Stratum is an open-source multi-factor authentication (MFA) app backed by a GitHub community, and there's a lot to like about it. For one, the app makes it easy to import and export your account tokens, so you can still log in to all your accounts if you lose your phone or someone steals it. While it’s limited to Android, Stratum distinguishes itself with support for Wear OS devices. The latest version also features a more polished interface and expanded customization options. Thanks to these improvements, Stratum earns our Editors' Choice for Android devices, alongside the excellent, privacy-focused Aegis Authenticator.

Getting Started With Stratum

Stratum only works on Android devices, including Wear OS devices. It's the only authenticator app I've reviewed that supports Wear OS. Competitor Authy supports Apple's watchOS.

(Credit: Stratum/PCMag)

I tested the Stratum app using a Samsung Galaxy A71 5G. Before you import your tokens or scan new ones, check out Stratum's guides for a helpful introduction to its features.

As you get familiar with the app's interface, head over to the Settings menu to set up a password for the app. Like Aegis Authenticator, you can encrypt your tokens by locking the app each time you close it. While in the Setting menu, check out Stratum's privacy-enhancing token behavior options. Of particular interest is the Skip to Next function, which automatically skips to a new token code if one is close to expiration. Enabling the Tap to Reveal Codes setting lets you hide your account codes and choose how long they remain visible. Aegis Authenticator has a setting that immediately minimizes the app after you copy a code.

(Credit: Stratum/PCMag)

When you're ready to import your old account tokens from another authenticator app, Stratum makes it easy. Like Aegis Authenticator, Stratum can import tokens from other apps, including 2FAS, Aegis, Authy, Blizzard Authenticator, Google Authenticator, Steam, and plain text files.

Signup Requirements and Data Collection Policies

Authenticator apps are simple OTP code generators that should not require much, if any, data from you or your device. That's why I think it's a note in Stratum's favor that there are no options to create or sign up for an account in the app.

According to the Google Play listing for Stratum, the app does not collect any data. On the app's GitHub project, the developers state that the app requires camera permissions to scan QR codes. In contrast, Microsoft Authenticator collects location data, and Google's authenticator app requests data from 6 different app categories, including your Contacts list, photos, and phone number.

As mentioned above, Stratum is a free, open-source project on GitHub, and an online community maintains the code. That means there's no big company or support team behind the app. Similarly, there's no privacy policy to peruse here, and there's also little recourse if something happens to your account tokens (though that's a risk with any authenticator app).

Hands On With Stratum

The app's default interface is teal, white, and gray. Screenshots are disabled by default, a setting I've praised in 2FAS and Aegis Authenticator.

(Credit: Stratum/PCMag)

You can customize the interface with different color schemes in the Appearance section of the Settings menu. Choosing the Dynamic Color setting changes the app's accent colors based on your device's wallpaper. I turned this off and chose a different accent color: Indigo. I also like that you can separate your tokens into labeled categories by tapping on the Categories section of the main menu. Since my last review, the interface is a bit sleeker, and you can change the token sizes for easier viewing and download icon packs to further customize the app.

As for the functionality tests, Stratum passed those with flying colors. Creating new tokens for my accounts was a painless process, and the app's QR code reader recognized codes for all of the platforms I tested, including Google and X.com.

Importing and Backing Up Account Info With Stratum

(Credit: Stratum/PCMag)

You can create backup copies of your token lists for competing apps. The app prompts you to create a password to protect your backup files and to specify a local location for your backups. There's an option in the Settings menu to set up an automatic backup schedule so you'll always have a local copy of your tokens. I could back up my test account tokens and access them using Google's Authenticator app without trouble. Aegis also supports easy exports and imports, but most other authenticator apps are import-only or can export only to the same app on a different device.