What 2FA app you recommend?
Aegis, even if some services won’t support it you’re better off not supporting those services.
Las time I checked those that require a Microsoft or other propietary authenticator app that isn’t Google’s. They would force you to first use that propietary app and later export to Aegis. Correct me if I’m wrong, of course.
Just checked, you’re right about Google. Microsoft does allow you to use any app though. It’s funny that the “EEE” Microsoft is less anti-user than the “Don’t be evil” Google. But anyway, seeing how Google locks it down, I’m sure there must be others too. So you’re right
Still use Google Authenticator. I know there are alternatives out there that have other features but I’m a pretty strong believer that my 2FA shouldn’t be backed up digitally. I keep any recovery information offline and prefer it that way.
I’ve used andOTP and now Aegis (as a result of this thread). Neither require cloud backups.
I’ve used andotp for like 2 years. Why everyone is suggesting Aegis ? Did you find any major differences?
These apps are all pretty basic. I don’t see any major differences. It’s slightly more modern looking, and it checks a lot of boxes for people as far as being simple, open source, and available through multiple channels (Google Play being one). Apparently andOTP hasn’t had any updates in a while, but a 2FA app shouldn’t need many updates anyway.
Things I want in a 2FA app:
- Can scan QR codes
- Categories
- Hide all numbers except the one I tap on
- Countdown indication
- Import/Export
andOTP and Aegis both do all of this.
I’ve been happy with andOTP on Android.
Moved to Raivo earlier this year and it’s great. Unfortunately it was just sold to a private company, so I’m looking for alternatives. From the replies here, might try 2FAs
Android is easy, Aegis.
IOS is much harder. Right now, probably “2FAs”. Authy is owned by Twilio, Raivo was just bought out by an advertising company, and the others are either too small to get the exposure required for any level of security or charge for the feature.
It’s less that Twilio specifically owns it than problems resulting from corporate ownership. Briefly:
- You can’t get your data out of Authy. Actually you can, but it’s a long annoying process involving installing an out of date chrome extension and using developer tools.
- Privacy issues. Authy links a lot of data including location to your identity.
- Authy supports SMS account recovery (which is inherently insecure) and doesn’t allow users to disable it.