Post

Best open source 2FA app for Android (Aegis Authenticator)

Aegis Auth: free and open-source multi-factor authentication (2FA) for Android.

Posted
By Puneeth G R
2 min read
Best open source 2FA app for Android (Aegis Authenticator)

My favorite 2FA app: Aegis Authenticator

Aegis Authenticator is a secure, free and open-source two-factor authentication (2FA) app which can be used to store all of your one-time 2FA verification codes of your accounts.

As of today, it is only supported on Android via Google Playstore and custom Android ROMs (eg: LineageOS) via F-Droid store.

  • Import from other authenticator apps:
    • First, you can export all of your pre-existing 2FA codes as a QR code (via Google Authenticator), then import it into Aegis by scanning that QR code.
    • Aegis also supports import via an export file. You can also import via the previous app directly (this needs root permission). I haven’t tried this method.
  • Backup: All the one-time passwords are stored in the Aegis “vault”. Aegis app supports exporting the encrypted vault into a JSON file. It also supports plain-text export (not recommended) in HTML or TXT format.
  • If you want to add a new entry into the vault (eg: add 2FA code entry of your Linkedin account to Aegis Authenticator), then you can either scan the QR code or enter the secret code manually.

The Aegis Vault backup file, which is password-encrypted (.json file), can be stored offline for better security. Any intruder needs access to both the vault file and your encryption password to unlock it. Alternatively, you can create cloud-based backups.

  • To unlock the Aegis app, you need to set up either a password or biometrics (or both). It supports both light mode and dark mode. It doesn’t allow taking screenshots of the app.

Supported 2FA Algorithms

  1. Time-based one-time password (TOTP) - most commonly used
    • TOTP is considered more secure than SMS-based 2FA. It is considered a gold standard in modern multi-factor 2FA authentication systems.
    • It generates a temporary, six-digit code every 30 seconds using a shared secret and the current time, which users enter after their password during login.
  2. HMAC-based one-time password (HOTP)

Android app for Aegis

  • Aegis Authenticator supports Android and custom android ROMs
  • Two versions:
    • Google playstore (Aegis Authenticator - 2FA App): here
    • F-Droid (if you use custom Android ROMs like LineageOS): here
  • Source code (Github) of Aegis Auth: Open source code licensed under GPL v3 license.

Aegis Authenticator app is unavailable for Apple iOS as of now.

Alternative apps

  • You can also use alternative 2FA apps like: Google Authenticator, Microsoft Authenticator, Authy, Duo Mobile etc.

Conclusion

I like Aegis Authenticator two-factor authentication because it is secure, free and open-source. I can easily create backup files of them offline, store it securely and import them in future if I lose access to my smartphone. The only limitation is that it is unavailable for Apple iOS users. As a backup, I also use Google Authenticator.

Thank you!

Blogs, Opensource
two-factor-auth