I don't see any reason to use it over andOTP, which has all those features and has been around years before Aegis. It even looks suspiciously similar to andOTP, if not heavily inspired by it.
shaicoleman 1195 days ago [-]
* Aegis has a nicer design
* Aegis has an extensive import functionality, andOTP does not seems to have it
* andOTP relocks every time you switch apps, which can be annoying if you need multiple codes when you login to multiple services. In Aegis that behaviour is configurable
* andOTP makes you choose between biometric encryption and password, Aegis supports both at the same time
* andOTP supports tags, Aegis does not
Due to the import functionality, it's easy enough to give it a try, and see if you like it yourself.
circularfoyers 1195 days ago [-]
Thanks for responding. I should have mentioned I've been a user of andOTP for a few years so that's why I brought the comparison up. I wish more projects (including Aegis) mentioned what distinguishes themselves from very similar options.
I think the fact that Aegis allows you to import from a number of other authenticators, notably proprietary ones, is an important feature in getting people to move over to an open source equivalent, which is something I respect.
One minor correction to what you said though - andOTP doesn't relock every time you switch apps. I tried this just now to verify this.
shaicoleman 1195 days ago [-]
I tried andOTP again now, and I figured out why it was locking for me.
I usually switch apps by clicking on the icon on the home screen, rather than the task switcher.
When I launch it from the home screen it always re-locks.
iFreilicht 1195 days ago [-]
This can be turned off in the settings: "Security" -> "Re-lock when going into the background"
shaicoleman 1195 days ago [-]
I've already unticked all the Re-lock settings, and it still locks for me every time I launch it from the home screen/app drawer.
I tried also on another phone, and same thing.
iFreilicht 1195 days ago [-]
That seems like a bug, I didn't experience that before.
justaj 1195 days ago [-]
Kind of sucks that the passphrase to open Aegis is also the passphrase that encrypts your backup. I have to access my 2FA app frequently, so I had to set the passphrase to 3 characters. Luckily the backup is only saved on the devices I own.
iFreilicht 1195 days ago [-]
That's what the biometric access is for. Choose a strong password, use fingerprint or face-reader for quick access.
justaj 1194 days ago [-]
I don't know. I'm not comfortable giving any software access to the fingerprint sensor (I've also taped it off), and definitely not as means of authentication.
iFreilicht 1194 days ago [-]
Seems much more secure than having a three-letter passphrase, but fair enough.
You can still encrypt the backup with an additional layer when you back it up. I use the E2EE in Nextcloud for folders with sensitive info, that works quite seamlessly.
iFreilicht 1194 days ago [-]
Agree, I just imported all my 2F secrets from andOTP, which worked great. Having biometric access and a working cloud backup just makes it that little bit more accessible so it's actually a pleasure to use.
I also love that it has an option for a super-compact view. The default one takes up way too much space.
I don't know about you but does anyone else screenshot (and even print physical copies of, to keep safe) their authenticator barcodes given by websites, in case some day your chosen app dies or your phone(s)/tablets/everything gets lost?
m-p-3 1195 days ago [-]
I store my password manager (Bitwarden) TOTP code in my safe in QR code format. I keep all my other TOTPs in my password manager.
My Bitwarden password is long (at least 40 characters long, I didn't count precisely) and never used or reused.
mattrick 1195 days ago [-]
Doesn't it kinda defeat the point of storing TOTP codes in your password manager?
swirepe 1195 days ago [-]
You wouldn't need to store the codes, but you would need to store the key that makes the codes.
m-p-3 1195 days ago [-]
If it's secured by TOTP and a unique and secure password, it's not the weakest link.
chromakode 1195 days ago [-]
This reduces the attack scope from two devices to one. If your computer or web browser is compromised then both your TOTP secrets and password secrets are in one basket. Storing TOTP on a separate device can make it significantly harder to compromise your accounts.
literallycancer 1195 days ago [-]
He might be using two different password manager accounts, one for passwords and one TOTP? Although it doesn't help much if he logs in from the same machine anyway.
Denvercoder9 1195 days ago [-]
Partially, but it still offers protection against e.g. replay attacks and e-mail hacks.
cdurth 1195 days ago [-]
I would say not when you can secure bitwarden with a hardware key 2FA.
tarruda 1195 days ago [-]
Aegis has an option to export an encrypted backup of the database. I export one every time I add a new code to the app.
alexbakker 1195 days ago [-]
One of the authors here. Recent versions of Aegis also come with an automatic backup feature, so that an export is created at a location of your choosing automatically every time a change is made to your entry list. Might be a little more convenient than doing manual exports every time.
PascalW 1195 days ago [-]
Thanks for pointing this out! I've been using Aegis for quite a while and didn't know this.
dddw 1195 days ago [-]
Yes, and the exact reason I use aegis (plus open source!)
imiric 1195 days ago [-]
I use Aegis, but also import the TOTP URI to pass, and use it with pass-otp[1].
It kind of defeats the purpose of 2FA, but I keep my pass repo relatively secure, and the convenience is worth it.
That’s like a must. Services that don’t probably have an easy way to reset your 2FA via email verification which entirely negates the benefit of 2FA (last line of defence if your password or email are compromised). You probably want to stay away from those services entirely.
1195 days ago [-]
1195 days ago [-]
gbraad 1195 days ago [-]
Always keep a hardcopy in a safe, for that day your phone is lost or dies. You don't wanna ask Amazon to remove your 2FA, as this involves paperwork. I learned the hard way, but luckily located backups
Youden 1195 days ago [-]
I put them into Bitwarden alongside the password.
Yes, that means that there's a single place where both factors are stored but if Bitwarden has two-factor authentication (it does), the two factors are preserved.
pluc 1195 days ago [-]
You really only not do this once. When you lose your phone, you learn.
jamiesonbecker 1195 days ago [-]
You can use the QR codes to enroll new devices. (But then so can anyone who finds your QRs, so if you do this, keep them safe)
davchana 1195 days ago [-]
I keep screenshot of QR Codes, & phrases itself in a separate keypass database.
ffpip 1195 days ago [-]
I sometimes do that when I don't have to write them down.
Iolaum 1195 days ago [-]
Yes I do keep backups.
exabrial 1195 days ago [-]
Sounds awesome!
Authy is fricken awful. It requires SMS for "security" entirely defeating the purpose of 2FA. Worse off, some SAASs _require_ Authy specifically.
Think about that. That means the security of an enterprise system at your company is completely dependent on whether or not an individual secures their personal cell phone account. Absolutely stupid, avoid Authy like the plague.
PascLeRasc 1195 days ago [-]
Authy's trying to make an open standard proprietary. I don't understand why you have to sign up for it with your phone number, or how they've gotten websites like Twitch to offer Authy-exclusive 2FA. In any case I was able to phish myself out of my old phone's Authy account really easily. It's a really bad thing to happen for regular consumers.
phreack 1195 days ago [-]
Anecdotally, I've seen a few places that instead of mentioning the protocol just say 'download G Auth' or 'download Authy', and so far all of those worked with Aegis when I tried.
stoolpigeon 1195 days ago [-]
I use Authy for a few reasons. One is the ability to sync and use it across multiple devices. This is really convenient.
But the killer is the desktop app. I've had a number of instances where someone I was helping could not get the time of their phone and computer close enough to properly generate codes. Running the Authy app on the machine meant the time matched perfectly and they were finally able to log in.
It's not perfect but has some killer features.
NikolaeVarius 1195 days ago [-]
> Authy is fricken awful. It requires SMS for "security" entirely defeating the purpose of 2FA
Explain. There is a separate password to defeat traditional SMS attacks.
mynameisvlad 1195 days ago [-]
I believe it uses it for account recovery if you don't have a device with it installed anymore.
nikolay 1194 days ago [-]
Authy is a disaster. It damaged my data and I got locked out from many services. At some point the app's generate token is not accepted - I've never had such issues with Microsoft Authenticator or 1Password's 2FA.
tobib 1195 days ago [-]
I've been using Authy for a long time and have never come across SMS for security. When would that be triggered?
MeinBlutIstBlau 1195 days ago [-]
I think it's a point of recovery for your authy account that they're talking about.
Nice, I consider that a good sign! Means it's unlikely to ever go proprietary like Google Authenticator did.
MayeulC 1195 days ago [-]
I used to use andOTP, mainly because it was possible to export OTP tokens when upgrading or resetting my phone.
Then IIRC I heard that andOTP wasn't that secure/maintained. Or maybe that their backup file encryption wasn't that great. I am not sure about these claims, but I migrated to Aegis, that could nicely import AndOTP tokens.
Nowadays, I use it in combination with bitwarden (it supports OTP), which I use for my less important accounts. Bitwarden (self-hosted with bitwarden-rs) allows me to generate those without my phone. I still keep every token in Aegis as well.
AndOTP features I miss with Aegis:
- Icon library for common websites using OTP
- Maybe Steam OTP support? I never used it though, since it would more or less lock me out of trading, without the app, so I use e-mail.
ignitionmonkey 1195 days ago [-]
Icon packs are coming. [1] Steam accounts can be imported if you have root access, or you can try [2].
IIRC Steam codes are almost standard except they use a different encoding because... Valve likes to roll their own stuff (?). I agree that trading makes only having codes a bit less useful. They could've used the same codes to confirm trades instead of an entirely separate interface.
Yeah, steam rolling their own stuff is a bit troublesome at ties, but I think they were among the first to use TOTP tokens, IIRC ? There was a story here the other day on how they roll their own password encryption over HTTPS for logging in... It's a shame they don't use standard authentication mechanisms, though.
And I should clarify: my yubikey is my main 2FA token, though support for U2F/Webauthn is a bit limited.
Steam is supported, actually! But like you said, you'd still need the Steam app if you're doing trading.
MayeulC 1195 days ago [-]
Hey there, thanks for Aegis, it is my main OTP vault for important suff.
Thank you and your sibling comment. I'm glad this is being worked on! Discovery is also important IMO, so a one-tap install of the most widely used icon pack would be nice to have too :)
alexbakker 1195 days ago [-]
Thanks for your support! That's a fair point. We'll see what the feedback is like when we release initial support for icons packs and decide whether to include a pack out of the box after that.
1195 days ago [-]
hiyer 1195 days ago [-]
> I migrated to Aegis, that could nicely import AndOTP tokens.
Thanks. I use andOTP too and was hoping this point was answered somewhere here :-).
MayeulC 1195 days ago [-]
Oh, perhaps I should also mention that Aegis can easily display OTP secrets that can be pasted into Bitwarden.
You can also display Qr codes to easily export a select few to another authenticator app.
Not sure about Aegis -> AndOTP? Aegis can export txt and json, as well as its own encrypted format.
iFreilicht 1195 days ago [-]
It works together with icon packs you installed as an app. I use Whicons, it has lovely monochrome icons for most sites I use.
anthony_barker 1195 days ago [-]
Been testing this - migrated from FreeOTP (redhad).
I have a conflict on export of keys for backup. But then you kind of need it in the event you loose the phone (so you don't have to rely on sms or email to recover account access).
Personally I think the best security I have seen is in Keybase or Matrix with the trusted devices concept. I like how keybase allows for one of the devices to be a paper device.
literallycancer 1195 days ago [-]
There are scripts to help you export from FreeOTP (and transform to the FreeOTP+ format), even without a rooted phone.
The opposition to export features by FreeOTP maintainers is idiotic, because there is no contract that TOTP seed never moves or lives only on one device. The only expectation is that it is not shared with 3rd parties and is carefully kept secret. At the same time, migrating to a new phone and having to change 30 different 2FA codes individually is untenable.
scintill76 1195 days ago [-]
Bit OT: I’m interested in an open standard for “push” 2FA. Receive a push notification on Google or Apple’s standard platform, or at the least be able to open the app and just tap the account to send second factor auth (maybe when you open the app it queries all accounts to find which is currently waiting for auth). Are there security concerns blocking this?
dastx 1195 days ago [-]
There is server-sent events.
teamspirit 1195 days ago [-]
My big thing with these apps, Authy, Duo, Google Authenticator is site icons. Authy finally figured out a way to query the website and either get the favicon or some image from the website. I know, it's really the most minuscule part but it frustrates me to see "(D)" for Digital Ocean. But it's enough to keep me with it.
ignitionmonkey 1195 days ago [-]
Icon packs are coming [1] and you can set your own for the more niche sites.
The problem with querying websites for their icon is that it leaks data about you (your phone and desktop) to a third-party without a proxy, requires a domain to match against, and like with Authy, the icons go out of date and become inconsistent. Worst of all, you have to give network access to the entire app for a trivial feature, making it less secure and trustworthy. Offline icon packs that have a consistent look is a good solution to all of this. [2]
Bitwarden has this feature, and it is optional. I wouldn't mind if Aegis has it, as long as it is optional.
enshake 1195 days ago [-]
Authy now adds the site logo automatically. If not, you can search one up in the app
ktzar 1195 days ago [-]
I use andOTP, open source and can export and import keys so you can have them backed up.
ignitionmonkey 1195 days ago [-]
They're pretty similar apps in terms of features (Aegis does all of that too).
Personally, comparing screenshots, I think Aegis' interface and choice of colours is more sleek, especially in dark and OLED modes, so it got my pick.
lucideer 1195 days ago [-]
andOTP used to have some pretty bad issues with security. I switched from andOTP over to Aegis way back then; I've heard that the andOTP author has been extremely active & responsive since, and responded/fixed the aforementioned issues over time, but I've been so happy with Aegis that I haven't felt compelled to go back.
gruez 1195 days ago [-]
I've been trying to switch away from a closed source authenticator and this ticks most of the boxes. The only thing it's missing is the ability to quickly filter by group. Currently you have to open app -> 3 dot menu -> filter -> select group (4 steps total), whereas the authenticator I'm currently using allows you to side swipe -> select a group (2 steps), or add a shortcut on homescreen that opens the app with the filter enabled (1 step).
chessmango 1195 days ago [-]
Can recommend AndOTP in this case, provided using Android. Grab a build off F-Droid - easy tag-hopping with options for single or multiple tag selection. Have very few complaints, and I 2FA anything I can, at work and personally, so tags strictly necessary
gruez 1195 days ago [-]
The main problem with andotp is the excessive amount of padding that they add to each entry, even with the "compact" option. The group/tag selection is better (only two steps), but not nearly as convenient as the app I'm using where you can view a group/tag directly from the home screen.
phs 1195 days ago [-]
I love AndOTP. It's boring, it keeps the master key in my head and offers simple backups.
alexbakker 1195 days ago [-]
One of the authors here. We've gotten a lot of similar feedback lately. This is something we plan on addressing in a future release by introducing filter chips, either directly on the main view, or one tap away. Hopefully that'll make it a bit easier to quickly filter based on groups.
darkteflon 1195 days ago [-]
This looks great. Is there any chance it will make it to iOS?
Unfortunately, Google Drive and Dropbox only partially participate in Android's Storage Access Framework. In Aegis, exporting only requires the creation of a file, so that works with both. Configuring backups on the other hand requires selecting a folder, but most cloud providers don't support that. A notable exception is Nextcloud.
gchamonlive 1195 days ago [-]
How about cloud paas providers like AWS? The user could generate a IAM access key with permissions to manage a specific bucket and configure Aegis with the key. Aegis would use the cloud Api to upload the backup.
If that is of interest, I could help implement that.
gchamonlive 1195 days ago [-]
doesn't seem to show for me, only internal space. I have no idea why.
commented on my question with a snipped I wrote based on that extraction method from authy. The code generates a Aegis compatible database instead of printing QR codes
gchamonlive 1195 days ago [-]
in response to myself, I created a snippet to generate a database in bulk from authy.
Can I throw in a question here? How do I get my accounts imported from the old Google Authenticator into the new one?
I'm currently locked out of my AWS account because I made the mistake of adding MFA to my root account at the wrong time.
The crazy thing is that AWS have my phone number but due to formatting or similar they can't send me an SMS! IT's possible that they're trying a US number but mine is Australian.
jdright 1195 days ago [-]
Can this import from Google Authenticator?
alexbakker 1195 days ago [-]
One of the authors here. Yes! Aegis can scan the QR codes that Google Authenticator presents in the "Transfer accounts" screen. It's also possible to import directly from Google Authenticator's internal database if you have root access.
jdright 1195 days ago [-]
Just migrated all devices in my home. Without root access, I had to use another phone to take a picture of the QR and then scan with Aegis. This way it had difficulty understanding QR that had more then 4 entries. Anyway, waiting for the icons support, but for now it is another Google app down! Thanks a lot.
amiga-workbench 1195 days ago [-]
Thank you so much for this feature! Google Authenticator has been holding my phone ransom on Android 9. I've got way too many 2fa keys to reconfigure manually and add to a new client.
I'm all backed up and installing the latest Lineage OS build now.
aynawn 1195 days ago [-]
I've been in the market for an open source authenticator that works on android and desktop with a cloud sync.
I cannot find one and so I'm stuck on using authy. I have exported all my TOTP tokens in hopes that one might turn up.
Aegis, like andOTP and others, does not appear to have a desktop client.
PascLeRasc 1195 days ago [-]
Check out Tofu if you're on iOS! Open-source, way nicer UI than Google Auth, and you can back it up to iCloud.
Nice! I am using 1Password's 2FA, but, basically, it puts both the password and the second factor in one place, which turns 2FA into essentially 1FA!
ffpip 1195 days ago [-]
Can you add 'app' to the title?
Open source 2FA App for Android.
Ayesh 1195 days ago [-]
Sucks that there is no Windows version. Android one looks pretty nice and I like that there are many import/export options
loloquwowndueo 1195 days ago [-]
Lol windows :) no seriously if you need an OATH application for windows you can probably coerce oathtool to run under WSL or even natively.
m-p-3 1195 days ago [-]
There are some KeePass-compatible password managers on Windows that can generate TOTP codes if that's something you want.
Zizizizz 1195 days ago [-]
you can install this > export backup to JSON > import to pass-otp and you have 2fa in your command line and phone
PradeetPatel 1195 days ago [-]
From a user's perspective, what does it have over other 2FA apps such as Google Authenticator or Duo?
livre 1195 days ago [-]
I use this after having used Google Authenticator, what made me switch is easy backups and restores, not to the cloud but locally to a file. Also you don't need a Google Account if you wish to transfer your data to a new device.
ignitionmonkey 1195 days ago [-]
To add to this. Aegis supports any cloud provider that implements Android's "Storage Access Framework".[1]
I can’t tell from the homepage, but perhaps it supports SHA256? Google Authenticator on Android (but not, weirdly, on iOS) pretends to be fine with SHA256 but then goes ahead and uses SHA1, and thus generates wrong codes.
livre 1195 days ago [-]
It supports SHA1, SHA256 and SHA512.
lucideer 1195 days ago [-]
Being open-source is not of exclusive benefit to non-users.
Additionally, being non-Google would be considered a large benefit by many non-technical users I know.
ffpip 1195 days ago [-]
Better UI and custom icon support for the random website you have.
Plus this is offline. Hence more secure.
vvatermelone 1195 days ago [-]
You can require biometric authentication to view the codes, that's the main reason I use it over GA.
antpls 1195 days ago [-]
I have no printer at home. Does anyone know how to backup all those QRcodes on paper ?
alexbakker 1195 days ago [-]
If you write down the secrets and the other parameters on paper, that would suffice as a backup as well. I'd recommend using Aegis' encrypted backup though.
petespeed 1195 days ago [-]
Anyone knows if and how to use this instead of Microsoft authenticator?
technion 1195 days ago [-]
When you setup Microsoft Authenticator, it defaults to a QR code that will be invalid to standard TOTP apps. However, that's because it assumes you want to use the push notification of the app. If you click a button like "key without notify", it will give you a different QR code which is fully standard and works with common apps like this.
aorth 1195 days ago [-]
Wow, that is a great tip! I have been avoiding setting up a TOTP with Microsoft for months because I didn't want to install their app and I didn't know you could click "without notifications" to get a standard code. Super annoying that they insist on texting me every freaking time I log into email or Teams. Now I can use Aegis, phew!
ffpip 1195 days ago [-]
I think Microsoft Authenticator is internet based. The 2FA secret key is backed up to their servers.
Aegis is open source, free and has backup and restore functionality. It also has a great UI and custom icon support.
* Open source
* Has search functionality
* Has biometric unlock functionality
* Has no external dependencies (SMS/remote accounts)
* Nice design/UX
* Dark mode
* Can import from other apps
* Just works
* Can do an encrypted export
* Encrypted export can be read by other apps, see https://github.com/beemdevelopment/Aegis/blob/master/scripts...
* Aegis has an extensive import functionality, andOTP does not seems to have it
* andOTP relocks every time you switch apps, which can be annoying if you need multiple codes when you login to multiple services. In Aegis that behaviour is configurable
* andOTP makes you choose between biometric encryption and password, Aegis supports both at the same time
* andOTP supports tags, Aegis does not
Due to the import functionality, it's easy enough to give it a try, and see if you like it yourself.
I think the fact that Aegis allows you to import from a number of other authenticators, notably proprietary ones, is an important feature in getting people to move over to an open source equivalent, which is something I respect.
One minor correction to what you said though - andOTP doesn't relock every time you switch apps. I tried this just now to verify this.
I usually switch apps by clicking on the icon on the home screen, rather than the task switcher.
When I launch it from the home screen it always re-locks.
I tried also on another phone, and same thing.
I also love that it has an option for a super-compact view. The default one takes up way too much space.
It's perfect, just donated a few beers to the author as well. You can do so, too: https://www.buymeacoffee.com/beemdevelopment
My Bitwarden password is long (at least 40 characters long, I didn't count precisely) and never used or reused.
It kind of defeats the purpose of 2FA, but I keep my pass repo relatively secure, and the convenience is worth it.
[1]: https://github.com/tadfisher/pass-otp
Yes, that means that there's a single place where both factors are stored but if Bitwarden has two-factor authentication (it does), the two factors are preserved.
Authy is fricken awful. It requires SMS for "security" entirely defeating the purpose of 2FA. Worse off, some SAASs _require_ Authy specifically.
Think about that. That means the security of an enterprise system at your company is completely dependent on whether or not an individual secures their personal cell phone account. Absolutely stupid, avoid Authy like the plague.
But the killer is the desktop app. I've had a number of instances where someone I was helping could not get the time of their phone and computer close enough to properly generate codes. Running the Authy app on the machine meant the time matched perfectly and they were finally able to log in.
It's not perfect but has some killer features.
Explain. There is a separate password to defeat traditional SMS attacks.
Then IIRC I heard that andOTP wasn't that secure/maintained. Or maybe that their backup file encryption wasn't that great. I am not sure about these claims, but I migrated to Aegis, that could nicely import AndOTP tokens.
Nowadays, I use it in combination with bitwarden (it supports OTP), which I use for my less important accounts. Bitwarden (self-hosted with bitwarden-rs) allows me to generate those without my phone. I still keep every token in Aegis as well.
AndOTP features I miss with Aegis:
- Icon library for common websites using OTP
- Maybe Steam OTP support? I never used it though, since it would more or less lock me out of trading, without the app, so I use e-mail.
IIRC Steam codes are almost standard except they use a different encoding because... Valve likes to roll their own stuff (?). I agree that trading makes only having codes a bit less useful. They could've used the same codes to confirm trades instead of an entirely separate interface.
[1] https://github.com/beemdevelopment/Aegis/issues/509
[2] https://github.com/beemdevelopment/Aegis/wiki/Adding-Steam-t...
Yeah, steam rolling their own stuff is a bit troublesome at ties, but I think they were among the first to use TOTP tokens, IIRC ? There was a story here the other day on how they roll their own password encryption over HTTPS for logging in... It's a shame they don't use standard authentication mechanisms, though.
And I should clarify: my yubikey is my main 2FA token, though support for U2F/Webauthn is a bit limited.
> Icon library for common websites using OTP
Someone from the community is maintaining an icon pack for Aegis: https://github.com/aegis-icons/aegis-icons. We're currently working on making icon packs easier to use in Aegis, see: https://github.com/beemdevelopment/Aegis/issues/509.
> Maybe Steam OTP support
Steam is supported, actually! But like you said, you'd still need the Steam app if you're doing trading.
Thank you and your sibling comment. I'm glad this is being worked on! Discovery is also important IMO, so a one-tap install of the most widely used icon pack would be nice to have too :)
Thanks. I use andOTP too and was hoping this point was answered somewhere here :-).
You can also display Qr codes to easily export a select few to another authenticator app.
Not sure about Aegis -> AndOTP? Aegis can export txt and json, as well as its own encrypted format.
I have a conflict on export of keys for backup. But then you kind of need it in the event you loose the phone (so you don't have to rely on sms or email to recover account access).
Personally I think the best security I have seen is in Keybase or Matrix with the trusted devices concept. I like how keybase allows for one of the devices to be a paper device.
The opposition to export features by FreeOTP maintainers is idiotic, because there is no contract that TOTP seed never moves or lives only on one device. The only expectation is that it is not shared with 3rd parties and is carefully kept secret. At the same time, migrating to a new phone and having to change 30 different 2FA codes individually is untenable.
The problem with querying websites for their icon is that it leaks data about you (your phone and desktop) to a third-party without a proxy, requires a domain to match against, and like with Authy, the icons go out of date and become inconsistent. Worst of all, you have to give network access to the entire app for a trivial feature, making it less secure and trustworthy. Offline icon packs that have a consistent look is a good solution to all of this. [2]
[1] https://github.com/beemdevelopment/Aegis/issues/509
[2] https://github.com/aegis-icons/aegis-icons
Personally, comparing screenshots, I think Aegis' interface and choice of colours is more sleek, especially in dark and OLED modes, so it got my pick.
There is a workaround using the Authy Desktop app but I have no idea if it works.[2]
[1] https://github.com/beemdevelopment/Aegis/pull/107
[2] https://gist.github.com/gboudreau/94bb0c11a6209c82418d01a59d...
As I see, it backs up to the internal storage, so I have to use another app to sync the backup to a cloud of my choice
You can select Google Drive/Dropbox when backing up the vault.
https://github.com/beemdevelopment/Aegis/issues/258#issuecom...
Unfortunately, Google Drive and Dropbox only partially participate in Android's Storage Access Framework. In Aegis, exporting only requires the creation of a file, so that works with both. Configuring backups on the other hand requires selecting a folder, but most cloud providers don't support that. A notable exception is Nextcloud.
If that is of interest, I could help implement that.
edit: this is not released yet, I think
https://news.ycombinator.com/item?id=25804860
follow: https://gist.github.com/gboudreau/94bb0c11a6209c82418d01a59d...
But change the code with:
https://gist.github.com/gboudreau/94bb0c11a6209c82418d01a59d...
I'm currently locked out of my AWS account because I made the mistake of adding MFA to my root account at the wrong time.
The crazy thing is that AWS have my phone number but due to formatting or similar they can't send me an SMS! IT's possible that they're trying a US number but mine is Australian.
I'm all backed up and installing the latest Lineage OS build now.
I cannot find one and so I'm stuck on using authy. I have exported all my TOTP tokens in hopes that one might turn up.
Aegis, like andOTP and others, does not appear to have a desktop client.
https://github.com/calleerlandsson/tofu
Open source 2FA App for Android.
https://github.com/beemdevelopment/Aegis/issues/258#issuecom...
Additionally, being non-Google would be considered a large benefit by many non-technical users I know.
Plus this is offline. Hence more secure.
Aegis is open source, free and has backup and restore functionality. It also has a great UI and custom icon support.
Under active development - http://github.com/beemdevelopment/aegis