, Dutch, English, Finnish, French, German, Greek, Hungarian, Italian, Lithuanian, Norwegian, Polish, Portuguese, Romanian, Russian, Slovak, Spanish, Swedish and Turkish.

You do not need to download any additional package. Your device language should be detected automatically, if supported. You can also select your preferred language at any time under More | Display Language.

Two-factor authentication is an extra layer of security for your online accounts. Instead of just a password, you also need a second piece of information to log in, called a second-factor (2FA) code.

Sometimes these codes are sent to you by the website through email or SMS (text messages), but often they are 6-digits codes that change each 30 seconds, generated by an application such as 4OTP, Microsoft Authenticator or Google Authenticator.

If a hacker steals your password, they still won't be able to access your account without the second factor. This makes your accounts much more secure against unauthorized access.

When you enable 2FA on a website, you'll be given a QR code to scan with 4OTP. The QRCode contains in fact a random password, called a seed, unique to you and the website in question. 4OTP stores this secret password and can use it to generate a valid 2FA code whenever you need it. You'll use this code, along with your password, to sign in.

Yes, they are. On all platforms. Forever. All apps are fully functional, do not display any ad and do not have any form of tracking or information collection.

No, the sync service is what allows us to produce and maintain all the apps. And the synchronization service itself of course. We ask only for a very modest price but it's important for us!

The 4OTP Sync Service is a paid feature that securely backs up and synchronizes your 2FA codes across all your devices.

For instance, while 2FA codes are commonly generated on phones, it is actually much more practical to use a Windows or Mac app rather than finding, unlocking and opening an app on a phone when you want to log in to a website from your computer.

Even if you're happy with using a phone, that phone can be lost, stolen or replaced with a new one. And maybe you have 2 phones, or you need to share access with another person. In that case, having a full backup and ensuring all your devices are up to date at all time is paramount to ensuring online accounts security.

The sync service synchronizes all your 2FA codes data. This includes your 2FA secret passwords (seeds) but also the name you gave it, whether it was pinned to the top and its associated icon if any. Note that this list may evolve as 4OTP gets new features in the future.

We use end-to-end encryption to protect your data. This means your data is encrypted on your device before it's sent to our servers, and can only be decrypted on your other devices. We cannot access your 2FA codes in any circumstances, as this would require knowing your password. Your password is only stored on your device, if you protect it with biometrics. Without biometrics, your password is never even stored.

If you use the sync service, you can easily restore your 2FA codes on a new device by logging into your 4OTP account.

The desktop applications (Windows, macOS) are built using Tauri, which allows us to create a cross-platform application with a web-based frontend (Svelte) and a Rust backend. The mobile applications (iOS, Android) are built using CapacitorJS and Svelte.

Your 2FA seeds are stored in an encrypted format on each device's local storage. The encryption key is derived from your chosen password, which you should use on all devices where you use 4OTP.

Please visit our 4OTP encryption methodology page for a detailed description of the encryption process.

As your password is never known to 4OTP, and not even stored except under biometrics protection, losing your password means losing your 2FA codes.

There does not exist any way for us or for anyone to decrypt your 2FA codes data without your password. That's the cost of security in the first place.