Google Authenticator syncs to your Google account. Microsoft Authenticator connects to Microsoft infrastructure. Authy requires registration and syncs to Twilio servers. Every one of them puts a third party somewhere in your trust chain - a party you did not choose and cannot remove.
Signet has no third party. Your secrets are generated, stored, and used entirely on your device. The app makes zero network requests. Not fewer - zero.
Your secrets are wrapped by cryptographic hardware - Android Keystore (StrongBox or TEE) on Android, Secure Enclave on iOS. The app shows you exactly which level of hardware protection each account has. Changing your biometrics permanently destroys the wrapping keys. There is no recovery path, by design.
Every session requires biometric or device credential authentication before any secret is accessible. Signet never holds your secrets in memory longer than it must, and clears them immediately after use.
Export your accounts as a file encrypted with Argon2id key derivation and AES-256-GCM. You set the passphrase. Nobody else holds a copy. The format is fully documented and open. Restore takes seconds.
RFC 6238 (TOTP) and RFC 4226 (HOTP), implemented using the platform's standard cryptographic APIs. No proprietary algorithms. Compatible with GitHub, AWS, Cloudflare, Microsoft, Google, and any service using the standard otpauth:// QR code format.
