Pages:
Author

Topic: Aegis Authenticator, a decent alternative to Google Authenticator and Authy (Read 1211 times)

hero member
Activity: 2520
Merit: 952
Do you still recommend Aegis?

As @o_e_l_e_o said, Aegis is great 2FA software. But if you're still looking for option, you could check andOTP (https://github.com/andOTP/andOTP) which is slightly more popular option and have few different feature (such as encrypt with PIN).

Well, you set pin instead of words in password field and same function in Aegis  Tongue

Actually it's good point, although Aegis will spawn QWERTY virtual keyboard rather than numeric virtual keyboard. Should've mentioned there's backup option using OpenPGP instead Roll Eyes.

There is setting for pin keyboard if you have numeric password  Grin
hero member
Activity: 2520
Merit: 952
Do you still recommend Aegis?

As @o_e_l_e_o said, Aegis is great 2FA software. But if you're still looking for option, you could check andOTP (https://github.com/andOTP/andOTP) which is slightly more popular option and have few different feature (such as encrypt with PIN).

Well, you set pin instead of words in password field and same function in Aegis  Tongue

legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
Do you still recommend Aegis?

I still use and recommend Aegis, it works wonderfully with Firefox on both Android and PC.
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
Do you still recommend Aegis?

As @o_e_l_e_o said, Aegis is great 2FA software. But if you're still looking for option, you could check andOTP (https://github.com/andOTP/andOTP) which is slightly more popular option and have few different feature (such as encrypt with PIN).
legendary
Activity: 2268
Merit: 18711
Do you still recommend Aegis?
I switched to it a while ago, and I would absolutely recommend it. It is free, open source, encrypts your information, allows you to edit and re-order your entries, and supports encrypted back ups. It has ongoing development (https://github.com/beemdevelopment/Aegis), and it doesn't spy on you like some other 2FA apps such as Authy. It is recommended by both https://www.privacytools.io/#2fa and https://prism-break.org/en/categories/android/#authentication.

Even if you are utilizing the export encrypted back up feature, make sure that you also write down the shared secret codes for each account you add to Aegis as an offline backup. If you forget to do this at the time of adding the account, Aegis lets you go in to the account later and view the shared secret.
JL0
full member
Activity: 817
Merit: 158
Bitcoin the Digital Gold
Do you still recommend Aegis?
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
Even better than all that would be to not use Google Authenticator at all, and switch to an open source app with encrypted back ups built in, such as Aegis.

I think it's worth mentioning at this point that there there is an open source version of Authenticator at https://github.com/google/google-authenticator, but this by itself doesn't have backup support. Though I have seen browser extensions based off of this that can backup the IDs and secrets. Authenticator also has a Linux PAM module that I've seen deployed at some university facilities in real life.

Also, I will emphasize again that each and every authentication app is only as secure as the secret lengths fed into it by websites. No matter if you use Authenticator, Aegis, Authy or something else.

Here is the official Google Authenticator codebase (at least the open source part): https://github.com/google/google-authenticator-android/
This is the part of the code that handles secret entry. Notice how MIN_KEY_BYTES has a value of only 10 i.e. 80 bits: https://github.com/google/google-authenticator-android/blob/efac95c88ef8d9f8be3c887fbcd2c2fdf4f45dbe/java/com/google/android/apps/authenticator/otp/EnterKeyActivity.java#L121-L126
And this is the part of the code that hashes the secret into a 6-digit code: https://github.com/google/google-authenticator-android/blob/efac95c88ef8d9f8be3c887fbcd2c2fdf4f45dbe/java/com/google/android/apps/authenticator/otp/PasscodeGenerator.java#L152-L163

Clearly these code snippets indicate that while Google Authenticator supports more bits, it foolishly sets the minimum to 80 bits despite strict requirements by RFC 4226 (yes OTP is an RFC standard) to use at least 128 bits and recommends 160 bits, double the amount that Authenticator-aware web services use. Remember that web services are the ones creating these very small keys, not Authenticator.

So while OTP authentication provides strong security if used properly, Authenticator tokens fall very short of the minimum security requirements, so they were never secure to use in the first place. Again though, Authenticator supports more than 80 bits, it's just the web services don't make more bits.

It's worth noting that other TOTP authentication software works with the same sites as Google Authenticator, but are only as secure as the length of the secret key that the web service gives it.

Authenticator lets websites use at least 80 bit keys, I'm not sure about the minimum of Aegis though.
legendary
Activity: 2268
Merit: 18711
Your Google Authenticator back up codes should ideally be stored offline, written down a piece of paper and stored somewhere secure, much like you would for your bitcoin wallet seed phrase.

Be aware that depending what software you are using to "zip" your file, the password protection may be very weak and easily broken. If you absolutely must store your back up codes on a computer, you should be using proper encryption software to protect them.

Even better than all that would be to not use Google Authenticator at all, and switch to an open source app with encrypted back ups built in, such as Aegis.
hero member
Activity: 2520
Merit: 952
Found this from a similar new thread but I decided to comment here instead, Is this authenticator has a search feature? I have been using google authenticator for a long time I got so many websites with authentication so It will be convenient if it has a search feature to find it directly and lessen time to scroll. Anyways I will install this later thanks for sharing.

You meant to say searching the websites you would like to find the authentication code? If that so, they have that feature. Go to Settings > Enable "Search in account names" this will include the account name in the search results you are looking.
Google authenticator is very risky if you don't save the backup keys. But I always save mine at a notepad on Desktop..

I don't think saving backup codes in notepad is a good idea lol
Notepad + and Zip it with a password, Already made a copy on Flahshdrive and sdcard incase something bad happen to my Desktop. That is what I do, How about a suggestion? Do you have one it might help than just laughing without a good suggestion? How about you where do you save yours?


Sorry if I come out rude, I use password safe on my android it basically does the same thing as you mentioned, you put your data in it, encrypt with a password and put that backup file wherever you like.
full member
Activity: 1176
Merit: 162
Found this from a similar new thread but I decided to comment here instead, Is this authenticator has a search feature? I have been using google authenticator for a long time I got so many websites with authentication so It will be convenient if it has a search feature to find it directly and lessen time to scroll. Anyways I will install this later thanks for sharing.

You meant to say searching the websites you would like to find the authentication code? If that so, they have that feature. Go to Settings > Enable "Search in account names" this will include the account name in the search results you are looking.
Google authenticator is very risky if you don't save the backup keys. But I always save mine at a notepad on Desktop..

I don't think saving backup codes in notepad is a good idea lol
Notepad + and Zip it with a password, Already made a copy on Flahshdrive and sdcard incase something bad happen to my Desktop. That is what I do, How about a suggestion? Do you have one it might help than just laughing without a good suggestion? How about you where do you save yours?
full member
Activity: 798
Merit: 104
🎄 Allah is The Best Planner 🥀
I usually use Google Authenticator to guard my personal code As you only said the notepad doesn't give much protection. If there's a drag with the PC it's likely to be deleted there's no fear of losing Google Authenticator and nobody are going to be ready to easily enter your ID albeit you recognize your password. Because Google Authenticator has code when logging in That's why Google Authenticator may be a safe place to possess your own personal keys.
legendary
Activity: 2044
Merit: 1018
Not your keys, not your coins!
I don't think saving backup codes in notepad is a good idea lol
Notepad is a bad tool to store backup codes. As far as I know, notepad does not provide encryption. Important backup codes should be stored on technical devices (but always offline) and simultaneously stored on physical materials, like paper, steel (kind of metal), in vault.
Don't store them on cloud.
hero member
Activity: 2520
Merit: 952
Found this from a similar new thread but I decided to comment here instead, Is this authenticator has a search feature? I have been using google authenticator for a long time I got so many websites with authentication so It will be convenient if it has a search feature to find it directly and lessen time to scroll. Anyways I will install this later thanks for sharing.

You meant to say searching the websites you would like to find the authentication code? If that so, they have that feature. Go to Settings > Enable "Search in account names" this will include the account name in the search results you are looking.
Google authenticator is very risky if you don't save the backup keys. But I always save mine at a notepad on Desktop..

I don't think saving backup codes in notepad is a good idea lol
full member
Activity: 1176
Merit: 162
Found this from a similar new thread but I decided to comment here instead, Is this authenticator has a search feature? I have been using google authenticator for a long time I got so many websites with authentication so It will be convenient if it has a search feature to find it directly and lessen time to scroll. Anyways I will install this later thanks for sharing.

You meant to say searching the websites you would like to find the authentication code? If that so, they have that feature. Go to Settings > Enable "Search in account names" this will include the account name in the search results you are looking.
Yes, that is what I am looking thanks for the reply. Looks like I will migrate now. Google authenticator is very risky if you don't save the backup keys. But I always save mine at a notepad on Desktop but I guess this Aegis Authenticator offers much better options for recovery.
asu
legendary
Activity: 1302
Merit: 1136
Found this from a similar new thread but I decided to comment here instead, Is this authenticator has a search feature? I have been using google authenticator for a long time I got so many websites with authentication so It will be convenient if it has a search feature to find it directly and lessen time to scroll. Anyways I will install this later thanks for sharing.

You meant to say searching the websites you would like to find the authentication code? If that so, they have that feature. Go to Settings > Enable "Search in account names" this will include the account name in the search results you are looking.
full member
Activity: 1176
Merit: 162
Found this from a similar new thread but I decided to comment here instead, Is this authenticator has a search feature? I have been using google authenticator for a long time I got so many websites with authentication so It will be convenient if it has a search feature to find it directly and lessen time to scroll. Anyways I will install this later thanks for sharing.
sr. member
Activity: 826
Merit: 281
thank you for sharing about Aegis Authenticator, it really helped me move the code from another handphone to my cellphone because my cellphone sometimes got an error, because I used Google Authenticator, instead of demeaning or mocking but I also found it difficult to move it to another cellphone, thanks again friend.
mk4
legendary
Activity: 2870
Merit: 3873
Paldo.io 🤖
now it is not that easy to root mobile phone.
3- 6 years ago I rooted every phone I own. now, I do not even bother to do so. I guess I'm getting old, brothers!  Grin
Yeah. I remember.. It was way simpler with my Samsung Galaxy S3 back in the day. Right now chances are you're going to trip the Nox thing and you wouldn't be able to use some features/apps like Samsung Pay and such. I'm sticking with unrooted for now. Probably for security sake also.

by the way, installed Authy and made backup of codes, the app seems nice and easy to use.
Glad it worked out well!
hero member
Activity: 756
Merit: 507

Yep! Hence The Google auth app was widely recommended before when there's not that much good alternatives. As with a rooted phone + Titanium backup, that's what I did in the past too. It's nice to have in-app password encryption though; just a small extra layer of security.

If you're going to switch over and you have a rooted phone, switching over is going to be A LOT easier. Aegis has an "import from app" feature if you have a rooted phone. It can grab the backup codes off Google auth. I suggest trying it out.

now it is not that easy to root mobile phone.
3- 6 years ago I rooted every phone I own. now, I do not even bother to do so. I guess I'm getting old, brothers!  Grin

by the way, installed Authy and made backup of codes, the app seems nice and easy to use.
legendary
Activity: 1484
Merit: 1491
I forgot more than you will ever know.
Wow that's even better. I guess I will do that today then.
Pages:
Jump to: