Software
Mobile Apps
personally tested
Aegis Authenticator
2FA App for One-Time Passwords
- Introduction
- Developer/Supplier
- Purchase Date
- Purchase Price
- Rating
- System Requirements
- Languages
- Support
- Features
- Practice
- Pros
- Cons
- Conclusion
- Important Tips
- Alternatives
- Text auf Deutsch
Two-Factor Authentication for Android OS
Aegis is an alternative to proprietary two factor authentication apps like Google Authenticator and Authy. Its most important features, are security and backups.
Developer/Supplier
Purchase Date
25.03.2023 for my Google Pixel 7 Pro
Purchase Price
Free app in the F-Droid repository
Rating (1–5 Stars)
***** 5 stars
System Requirements
Android OS 5.0 or newer
Compatibility
Aegis supports the HOTP and TOTP algorithms. These are industry standard and widely supported, making Aegis compatible with thousands of services. Any web service that supports Google Authenticator will also work with Aegis Authenticator.
Languages
German and English
Support
in Englisch, via E-Mail.
The developer's Website describes most of the features.
Features
Encryption and biometric Unlocking
All your one-time passwords are stored in a vault. When you set a password (strongly recommended), the vault is encrypted using strong cryptography. If someone accesses the vault file with malicious intent, they cannot retrieve the contents without knowing the password. Entering your password every time you need access to a one-time password can be cumbersome. You can enable biometric unlocking if your machine has a biometric sensor (fingerprint or face unlock).
Organisation
Over time, you will probably collect dozens of entries in your safe. Aegis Authenticator offers many options to make it easier to find the one you need at a particular time. Set a custom icon for an entry to make it easier to find. Search by account name or service name. Do you have a lot of one-time passwords? Add them to custom groups for easier access. Personal, professional and social can each get their own group.
Backups
To ensure you never lose access to your online accounts, Aegis Authenticator can create automatic backups of the vault to a location of your choice. If your cloud provider supports Android's Storage Access Framework (like Nextcloud), it can even create automatic backups to the cloud. Creating manual exports of the vault is also supported.
Switch from other 2FA Apps
Aegis Authenticator can import the data of many other authenticators, including: Authenticator Plus, Authy and OTP, FreeOTP, FreeOTP +, Google Authenticator, Microsoft Authenticator, Steam, TOTP Authenticator and WinAuth (root access is required for apps without an export option).
Practice
For a fully automatic backup of the vault after every change, I plugged my USB card reader into the Pixel 7 Pro immediately after installing the app and set a directory created for this purpose on the inserted microSD card as the default backup path.
Before I start Aegis Authenticator to make changes or create more entries, I plug the USB card reader with microSD card into the USB-C socket of my smartphone. As soon as I change anything, i.e. create or delete an entry or assign an icon, for example, the vault will be immediately backed up in encrypted form.
Meanwhile, some password managers offer their own 2FA function for one-time passwords. You might think that pure 2FA apps like this one from Aegis have become superfluous. But really secure password safes combine the master password with 2FA – and for that you do need a separate 2FA app! Because when the password safe is locked, you cannot access its integrated 2FA function.
Since I switched from Android to Apple's iPhones, I no longer needed a 2FA app, because the function was already integrated into Strongbox, a local password safe for iOS.
In the meantime, I have a Google Pixel 7 Pro as my main phone and have set up two user profiles on it. Copying the password files manually became too cumbersome for me. That's why I'm testing the Bitwarden online password safe. It supports 2FA to secure the master password. For that alone, it was worth installing Aegis Authenticator! But if you're going to do it, then do it: I have immediately secured all 2FA access data with it. Double is better.
Pros
- free of charge and open source
- secure
- encrypted, can be unlocked with password or biometric data
- preventing screen capture
- compatible with Google Authenticator
- supports industry-standard algorithms: HOTP and TOTP
- many possibilities to add new entries
- scan a QR code or image
- enter the details manually
- import from other popular authentication apps
- Organisation of many entries
- alphabetical / user-defined sorting
- user-defined or automatically generated symbols
- group entries
- advanced entry processing
- search by name / issuer
- material design with multiple themes: Light, Dark, AMOLED
- export (plain text or encrypted)
- automatically secure the vault in a location of your choice
- also works completely offline!
Cons
- nothing
Conclusion
Highly recommended!
Aegis Authenticator does not collect any information about the user and no information is sent. Aegis Authenticator also does not ask for permission to access your contacts or location.
And the most important thing: the accounts are not uploaded anywhere!
The only exception: an encrypted copy of the accounts is only stored in the cloud of your choice if you wish. However, the password never leaves your device.
Important Tips
- Remember the password for Aegis Authenticator well!
(I recommend saving it in a 2nd password manager) - This password is used to encrypt your accounts.
- These cannot be restored without the password.
- The security of your accounts stands and falls with the quality of the password!
Alternatives
Good password managers also support one-time passwords (OTP).
If you want to use as few apps as possible and only store locally, I recommend KeePassDX.
If passwords are to be synchronised online, Bitwarden is first choice, because this password safe encrypts all data fields and offers 2FA to secure the master password. This does not make OTP-Auth superfluous, but indispensable (with an iPhone as main device).