How do I know if I can trust the Pixplicity Authenticator app?

There are many Authenticator apps out there - why should I trust the Pix Authenticator?

The statistics

Pix Authenticator for Android has been downloaded over 500’000 times, and has a 4.3 star rating, putting it in the top 10 authenticator apps. Rated better than Google’s authenticator!

Because we made this for ourselves

Pix Authenticator is a project out of passion, not profit. We made this Authenticator because we were not satisfied with the available ones, both in terms of security and ease of use.

We also wanted to make an app that was absolutely, 100%, suitable for the biggest privacy geeks. We thought: what would it take for us, privacy geeks, to trust a random app from a random company with our security codes? The answer was simple: as a user, we always wanted to keep ownership over our own data. No vendor lock-in, not putting faith into the security skills of the server people, no secret back doors to China.

That’s why we made an app for ourselves.

  • The Google Authenticator does not offer creating backups. If you use Google’s app, and lose your phone, you need to reset all your accounts, one by one, using the recovery keys. With Pix’s Authenticator, you can simply restore your backup.
  • There are more authenticators, but we didn’t trust them. There’s no telling where your data goes. We made our Authenticator specifically so it can’t send data anywhere. We built it without internet permission, so your Android phone will not allow our app to go online, at all.
  • Using Pix Authenticator you don’t have to trust our cloud with your accounts. We don’t have a cloud and we don’t store your accounts.
  • And you don’t have to trust other cloud providers with your accounts either. We encrypt your back-up using strong AES 256-bit encryption. If you store your backups in, say, Dropbox, and someone hacks your Dropbox, you are still safe, because the Pix app did the encryption. You put your eggs in multiple baskets.

Pix Authenticator app screenshot

Security checked by Berkely

In 2022, the Pix Authenticator has been reviewed by security experts from Berkely. They reached out with several findings and suggestions, and were nice enough to give specific pointers on how to improve our app.

With their help, we:

  • Upgraded the encryption of the backup. Specifically using random salts for each backup, and upgrading the AES block cipher.
  • We added a warning before sharing accounts, to make users aware of the risk.
  • Increased the minimum password length.

The results from their research are to be released later this year.