An authenticator app turns your phone into a second key for your accounts — a rotating code a remote attacker can't phish or SIM-swap. Proton Authenticator is free, open-source, and works across all your devices. Here's how to set it up and use it.
What you'll do
- Install Proton Authenticator on your phone or computer
- Add your first account by scanning a QR code
- Sign in using the rotating 6-digit code
- Back everything up so you're never locked out
About five minutes — and you only set up each account once.
Why not just use SMS?
Text-message codes can be intercepted, phished, or stolen with a SIM-swap. An authenticator app generates codes on your device — nothing is sent over the network, so there's nothing to intercept. It's the single biggest upgrade to your two-factor security.
Set it up, step by step
1
Install Proton Authenticator
Get the app from your phone's app store, or download the desktop version from proton.me/authenticator. It's free and runs on iPhone, Android, Windows, macOS and Linux.
You don't need a Proton account to use it — but signing in lets it securely sync your codes across devices.
2
Add your first account
On the account you're protecting (say Gmail), start two-factor setup and choose Authenticator app. It shows a QR code. In Proton Authenticator tap + Add → Scan QR code and point your camera at it — the account appears instantly.
No camera handy? Choose Enter key manually and type the setup key the site shows you instead.
3
Sign in with your code
Next time a site asks for your second step, open Proton Authenticator and read off the 6-digit code next to that account. It refreshes about every 30 seconds, so just enter the current one. No texts, no waiting.
4
Back up so you're never locked out
If your codes live on one phone and you lose it, you can be locked out. Guard against that:
- Sign in to Proton Authenticator so your codes sync (encrypted) to your other devices
- When a site offers backup codes during 2FA setup, save them somewhere offline
- Consider a second device or a hardware security key as a fallback
Don't skip the backups
Losing your only device without backups can mean losing access to every account it protected. Set up sync or save your backup codes before you need them.
Frequently asked questions
Is Proton Authenticator free?
Yes — it's completely free and open-source, with no account required to use it. Signing in with a Proton account simply lets it sync your codes securely across your devices.
Does it work for non-Proton accounts?
Absolutely. It works with any service that supports authenticator-app (TOTP) two-factor — Google, Microsoft, GitHub, your bank, social media, and thousands more.
Does it work offline?
Yes. Codes are generated on your device from a shared secret and the current time, so they work with no internet connection at all.
How is it different from Proton Pass?
Proton Authenticator is a dedicated app for two-factor codes. Proton Pass is a password manager that can also store passwords and 2FA codes together. Either works — use Authenticator if you'd rather keep your second factor separate from your passwords.
What if I lose my phone?
If you enabled sync, your codes are already on your other devices — just sign in. If not, use the backup codes you saved when setting up each account, then re-add them to a new device.
What to do next
Put it to work
Now you have an authenticator app, turn on 2-Step Verification everywhere it matters — starting with your email, the key to every other account.
Secure your Gmail accountGo further
Pair strong two-factor with an inbox that's private by design. End-to-end encrypted email keeps your messages readable only by you.
Why switch to Proton MailWas this guide helpful?
Know someone who needs this? Send them the guide.
JD
Written by
Jordan DicksonFounder, CyberSecurityGuides
Founder of CyberSecurityGuides, writing practical, jargon-free guides that help everyday people recover from and protect against online attacks.
Reviewed by CSG Security Engineers