Aegis authenticator. Beats all proprietary apps I've tried so far
Open Source
All about open source! Feel free to ask questions, and share news, and interesting stuff!
Useful Links
- Open Source Initiative
- Free Software Foundation
- Electronic Frontier Foundation
- Software Freedom Conservancy
- It's FOSS
- Android FOSS Apps Megathread
Rules
- Posts must be relevant to the open source ideology
- No NSFW content
- No hate speech, bigotry, etc
Related Communities
Community icon from opensource.org, but we are not affiliated with them.
I'm leaving links here in case anyone needs them
It supports importing data from various 2FA apps and even allows you to generate Steamguard codes.
Steamguard? Since when? That's awesome!
I honestly don't know. I set it up with steamguard-cli few months ago and it's working like a charm.
Yep, it works perfectly
Bitwarden has it too, but eggs in one basket etc.
One of those apps that just does its job, does it well and I never have to worry about it
Thank you!
I'd been a happy user of andOTP for many years, unaware until now that it had been abandoned and that I therefore needed ro replace it. I looked through the recommendations posted here and came to the conclusion that Aegis indeed was the best recommendation.
Migrating from andOTP to Aegis by exporting an encrypted backup file from andOTP to the local filesystem and importing it in Aegis worked flawlessly.
One thing that I really liked in andOTP that Aegis doesn't have was the PGP export, it was just very nice to get encrypted backup files that I could decrypt directly using standard software that I already have and know how to use, entirely independent from any particular app. Aegis instead provides the decrypt.py script to decode and decrypt its own encrypted backup file format and while I've tested and verified that this works fine, simply using standard PGP was nicer.
But that's a minor detail. All in all, Aegis seems to do everything I need, and does it well.
This is the best option. Love the app. But always remember to keep a backup of your tokens.
There is also ente.io authenticator app. It is available on fdroid. I think it supoorts cloud synchronisation as well.
Aegis
aegis
Aegis is a great Foss totp app
Aegis on mobile and keepassxc on desktop.
What's the difference between keepassxc and the regular keepass?
KeepassXC is multiplatform. (Also: KeepassDX is quite nice as an an Android app for Keepass databases.)
Authenticator Pro
I've used it for years for numerous phones. it's the best. Link for the lazy
https://apt.izzysoft.de/fdroid/index/apk/me.jmh.authenticatorpro
Yes! I moved from aegis to it and it is much better imo.
I love that you can back it up with a file... thatway i can put it somewhere safe and can recover my logins after my phone breaks
I'd suggest the following
The really important step is to make sure to export and backup your 2FA codes in a safe place.
You don't want to be left in the mud because you lost or wiped your phone that contains the only method to get into your important accounts.
BitWarden.
I don't think that it's safe to leave both authentication factors in a single app.
It depends on your risk profile, but yes, it's less secure. For some people the convenience is worth the risk, for others maybe not. If you opt to store 2fa keys in Bitwarden you'd definitely want to enable 2fa for your Bitwarden account though, which brings us back to the same issue again.
If you opt to store 2fa keys in Bitwarden you'd definitely want to enable 2fa for your Bitwarden account though, which brings us back to the same issue again.
With the risk of getting locked out if all your devices get logged out of Bitwarden! 🙈
To clarify, you'd want to enable 2fa for Bitwarden and store the token for that in a different authenticator app - that way you can still log in to Bitwarden without already needing to be logged in
For me FreeOTP+ on fdroid is all I need. Its simple and just works.
Aegis
I personally use KeePassXC (KeePassDX on android), it can have TOTP code generation for 2FA for any service. And since it's a password manager, it's secured by a master password.
Aegis is my favorite.
Aegis, FreeOTP
aegis is great, but 2fas has Google Drive sync and a browser extension.
lack of sync is a dealbreaker for me.
I recommend one of the FOSS apps in fdroid for this, don't use a proprietary one from Google Play (like the Google Authenticator).
Mauth
I use Yubico Authenticator with my Yubikey (NFC and USB) and Vivokey Authenticator - which is a straight fork of the Yubico Authenticator - with my Vivokey Apex implant.
The official GitHub app. Yes, it's not universal for other sites, but you get 2FA and a much more pleasant browsing experience.
For a universal solution, give Aegis a try.
I actually try to use authenticator apps as little as possible. Having to unlock your phone and open the app each time is too much hassle.
Instead I have four Yubikeys, not security keys, that I store my OTP 2FA codes on. One for personal codes, one for work codes, and the other two as backups for the first two. The backups protect me from hardware failure, the keys being stolen, or lost. One downside of the backup plan is having to scan the QR code twice, once per Yubikey.
Each Yubikey can store 32 OTP codes on the smart card part of the Yubikey. The 32 code limitation is why I have personal and work codes on separate keys. I did run into this limit.
This isn't the cheapest solution. In addition you could argue it also isn't the most secure, but that depends on the attack vector and circumstance.
With this setup I can use the Yubico Authenticator desktop to copy and paste the codes into the browser. While mobile I can use the mobile form of the same app. Also all my Yubikeys have NFC, so I can use that method if I want instead of just USB.
As mentioned in a different comment I highly recommend not storing 2FA codes in password managers like Bitwarden. It creates an all eggs one basket problem, which is exactly what 2FA codes are trying to avoid.
Having to unlock your phone and open the app each time is too much hassle.
And having to use two USB keys and double code scanning isn't? I'm glad your system works for you, but it sounds like a pain in the but to me lol.
andOTP is the only app I know of that's on F-Droid and has a feature to make an encrypted backup to a file.
Unfortunately it hasn't been updated in awhilee, but I dont think there's an alternative.
I see aegis supports automatic backups. I don't see it explicitly saying 'encrypted' backups though I too use andOTP but didn't realize it's not regularly maintained. I may check out aegis as it does support import from andOTP
Followup. Aegis does support encrypted backup. I had to do an unencrypted backup in andOTP so Aegis could import. Easy stuff
Edit: automatic backup doesn't encrypt? Or I am having trouble setting up
automatic backup doesn’t encrypt?
It does for me. Are you sure that your backup really isn't encrypted? Look in the JSON backup file, all your vault data should be encrypted and stored in one single long base64 encoded string with key name "db". Is that not so for you?