this post was submitted on 29 Aug 2023
87 points (95.8% liked)

Open Source

31363 readers
225 users here now

All about open source! Feel free to ask questions, and share news, and interesting stuff!

Useful Links

Rules

Related Communities

Community icon from opensource.org, but we are not affiliated with them.

founded 5 years ago
MODERATORS
 

Hey y'all!

I've been using Authy for some time now (switched from Google Authenticator) but an increasing amount of people is suggesting Aegis over Authy in some posts here at Lemmy and that got me curious.

Was wondering what would be the main selling points for one to use Aegis instead of Authy, can somebody help out?

Thanks in advance!

you are viewing a single comment's thread
view the rest of the comments
[–] eager_eagle@lemmy.world 5 points 1 year ago* (last edited 1 year ago)

that way your OTPs are less secure

Aegis backups are encrypted. One could argue that storing OTP seeds in someone else's server is even less secure, which is what Authy does.

because of security

Yeah, I read that too when choosing OTP managers and I'm not convinced. These security reasons they give to practice vendor lock-in just sound very convenient to them. They could very well add a secure bidirectional data import/export functionality like Aegis does. If they are really concerned about account takeover, they can confirm user identity, add delays with notifications before exporting, or add any similar bureaucracy. But if password managers allow exporting entire vaults, an MFA app can allow the same for OTPs.

And I insist on this feature because manually resetting over 40+ MFA codes that I have because there is no export feature is a REAL PITA.