I’ve been using that one for a while and it’s the best authetification app I’ve tried.
Way better than Google Authenticator! I agree.
Same, been using it for a while now. You can even setup automatic backups to your own nextcloud instance
Been using Aegis after switched from FreeOTP and I love it. UI is also pleasing (although I don’t spend much time in the app, but still)
I use this, a couple of tips: set up a fingerprint unlock so you dont have to type a pin everytime; and I advise not to keep your TOTP codes only in a phone app, you can save them in KeepassXC on your pc for example.
You can setup regular auto backups along with syncthing to keep it safe. That’s what I am doing so to store the file in multiple devices and locations.
I love syncthing, so versatile. I don’t backup the Aegis database with it only because my TOTPs are already in Keepass and because Aegis is backed up by Seedvault already (Lineageos)
If both your password and TOTP code are saved in the same place, that’s a single attack vector. Saving your TOTP codes in Keepass destroys the second factor part of the protection.
Physically print out the setup QR codes, and keep them safe.
Old school, I like it. Of course KeepassXC can also show the QR codes :)
Keeping it on physical paper helps in almost all cases.
1 - It separates the backups from the internet, helping prevent security vulnerabilities from stealing your MFA codes. Cloud backups along with cloud passwords means you would get caught up in any major data breach.
2 - It allows you to set up a new device without needing to have the old device. If you lost/broke your phone, then those local QR code exports are gone.
3 - People generally know how to keep physical things safe. You can put them in a bank’s safety deposit box, in a fire safe, or just in a folder in your desk. As long as they’re not also sitting near your passwords, they’re pretty useless to most people, and the likelihood that someone is going to physically try to swipe your account data is extremely low.Great suggestions all around.
I also avoid the cloud for this type of stuff (so no Bitwarden on someone else’s server). All my disks are encrypted at rest, and I keep the TOTPs both in Keepass and in Aegis. Both are backed up on machines/disks I control (via Syncthing and Seedvault mostly)
I have some of the NFC/USB sticks Token2 make.
Which are neat, as you can stick the seeds on there, then retrieve them so long as you have physical access, and the passkey.
and it doesn’t access the internet, very cool :)
FreeOTP and FreeOTP+ are Foss on F-droid, originally developed by Red Hat
I used it for a while, it is quite good, but I recently switched to a webxdc (in-chat mini-app) in Delta Chat which allows me to access the codes from any device where I have Delta Chat installed and adding a new token in one device synchronizes to all other devices this also mean that my tokens are safe if one of my devices die and I will not lose them. All of this is without depending on a server holding your data
Syncthing bud, just use syncthing. Aegis will export a backup on any change and keep N backups. Just use syncthing. Just. Use. Syncthing.
I don’t need it but I have to try this 😄 I’ve been using Delta chat for a while now but never tried any mini “apps”, do you have any suggestion?
I use 2FAS Auth personally as an iOS user. Is it considered a good choice?
Technically not a good choice for this community specifically. 2FAS Auth operates out of the USA. Being FOSS does change the implications of that, though.
Same but on Android, prefer its interface to Aegis’. I think its okay, it is open source.
Any reason to use this rather than Ente Auth?
Any reasons to use Ente Auth over Aegis?
Not really. Yet, Ente Auth offers syncing between devices which one may deem to be against the concept of 2FA (different token keys on different devices).
Being able to sync between devices is a huge benefit. I switched from Aegis to Ente Auth for that reason.
It’s all e2e encrypted, and you can protect your Ente account with a hardware key, so there’s basically no downside.
The downside is complexity which is always a reason to not use software that deals in cryptography stuff. Sometimes simple is best.
In your case, the second factor is the use of the hardware key.
If knew the answer to this, I wouldn’t have need to ask my question…
AndOTP seems fine
Looks like development on AndOTP stopped ~4 years ago (July 2021). There’s definitely an “if it ain’t broke” factor, but the way Android keeps dropping support for older SDK apps, you will probably need to switch to something else eventually. I hadn’t heard of Aegis before this thread, but apparently one of its big features is support for importing from other authenticator apps (including AndOTP and Google Authenticator).
Aegis can import andotp backups.
thanks ! I’ll look into it !
It doesn’t seem to support Fido, so I dunno.
