New Update Aegis Authenticator for Android - Free and Open Source

Ink

Administrator
Thread author
Verified
Jan 8, 2011
22,490
Aegis Authenticator
GitHub: GitHub - beemdevelopment/Aegis: A free, secure and open source app for Android to manage your 2-step verification tokens.

Download App
Play Store: Aegis Authenticator - 2FA App - Apps on Google Play
F-Droid: Aegis Authenticator | F-Droid - Free and Open Source Android App Repository

Aegis Authenticator is a free, secure and open source 2FA app for Android. It aims to provide a secure authenticator for your online services, while also including some features missing in existing authenticator apps, like proper encryption and backups. Aegis supports HOTP and TOTP, making it compatible with thousands of services.
  • Free and open source
  • Secure
    • The vault is encrypted (AES-256-GCM), and can be unlocked with:
      • Password (scrypt)
      • Biometrics (Android Keystore)
    • Screen capture prevention
    • Tap to reveal
  • Compatible with Google Authenticator
  • Supports industry standard algorithms: HOTP and TOTP
  • Lots of ways to add new entries
    • Scan a QR code or an image of one
    • Enter details manually
    • Import from other authenticator apps: 2FAS Authenticator, Authenticator Plus, Authy, andOTP, FreeOTP, FreeOTP+, Google Authenticator, Microsoft Authenticator, Plain text, Steam, TOTP Authenticator and WinAuth (root access is required for some of these)
  • Organization
    • Alphabetic/custom sorting
    • Custom or automatically generated icons
    • Group entries together
    • Advanced entry editing
    • Search by name/issuer
  • Material design with multiple themes: Light, Dark, AMOLED
  • Export (plaintext or encrypted)
  • Automatic backups of the vault to a location of your choosing
 
Last edited:

rain2reign

Level 8
Verified
Well-known
Jun 21, 2020
363
I switched from andOTP to Aegis Authenticator a little over a year go myself. Mainly for the features that Aegis offers additionally regarding the vault's encryption, it's unlocking and everything else is a nice thing to have at this point for me. A nice bonus on the side is that it looks more simplistic and better organized with some minor size customization features available. The tokens themselves are also encrypted, but i cant remember if andOTP also had that or not...

Most of the issues i had with it are probably fixed by now most likely. Essentially they do the same thing, though its nice that natively Aegis supports a dozen imports directly from both app-to-app (for example: Google, Authy, Microsoft and Steam) integration as well as token files. And for those few that use Blizzard Authentication there is a tutorial on their wiki beemdevelopment/Aegis/wiki#1-blizzard-authenticator to show how to get the app serial code for token transfer compatibility.

From the FAQ on the website: Aegis Authenticator - Brand new 2FA app for Android
  • What does your app offer that other 2FA apps do not?

    Compared to other 2FA apps, we think Aegis stands out in terms of its simplicity and security. Most popular apps like Google Authenticator and FreeOTP don't bother with additional security measures. They allow access to your tokens right after opening the app. Aegis, on the other hand, encrypts all of your tokens at rest and requires a password or the touch of a finger to decrypt them.

    Another important feature is the ability to export your tokens and import them into another device. Google Authenticator doesn't have this, which has not only annoyed users for years, but has also resulted in loss of access to lots accounts.

And andOTP has been in need for development help/contributions for a while now as well. The original maintainer of the app doesn't have as much time anymore to put into it which, for me personally, is fine. Though since i already switched i have more trust in the maintenance of Aegis, but that is a matter of preference if nothing else.
Help wanted:

I currently don't have that much time to spend developing andOTP, so any contributions are always welcome. Don't worry, I will still continue to develop andOTP it will just slow down from the incredible speed I had going in the beginning.

In short: they do the same thing, one just takes simplicity and functionality support a step further than the other. Cant go wrong with either, if you ask me. I just happen to prefer Aegis after having used both, albeit a far older version of andOTP as it's been over a year.

Edit: beemdevelopment/Aegis/blob/master/docs/vault - Explains the security design of the app and vault format in detail for those who understand and are interested in this.
 
Last edited:

Ink

Administrator
Thread author
Verified
Jan 8, 2011
22,490

Aegis Authenticator 2.2.x updates​


Version 2.2.1
New features
  • Ability to automatically skip potential duplicates when importing entries
Fixed bugs
  • (hotfix) Biometrics button on the unlock screen was unresponsive

Version 2.2
New features
  • Authenticator Pro encrypted import support
  • Ability to change account name position
  • A new dialog explaining how our password reminder works
  • Ability to change copy behavior
  • Ability to only show account names when necessary
  • New view mode: Tiles/Grid
  • Added translation: Dutch (Frysian)
  • Updated translations
Fixed bugs
  • Deleting an entry while a search filter is active now shows the correct state
  • Aegis now fully respects system animation settings

GitHub releases and APK: Releases · beemdevelopment/Aegis

Play Store: Aegis Authenticator - 2FA App - Apps on Google Play
F-Droid: Aegis Authenticator | F-Droid - Free and Open Source Android App Repository
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top