Have you ever wondered if your online accounts are truly secure, even with a robust password? Enter Two-Factor Authentication (2FA) – the superhero of online security.
Here’s the deal: 2FA adds an extra layer of protection beyond your usual password. Think of it as a portcullis for your digital fortress. Even if you use a strong password, 2FA adds an extra step to ensure your accounts stay impenetrable.
Now, why is this necessary? Well, the online world can be a tricky place. Services get compromised, and passwords, even the strong ones, might not always be as safe as we think. That’s where 2FA comes in handy, offering an additional safeguard against potential breaches.
One way to embrace the power of 2FA is through authenticator applications like Google Authenticator. These apps generate a Time-Based One Time Password (in short: TOTP), a fancy term for a code that’s valid for a short window, usually 30 seconds. It’s like having a secret code that changes now and then, keeping the bad guys at bay.
Now, with several 2FA options, the real question is: which one will suit you best? Let’s dive into the most obvious choices and find the perfect fit for your digital armor. Ready to make your accounts virtually indestructible? Let’s explore.
In the vast sea of Authenticators, ranging from big names like 1Password, Duo, FreeOTP, Google Authenticator, LastPass Authenticator, Microsoft Authenticator, to a myriad of others, it’s easy to feel lost.
But fear not! Today, we’re embarking on a journey to unravel the secrets of two intriguing Authenticators: Aegis and Authenticator Pro.
What sets them apart?
When it comes to selecting a two-factor authentication app, your criteria are clear: no vendor or app lock-in, easy backup/export of secrets, respect for privacy, and offline accessibility. Let’s dissect two contenders that align with your preferences: Aegis and Authenticator Pro.
Pricing & Open Source Transparency: Aegis and Authenticator Pro embrace the open-source approach, ensuring transparency and encouraging scrutiny from researchers. Both applications are available for free use.
Offline Access: Imagine being in a foreign land without Wi-Fi or mobile roaming. These 2 apps have your back by not requiring online access, ensuring your two-factor authentication remains accessible wherever you are.
Passcode Protection & Biometric Lock: Security is paramount. Both provide the safeguard of passcode protection and biometric locks, giving you control over access to your authentication codes.
Backup/Restore or Import/Export: Avoiding vendor lock-in is crucial. Aegis and Authenticator Pro shine bright in this regard, allowing you to choose the destination of your backups. With rooted Android devices, both goes a step further, enabling direct imports from various authenticator apps (for instance Google Authenticator, andOTP, Bitwarden, 2FAS, LastPass Authenticator and many more).
User Interface and Search Functionality: Efficiency matters, a sleek UI with search functionality is essential when managing multiple codes. These apps prioritize user experience, ensuring you can swiftly locate the right code when needed. Though Aegis provides a bit more flexibility in terms of customization options and also provides a more noticeable alert to users regarding changes that haven’t been backed up and it includes a warning feature that alerts users when they are using a password deemed too common thus insecure.
Privacy First: Privacy-conscious users will appreciate that neither Aegis nor Authenticator Pro sends your data to any server behind the scenes. Authenticator Pro explicitly says the following on their site: “No, Authenticator Pro generates codes offline, I have no access to your accounts. Use a recovery code to gain access. If you don’t have one, you must contact the support of the service you are using.”
Android Wear support: Authenticator Pro emerges as the frontrunner. Its offline functionality is a boon. It’s worth noting, however, that user experience on Android Wear may lack some intuitivity, such as the absence of a search feature for 2FA entries and the inability to swipe up or down for navigation between items. These nuances, though, don’t overshadow the unique advantage Authenticator Pro brings to the table for Android Wear enthusiasts. As technology evolves, understanding these intricacies ensures an informed choice aligned with your preferences and needs.
Here’s a comparison between Aegis & Authenticator Pro
| Application | Aegis | Authenticator Pro |
| Pricing | Free | Free |
| F-Droid | Yes, publicly | Yes, via IzzyOnDroid repository |
| Google Play | Yes | Yes |
| IzzyOnDroid | No | Yes |
| GitHub stars | 6821 | 2099 |
| Programming Language | Java | C# (Xamarin / Mono) |
| License | GNU General Public License v3.0 only | GNU General Public License v3.0 only |
| Total updates 2023 | 5 (1 pre-release) | 17 (4 pre-releases) |
| Unlock by | Password (scrypt) Biometrics (Android Keystore) | Password (64K iterations PBKDF2-HMAC-SHA1 SQLCipher 3.0.0) Biometrics (Android KeyStore) |
| Vault stored in | .json | SQLite |
| Screencapture prevention | Working on a rooted phone | Working on a rooted phone |
| Supporting Algorithms | HOTP TOTP MOTP Steam YAOTP (Yandex) | HOTP TOTP MOTP Steam YAOTP (Yandex) |
| Organization | Advanced entry editing Alphabetic/custom sorting Custom or auto-generated icons Group entries together Search by name/issuer | Advanced entry editing Alphabetic/custom sorting/copied Custom or auto-generated icons Category entries together Search by name/issuer |
| Makes use of | X | googleapis.com * issuetracker.google.com * *only when necessary |
| Backup | to encrypted file Android cloud backup | to encrypted file unencrypted HTML file unencrypted URI list file Android cloud backup |
| Backup encryption | AES_GCM (no padding) Key derived via Argon2id | AES_GCM (no padding) Key derived via Argon2id |
| Import from file | 2FAS Authenticator Aegis Authenticator Pro Authenticator Plus Authy Battle.net Authenticator Bitwarden Duo FreeOTP FreeOTP+ Google Authenticator LastPass (not officially) Microsoft Authenticator Plain text (URI) Steam TOTP Authenticator WinAuth | 2FAS Authenticator Aegis Authenticator Plus andOTP Authy Battle.net Authenticator Bitwarden FreeOTP FreeOTP+ Google Authenticator LastPass Authenticator Microsoft Authenticator Plain text (URI) Steam TOTP Authenticator WinAuth |
| Import from app (requires root access) | Authenticator Pro Authy Battle.net Authenticator Duo FreeOTP FreeOTP+ Google Authenticator Microsoft Authenticator Steam TOTP Authenticator | |
| Export | Aegis (.JSON) Web page (.HTML) Text file (.TXT) Google Authenticator (Via QR) | |
| Transfer entries | Via QR Code Copy URI (no warning) | Via QR Code Copy URI (warning) |
| Password complexity | Warning when using common passwords | No warning when using common passwords |
WHY? ????
As of today, the default configuration for the vast majority of Time-based One-Time Password (TOTP) setups continues to be TOTP with SHA-1, a 30-second time interval, and a 6-digit code.
As you embark on the journey of fortifying your digital security, Aegis and Authenticator Pro emerge as reliable companions, offering a blend of transparency, accessibility, and robust privacy features. Which one will be your guardian of authentication? The choice is yours.
Start preparing for the broader adoption of passkeys soon.
Leave a Reply