Sophos Authenticator is a simple and intuitive application that provides multi-factor authentication on your mobile device. It generates both time-based and event-based one-time passwords (OTP) according to RFC 6238 and RFC 4226.

Once configured, 2-step authentication protects your account by requiring both your password and an additional code, thus adding an extra layer of security. The app will generate these codes for you in a convenient way, directly on your smartphone or tablet, without the need for Internet connection. Sophos Authenticator does not only operate with a Sophos account, but also with accounts from Google, Facebook, Dropbox, Github and all the other providers who implement authentication in this standardised way.

- Can generate both time-based (TOTP) and counter-based (HOTP) codes
- SHA-1, SHA-256 and SHA-512 hash algorithm supported
- Add an account easily by simply scanning a QR code with your device camera or by manual input
- Great flexibility: the time-step for TOTP accounts can be any number of seconds and is not limited to 30 seconds
- HOTP accounts can use any given initial counter and don't have to start from the beginning
- Generated codes can be 6 or 8 digits wide
- Your secret keys are stored in encrypted form on the app keychain
- No Internet/network connection needed, everything happens offline
- Accounts can be easily sorted in the list
- Copy any generated code to the clipboard by tapping on it

What's New

Version 1.4.0

Account data can now be modified after creation: username, issuer, token type, time-step/counter, hashing algorithm, token digits. The secret key remains the same and cannot be modified.

Customer Reviews

Great for iPad and iPhone


Nice to have a Google Authenticator compatible product for both iPhone and iPad.

Quick and Easy

Make a

Easy and fast

I've used this for several years


Two factor authentication is a way to protect your account from hackers. Sites that use 2FA need both your password and the 6-digit code generated by your authentication app. This 6-digit code is generated every 30 seconds, thereby making it difficult for people to hack into your account.

Most apps don't store codes on the cloud (a good thing), so the algorithm that creates the code is lost when you switch devices (an annoying thing).

The solution is to use two devices to scan the same QR code. Sophos Authenticator is a universal app, and I have it on both my iPhone and iPad. When I set up my site for 2FA, I make sure I have both devices.

Sophos has been around for decades, and I've never had an issue in using their authenticator app.


Sophos GmbH
1.1 MB
Requires iOS 8.0 or later. Compatible with iPhone, iPad, and iPod touch.
Age Rating
Rated 4+
© 2014-2017 Sophos GmbH


  • Family Sharing

    With Family Sharing set up, up to six family members can use this app.

More By This Developer

You May Also Like