Software

Mobile Apps

personally tested


Aegis Authenticator

2FA App for One-Time Passwords

Two-Factor Authentication for Android OS

Aegis is an alternative to proprietary two factor authentication apps like Google Authenticator and Authy. Its most important features, are security and backups.

Some password managers also offer a 2FA function for one-time passwords. You might think that this makes pure 2FA apps like this one from Aegis superfluous. But really good password vaults secure their master password using a 2FA query – which is why you still need a separate 2FA app! Because if your password vault is locked, you have no access to its in-built 2FA function.

Developer/Supplier

Beem Development

Purchase Date

25.03.2023 for my Google Pixel 7 Pro
13.11.2023   for my Google Pixel 8 Pro

Purchase Price

Free app in the F-Droid repository

Rating (1–5 Stars)

***** 5 stars

System Requirements

Android OS 5.0 or newer

Compatibility

Aegis supports the HOTP and TOTP algorithms. These are industry standard and widely supported, making Aegis compatible with thousands of services. Any web service that supports Google Authenticator will also work with Aegis Authenticator.

Languages

German and English

Support

in Englisch, via E-Mail.
The developer's Website describes most of the features.

Features

Encryption and biometric Unlocking

All your one-time passwords are stored in a vault. When you set a password (strongly recommended), the vault is encrypted using strong cryptography. If someone accesses the vault file with malicious intent, they cannot retrieve the contents without knowing the password. Entering your password every time you need access to a one-time password can be cumbersome. You can enable biometric unlocking if your machine has a biometric sensor (fingerprint or face unlock).

Organisation

Over time, you will probably collect dozens of entries in your safe. Aegis Authenticator offers many options to make it easier to find the one you need at a particular time. Set a custom icon for an entry to make it easier to find. Search by account name or service name. Do you have a lot of one-time passwords? Add them to custom groups for easier access. Personal, professional and social can each get their own group.

Backups

To ensure you never lose access to your online accounts, Aegis Authenticator can create automatic backups of the vault to a location of your choice. If your cloud provider supports Android's Storage Access Framework (like Nextcloud), it can even create automatic backups to the cloud. Creating manual exports of the vault is also supported.

Switch from other 2FA Apps

Aegis Authenticator can import the data of many other authenticators, including: Authenticator Plus, Authy and OTP, FreeOTP, FreeOTP +, Google Authenticator, Microsoft Authenticator, Steam, TOTP Authenticator and WinAuth (root access is required for apps without an export option).

Practice

To back up the vault fully automatically after every change, I plugged my USB card reader into the Pixel 7 Pro immediately after installing the app and set a directory created for this purpose as the default backup path on the inserted microSD card.

Before I started Aegis Authenticator to make changes or create additional entries, I plugged the USB card reader with microSD card into the USB-C socket on my smartphone. As soon as I changed anything, i.e. created or deleted an entry or assigned an icon, for example, the vault was immediately backed up in encrypted form.After buying the second Pixel phone, I simplified this:
I created a backup folder called Aegis in the device memory of both Pixel smartphones for temporary data backups.
As soon as I change anything in the Aegis app, i.e. create or delete an entry or assign an icon, for example, the vault is immediately backed up in encrypted form.
This temporary data backup is then immediately backed up to another medium, i.e. via the above-mentioned USB card reader or I email the file end-to-end encrypted to my secure mailbox at Tuta.

Since I used a Pixel 7 Pro with two user profiles, manually copying password files was too cumbersome for me. That's why I tested the online password vault from Bitwarden. It supports 2FA to secure its master password. It was worth installing Aegis Authenticator for that alone!

13.11.2023: A Pixel 8 Pro is now my main phone and I wouldn't want to do without Bitwarden. And of course Aegis Authenticator is indispensable.

Pros

  • free of charge and open source
  • secure
  • encrypted, can be unlocked with password or biometric data
  • preventing screen capture
  • compatible with Google Authenticator
  • supports industry-standard algorithms: HOTP and TOTP
  • many possibilities to add new entries
  • scan a QR code or image
  • enter the details manually
  • import from other popular authentication apps
  • Organisation of many entries
  • alphabetical / user-defined sorting
  • user-defined or automatically generated symbols
  • group entries
  • advanced entry processing
  • search by name / issuer
  • material design with multiple themes: Light, Dark, AMOLED
  • export (plain text or encrypted)
  • automatically secure the vault in a location of your choice
  • also works completely offline!

Cons

  • nothing

Conclusion

Highly recommended!
Aegis Authenticator does not collect any information about the user and no information is sent. Aegis Authenticator also does not ask for permission to access your contacts or location.

And the most important thing: the accounts are not uploaded anywhere!
The only exception: an encrypted copy of the accounts is only stored in the cloud of your choice if you wish. However, the password never leaves your device.

Important Tips

  • remember the password for Aegis Authenticator well!
    (I recommend saving it in a password manager)
  • this password is used to encrypt your accounts
  • these cannot be restored without the password
  • the security of your accounts stands and falls with the quality of the password!

Alternatives

Some password managers also support one-time passwords (OTP).
If you want to use as few apps as possible and store locally, KeePassDX is best suited for this.

If passwords including 2FA data are to be synchronised online platform-independently, Bitwarden is the first choice, because this password safe encrypts all data fields locally before the data is uploaded and offers 2FA to secure the master password.

But it is more risky to store 2FA data together with login data.
Strict separation is safer.

Keyword list: Aegis Authenticator, Alternatives, Android, Apps, Conclusion, Cons, Details, E-Mail, F-Droid, Groups, IT, Mailbox, Mobile Apps, Offline, Online, Open Source, Pixel, Pros, Service, Services, Smartphone, Smartphones, Software, Storage, Tips, USB, User, Website, why

Last edited: