I’ve been recently using Aegis for my TOTP code for Bitwarden.
I’ve also tried the 2FAS app.
The 2FAS browser extension is nice convenience.
But which is better and why?
Aegis is open source. And it’s been around awhile and is fairly widely used, so it has gotten a degree of scrutiny.
2FAS is proprietary and fairly new.
Personally I’d rather not trust my TOTP secrets to a proprietary closed-source app from a company I’ve never heard of.
Aegis is easy to use and does everything I need. I have it set up to export an encrypted copy of the database to local storage every time I change anything. The burden is on the user to back that up outside the device in case the device becomes unavailable, but that’s not a hard thing to do.
FYI, 2FAS has been open source since late January 2023, licensing page can be found here: 2FAS Open Source Licenses
1 Like
But which is better or is there practically no difference other than the browser extension feature in 2FAS.
I don’t use either, so I can’t say anything about the UI. But for redundancy, 2FAS also works on iOS, so if you have multiple kinds of devices, 2FAs may fit the bill better. 2FAs also seem to be more popular and has been around longer. Not sure if this says anything, longevity?
Source?
My perception is that Aegis has been around longer. It has certainly been recommended for a lot longer. 2FAS is only getting recommended recently after they took a step towards open source.
Hmm… Just looked at the google store. 2FAS: release: Aug 3, 2017. Aegis: Feb 9, 2019.
using Bitwarden Authenticator so which do you prefer? Thinking a browser extension while convenient but extensions are obviously a security issue. Didn’t Authy have a desktop app and removed all from every OS? 2FAS while being open sourced doesn’t allow for BWA import of tokens.
Hi and welcome to the community,
I am using 2FAS. It has a browser extension, but the secrets are stored solely on the phone. The extension receives the generated code from the phone, requiring user’s confirmation on the phone. The developers have stated that they will never develop a desktop version due to security issues associated with desktops.
Yes, Authy has removed all its desktop applications.
If I were to select a new authenticator now, my personal preference would not be BWA, because the encrypted backup may be iffy, depending on your phone manufacturer. A Pixel phone would likely have the highest chance of conforming to Google’s security model.
On the other hand, if you are already using BWA, it is on the roadmap to sync TOTP secrets between the password manager and the authenticator. This may be a convenient feature for some users, but not to me.