Skip to content
Switch branches/tags



Highly secure and easy to use GTK+ software for two-factor authentication that supports both Time-based One-time Passwords (TOTP) and HMAC-Based One-Time Passwords (HOTP).


Name Min Version Suggested Min Version
GTK+ 3.18 3.22
Glib 2.48.0 2.50
jansson 2.6.0 -
libgcrypt 1.6.0 -
libzip 1.0.0 -
libpng 1.2.0 -
libcotp 1.2.1 -
zbar 0.10 0.20 (linuxtv)
cmake 3.5 -


  • support both TOTP and HOTP
  • support setting custom digits (between 4 and 10 inclusive)
  • support setting a custom period (between 10 and 120 seconds inclusive)
  • support SHA1, SHA256 and SHA512 algorithms
  • support for Steam codes (please read THIS PAGE)
  • import encrypted Authenticator Plus backup
  • import and export encrypted and/or plain andOTP backup
  • import and export plain FreeOTPPlus backup (key URI format only)
  • import and export plain Aegis backup (plain json only)
  • local database is encrypted using AES256-GCM
    • key is derived using PBKDF2 with SHA512 and 100k iterations
    • decrypted file is never saved (and hopefully never swapped) to disk. While the app is running, the decrypted content resides in a "secure memory" buffer allocated by Gcrypt


  • Before each release, I run PVS Studio in order to catch even more errors and/or corner cases
  • With every commit to master, OTPClient is compiled in CircleCI against different distros


For things like roadmap, screenshots, how to use OTPClient, etc, please have a look at the project's wiki. You'll find a lot of useful information there.

Manual installation

If OTPClient hasn't been packaged for your distro (check here) and your distro doesn't support Flatpak, then you'll have to manually compile and install OTPClient.

  1. install all the needed libraries listed under requirements
  2. clone and install OTPClient:
git clone
cd OTPClient
mkdir build && cd build
sudo make install


This software is released under the GPLv3 license. Please have a look at the LICENSE file for more details.