WearAuth
Two-factor codes on your phone and your watch.
Scan an otpauth:// QR code once, and your six-digit TOTP codes are always at hand — on the phone, on the watch face, and as a Wear OS Tile of up to five accounts.
Fully offline and encrypted on the device, with a wrist-detection lock that hides your codes the moment you take the watch off. There's no server to leak.
What it does
Wear OS, first-class
The phone is the source of truth. The watch syncs over Wearable Data Layer and keeps generating codes when the phone is unreachable.
Wrist-detection lock
Codes on the watch hide the moment it leaves your wrist. An active phone unlock (biometric or PIN) silently re-grants access.
Biometric on launch
Optional fingerprint / face lock for the phone app. Off by default — turn it on in Settings.
Encrypted at rest
All secrets stored in AndroidX EncryptedSharedPreferences (AES-256-GCM via the platform Keystore). Never plaintext on disk.
Recovery backup
Optional encrypted backup to the paired watch AND to your own Google Drive App Data folder. One password, two independent recovery channels.
Export / import
Encrypted JSON export (AES-GCM + PBKDF2) for an offline copy on your terms. Import on any device with the password.
Requirements
- Phone
- Android 8.0 (API 26) or newer
- Watch
- Wear OS 3.0 (API 30) or newer
- Wrist-detection lock
- Watch with an off-body sensor (e.g. Galaxy Watch6 and most modern Wear OS watches)
- Backup to Drive
- A Google account, App Data scope only
Built with
WearAuth is proprietary. Android, Wear OS and Google Drive are trademarks of their respective owners.