Aegis Authenticator: open source Google Authenticator and Authy alternative

Martin Brinkmann
Feb 24, 2023
Google Android
|
12

Aegis Authenticator is an open source application for Google Android devices to generate and manage two-step verification tokens for online services. The app has an import option, extra security options and several nice to have features that make it worth a closer look.

Many Internet services support two-factor authentication by now. It is an optional security feature in most cases, which adds a second layer of protection to account sign-ins. Sites still require username and passwords, but also a code to complete the login process.

Authenticator apps like Aegis Authenticator, or popular options such as Google Authenticator, Authy or Microsoft Authenticator, may generate these codes on mobile devices. These apps offer better security than email or SMS-based options.

Twitter announced recently that it will disable the SMS-based method for its free users, and users may use the opportunity to switch the method to Authenticator Apps.

Aegis Authenticator

Aegis Authenticator, like any other authenticator app, needs to meet certain security standards. The developers note that the vault is encrypted with AES-256-GCM and that it supports the industry-wide standards HOTP and TOTP. It is compatible with Google Authenticator, which means that its data can be exported for Google Authenticator.

What sets it apart from most popular choices is that it is fully open source. The developers have added password and biometric protections to the app on top of that, which means that access to the database is locked until the password is entered.

New services may be added in a number of ways. Besides the option to scan QR codes on websites directly, Aegis Authenticator supports entering details manually and importing them from other authenticator apps on the device. The last option may require root access, however, which most Android users may not have on their devices.

Imports from a good dozen major authenticator apps are supported. The list includes Authy, FreeOTP, Google Authenticator, Microsoft Authenticator, Steam and even plan text imports.

Aegis Authenticator supports extra features, such as groups, auto lock functionality, or panic trigger support using Ripple.

Aegis Authenticator Download

Aegis Authenticator is available on GitHub, on the free marketplace Fdroid, and on Google Play. Installation is straightforward from all three locations and should not pose any issues for Android users.

Use of the authenticator app

A password needs to be set up on first start of the app to protect the contents from prying eyes. The app displays all services on its frontpage .

First time users may want to open the Settings on first run to adjust some of them. There, they may change appearance, security and usability features. Some of the options found there include copying tokens with a tap, minimize the app on copy, or enable the automatic backups feature of the app.

Aegis Authenticator does not sync data to the cloud by default. There is an option under backup to enable Android cloud backups.

Migration from one authenticator app to another can be a time-consuming process, if direct imports are not available on the device. It usually involves disabling two-factor authentication at the service's website and setting it up again.

Adding new services to the app is a quick process. It does require scanning the QR code that sites and services display when two-factor authentication is set up.

Verdict

Aegis Authenticator is a well-designed app that is easy to use. Its import functionality makes it stand out, but it may require root depending on the authenticator that data needs to be imported from. Password protection, its open source nature, and several other security features make it stand out from the masses of other apps that serve similar purposes.

Now You: which two-factor authentication app do you use, and why?

Summary
Author Rating
5 based on 5 votes
Software Name
https://github.com/beemdevelopment/Aegis
Operating System
Android
Software Category
Security
Landing Page
Advertisement

Tutorials & Tips


Previous Post: «
Next Post: «

Comments

  1. Anonymous said on February 25, 2023 at 7:25 pm
    Reply

    I use the good ol’ FreeOTP, also open source (Red Hat) and available on F-Droid.

  2. Anonymous said on February 25, 2023 at 11:01 am
    Reply

    @thanks
    This is the kind of comment we did not come for!
    I look forward to reading your awesome posts

  3. joe said on February 25, 2023 at 8:45 am
    Reply

    @thanks

    I am sure your articles would be much more interesting. I look forward to reading them!!!

  4. Akina said on February 25, 2023 at 8:33 am
    Reply

    I use Aegis. Thanks for the article.

  5. thanks said on February 25, 2023 at 12:28 am
    Reply

    Great article!
    This is the kind of stuff we come for! I don’t know what’s been happening to this site lately with so much crap being posted by new people.

  6. scott said on February 24, 2023 at 10:09 pm
    Reply

    I use Raivo, same concept, open source.

  7. anonymous said on February 24, 2023 at 7:12 pm
    Reply

    I like FreeOTP+ from F-Droid.

  8. dave said on February 24, 2023 at 6:31 pm
    Reply

    I have tried to use Aegis Authenticator twice but I am not able to import the data from Google Authenticator. There is a message that says Google is encrypting the data and it is not retrievable without risking errors.

  9. Andy Prough said on February 24, 2023 at 5:00 pm
    Reply

    The fact that its on fdroid makes it trustworthy in my eyes. I don’t trust anything from github on a phone unless its from a big company like Brave or Mozilla. And I definitely don’t trust anything from the Google Malware Store.

    1. IHaveNoName said on February 26, 2023 at 7:03 am
      Reply

      Your comment shows that you have no real idea about what is trust worthy and what isn’t.
      The Github link “should” be the source code for the app you got from fdroid.
      Should because who’s to say the fdroid release wasn’t modified by whoever packaged it.
      By using the actual Github source you could audit the code and package it yourself if you wanted to trust the code explicitly.
      Also fdroid is no more “safe” than any other app store.
      I would argue that the Google store is safer than fdroid actually in terms of the way they continually scan packages in their repositories.
      fdroid allows anything to be published. Why do you think all the packages refused by Google because of safety issues end up on fdroid.

  10. Anonymous said on February 24, 2023 at 2:51 pm
    Reply

    I’m using Yubico Auth ’cause I use their keys.

    1. matthiew said on March 2, 2023 at 8:16 am
      Reply

      I’ve been using Yubikeys for a decade and I never heard that they released an MFA app. Thanks for sharing!

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.