Platform / Identity / Synergy Authenticator
Identity & Access

Synergy Authenticator
Your second factor, your brand.

The company's own Android app for the six-digit codes that prove it's really you at sign-in — so your team never has to install Google's. Industry-standard codes that work with any service, secrets sealed in the phone's secure hardware, and not a single network permission.

● Built & verified Built natively for Android Industry-standard codes Zero network access
What it replaces
Google Authenticatorthe default second factor — now first-party Authythe same codes, without a third party's cloud in the loop
Why build one

The last mile of owning your identity stack

A sign-in platform that ends with "now go install Google Authenticator" hands the final, most personal step of its security story to someone else's brand. Synergy Authenticator closes that loop: setting up, signing in, and the app generating the codes are all one product family.

The codes are the same industry-standard six-digit codes used across the internet — exactly what the SynergyAuth server checks — so there's no lock-in in either direction. The code math is verified against the standard's official published test cases, and the pairing is proven end to end: a code generated on the phone was accepted by the live server, same account, same moment.

It also works both ways — because the app speaks the universal otpauth:// standard every code-based service uses, it can hold codes for your bank, your email, anything that offers them — not just Synergy.

Three ways to enroll

  • Scan the QR — point the camera and it reads the code, with nothing leaving the phone
  • One-tap deep link — tapping enroll on the SynergyAuth page opens the app with the account pre-filled
  • Manual key entry — for when a screen can't be scanned
Security posture

An authenticator that cannot phone home

The threat model for an authenticator is simple: the secrets must never leave the device. This app enforces that at the operating-system level, not as a policy promise.

🚫No internet access, period

The app asks for zero network permissions — even the ones bundled software usually sneaks in were stripped out. The QR scanner works fully offline. There is simply no way for the app to send a secret anywhere.

🔒Hardware-backed encryption

Secrets rest encrypted, sealed by a master key that lives in the phone's dedicated security hardware — not in app storage where other software could reach for it.

🙅Excluded from backup

Secrets are explicitly excluded from cloud backup and phone-to-phone transfer. Your sign-in codes don't ride along to whatever device signs in next.

Even links are handled with care: after a one-tap otpauth:// setup, the link is wiped so the secret isn't left sitting in history — the same discipline the SynergyAuth setup page applies on its side.

The product

Native where it counts

This is a real native app, not a website in a wrapper: the dark Synergy look, a live countdown ring around every code, and tap-to-copy. It supports the strict, standard, and legacy variants of the code format, so it works with older services as smoothly as new ones.

It ships alongside a browser-based companion — an installable authenticator that runs entirely on your own device, even offline — so people on any phone or computer have a first-party option while the iPhone version and app-store listing are on the roadmap.

Verified end to end

RFC 6238the published industry standard for codes — verified against its official test cases
1:1 matcha code generated on the phone was accepted by the live SynergyAuth server — same account, same moment
0network permissions in the shipped app
KotlinJetpack ComposeCameraX + ML Kit (offline)Android KeystoreEncryptedSharedPreferencesRFC 6238 TOTP
Keep exploring

Related