rilok.com

What It Is

Private Authenticator is a free online 2FA generator available on rilok.com, positioned as a browser-based alternative to Google Authenticator. Users can enter a Base32-formatted 2FA secret to generate verification codes, and can unlock the full app to save and manage two-factor authentication codes. The page explicitly states support for both TOTP and HOTP, with no registration and no app installation required.

Core Features and Security Design

In terms of protection type, this is a verification-code-based two-factor authentication tool, rather than an enterprise MFA, SSO, or zero-trust platform. It is deployed as a local browser app, with data stored on the user’s device in encrypted IndexedDB. The provider states that it cannot access user data, passwords, or authentication codes. Its management features mainly include master-password unlocking, saving multiple 2FA codes, encrypted backup and recovery, and offline operation. Its strengths are low friction and a privacy-friendly design, but the page does not disclose the encryption algorithms used, whether it is open source, any third-party audits, or a vulnerability response process.

Pricing and Compliance

The page is marked as 100% Free and No Registration, so it appears to follow a free model, with no visible subscription, enterprise plan, or payment information. As for compliance certifications, there is no evidence of SOC 2, ISO 27001, GDPR, HIPAA, or similar standards. The FAQ only lists a question related to “compliance requirements” without providing a certification conclusion. For enterprise security teams, this lack of information would affect procurement and risk assessment.

Pros and Cons

The advantages are that it requires no registration or installation, works offline, stores data locally with encryption, and supports encrypted backup and recovery. It is suitable for individual users who want an alternative to a mobile authenticator or need to migrate 2FA codes across devices. The downsides are that the terms state the application is provided “as is” and that the provider assumes no responsibility for data loss, unauthorized access, or security incidents. It also lacks enterprise capabilities such as team permissions, centralized policies, audit logs, alerts, directory integration, and APIs.

Who It’s For and Access from China

It is better suited to individuals, developers, or users who temporarily need to generate TOTP/HOTP codes in a browser. It is not suitable for enterprise MFA scenarios that require compliance, centralized operations, and auditability. The source text provides no evidence about access from mainland China, so availability is assessed as unknown; payment information is also not disclosed. If access is unstable or security requirements are higher, alternatives such as Google Authenticator, Microsoft Authenticator, Bitwarden, and 1Password may be worth considering, while enterprise use cases should adopt MFA/SSO solutions with audit and compliance capabilities.