Aegis Authenticator is the 2FA app we recommend on Android to anyone who values privacy + local-first architecture.
Why Aegis over Google Authenticator:
- Open-source (audit-able by anyone)
- Encrypted backup with master password (Google Authenticator backup is unencrypted)
- Biometric unlock
- No telemetry
- Available on F-Droid (no Google services needed)
Why Aegis over Authy:
- Authy syncs codes to their cloud (privacy trade-off for convenience)
- Authy account closure 2024: anyone using Authy needs to migrate
- Aegis keeps codes 100% local (more secure, less convenient)
- Manual backup export is the trade-off
Setup workflow:
- Install from F-Droid or Google Play
- Set strong master password (biometric secondary)
- Import codes from old authenticator (scan QR codes one-by-one from old app)
- Enable encrypted backup: Settings -> Backups -> Backup destination + Encryption ON
- Copy backup file to Bitwarden / 1Password attachment for emergency
vs Bitwarden TOTP (Premium $10/year): Bitwarden has TOTP in-app. Convenient but means one app holds both passwords AND 2FA codes (single point of failure). Aegis separate adds defense-in-depth.
vs 1Password TOTP: same as Bitwarden — 1Password has TOTP. Same single-app concern.
Recommendation for max security: Aegis (Android) or Raivo OTP (iOS) for codes, separate from your password manager. For convenience: 1Password TOTP if you already pay for 1Password.
iOS alternative: Raivo OTP, 2FAS Auth, or Bitwarden Authenticator (free standalone app). All comparable to Aegis on Android.