Aegis Authenticator: open source Google Authenticator and Authy alternative

Martin Brinkmann
Feb 24, 2023
Google Android

Aegis Authenticator is an open source application for Google Android devices to generate and manage two-step verification tokens for online services. The app has an import option, extra security options and several nice to have features that make it worth a closer look.

Many Internet services support two-factor authentication by now. It is an optional security feature in most cases, which adds a second layer of protection to account sign-ins. Sites still require username and passwords, but also a code to complete the login process.

Authenticator apps like Aegis Authenticator, or popular options such as Google Authenticator, Authy or Microsoft Authenticator, may generate these codes on mobile devices. These apps offer better security than email or SMS-based options.

Twitter announced recently that it will disable the SMS-based method for its free users, and users may use the opportunity to switch the method to Authenticator Apps.

Aegis Authenticator

Aegis Authenticator, like any other authenticator app, needs to meet certain security standards. The developers note that the vault is encrypted with AES-256-GCM and that it supports the industry-wide standards HOTP and TOTP. It is compatible with Google Authenticator, which means that its data can be exported for Google Authenticator.

What sets it apart from most popular choices is that it is fully open source. The developers have added password and biometric protections to the app on top of that, which means that access to the database is locked until the password is entered.

New services may be added in a number of ways. Besides the option to scan QR codes on websites directly, Aegis Authenticator supports entering details manually and importing them from other authenticator apps on the device. The last option may require root access, however, which most Android users may not have on their devices.

Imports from a good dozen major authenticator apps are supported. The list includes Authy, FreeOTP, Google Authenticator, Microsoft Authenticator, Steam and even plan text imports.

Aegis Authenticator supports extra features, such as groups, auto lock functionality, or panic trigger support using Ripple.

Aegis Authenticator Download

Aegis Authenticator is available on GitHub, on the free marketplace Fdroid, and on Google Play. Installation is straightforward from all three locations and should not pose any issues for Android users.

Use of the authenticator app

A password needs to be set up on first start of the app to protect the contents from prying eyes. The app displays all services on its frontpage .

First time users may want to open the Settings on first run to adjust some of them. There, they may change appearance, security and usability features. Some of the options found there include copying tokens with a tap, minimize the app on copy, or enable the automatic backups feature of the app.

Aegis Authenticator does not sync data to the cloud by default. There is an option under backup to enable Android cloud backups.

Migration from one authenticator app to another can be a time-consuming process, if direct imports are not available on the device. It usually involves disabling two-factor authentication at the service's website and setting it up again.

Adding new services to the app is a quick process. It does require scanning the QR code that sites and services display when two-factor authentication is set up.


Aegis Authenticator is a well-designed app that is easy to use. Its import functionality makes it stand out, but it may require root depending on the authenticator that data needs to be imported from. Password protection, its open source nature, and several other security features make it stand out from the masses of other apps that serve similar purposes.

Now You: which two-factor authentication app do you use, and why?

software image
Author Rating
5 based on 5 votes
Software Name
Operating System
Software Category
Landing Page

Tutorials & Tips

Previous Post: «
Next Post: «


  1. Albert said on August 18, 2023 at 1:49 pm

    Thanks for the tip Martin.

    It is for these kinds of posts that I follow GHacks.

    1. Mike Williams said on August 26, 2023 at 8:55 pm

      What’s up with the generic comment, are you a bot?

  2. Tachy said on August 18, 2023 at 3:23 pm


    Where on the planet is that still in use? I was forced to give up using my RAZRV3 years ago because 2G was phased out by AT&T.

    1. arbuz said on August 20, 2023 at 5:02 pm

      Everywhere 3G has been turned off and you don’t have LTE coverage, and believe me there are many developed countries where this is the case and if it weren’t for 2G you wouldn’t even be able to make a phone call.

    2. Doc Fuddled said on August 31, 2023 at 5:55 pm

      Maybe I missed it, but I don’t believe tha term “2G” is in the article. Perhaps you are referring to “AGM G2”??

  3. Tachy said on August 18, 2023 at 3:27 pm


    Your website has gone insane.

    When I the post button I then saw my comment posted on a different article page. When I opened this article again, it is here.

    1. Martin P. said on August 31, 2023 at 4:39 pm

      @Tachy @Martin Brinkmann

      ” Your website has gone insane. ”

      Same here. Has happened several times.

      1. owl said on September 1, 2023 at 3:42 am

        @Martin P.,

        For over two weeks now,
        I’ve been seeing “Comments” posted by subscribers appearing in different, unrelated articles.
        For the time being,
        it would be better to specify the “article name and URL” at the beginning of the post.

  4. Anonymous said on August 18, 2023 at 11:17 pm

    @tachy a lot of non-phone devices with a sim in them rely on 2G, at least here in europe.
    Usually things reporting usage or errors/alarms on something remote that does not get day to day inspection in person. They are out there in vast numbers doing important work. Reliable, good range. The low datarate is no problem at all in those cases.
    3G is gone or on its last legs everywhere, but this stuff still has too much use to cancel.

    Anyhow, interesting that they would put that in. I can see the point if you suspect a hostile 2G environment (amateur eavesdroppers with laptop, ranging up to professional grade MITM fake towers while “strangely” not getting the stronger crypto voip 4G because it is being jammed, and back down to something as old ‘stingray’ devices fallen into the wrong hands).

    But does this also mean that they have handled and rolled out a fix for that nasty 4G ‘pwn by broadcast’ problem you reported earlier this year? I had 4G disabled due to that, on the off chance that some of the local criminals would buy some cheap chinese gear, download a working exploit and probe every phone in range all over town in the hope of getting into phones of the police.

  5. Andy Prough said on August 19, 2023 at 3:04 am

    >”While most may never be attacked in stingrays, it is still recommended to disable 2G cellular connections, especially since it does not have any downsides.”

    The downside would be losing connectivity. I spend a lot of time way out in the countryside where there’s often no service or almost none. My network allows 2G, and I need it sometimes. I have an option on the phone to disable 2G, I may do that when I’m in the city and I have good 5G connectivity, but not out in the country.

    I would imagine that the stingray exploits, like most of the bad things in this world, are probably things you will run into in the crowded big cities.

  6. owl said on August 21, 2023 at 3:40 am

    I stopped using it in a mobile (Wi-Fi line) environment, so I’m almost ignorant of the actual situation,
    But the recent reality in Japan makes me realize that “the infrastructure of the web is nothing more than a papier-mâché fiction”.

    It is already beyond the scope of what an individual can do.
    What we should be aware of is the reality that “governments and those in power want to control the world through the Web”, and efforts to counter (resist and prevent) such ambitions are necessary.

  7. Anonymous said on August 26, 2023 at 9:27 pm

    Why do you want people to disable the privacy features? Hmmmmm?

  8. Anonymous said on August 27, 2023 at 2:30 am

    Now You: do you plan to keep the Ads privacy features enabled?

    I’d like to tell you, but apparently if you make a post critical of Google, you get censored. * [Editor: removed, just try to bring your opinion across without attacking anyone]

  9. Tachy said on August 27, 2023 at 5:15 am


    You website is still psychotic. Comments attach to random stories.

  10. John G. said on August 28, 2023 at 2:46 pm

    @Martin please do fix the comments, it’s completely insane commenting here! :[

  11. ECJ said on August 28, 2023 at 5:37 pm


    The comments are seriously messed up on gHacks now. These comments are mixed with the article at the below URL.

    And comments on other articles are from as far back as 2010.

  12. Naimless said on August 29, 2023 at 12:57 am

    What does this article has anything to do with all the comments on this article? LOL I think this Websuite is ran by ChatGPT. every article is messed up. Some older comments from 2015 shown up in recant articles, LOL

  13. Paul Knight said on August 31, 2023 at 3:35 am

    The picture captioned “Clearing the Android Auto’s cache might resolve the issue” is from Apple Carplay ;)

  14. Anonymous said on August 31, 2023 at 9:57 pm

    How about other things that matter:
    Drop survival?
    Screen toughness?
    Degree of water and dust protection?

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.