88
Aegis vs Authy
(lemmy.ml)
All about open source! Feel free to ask questions, and share news, and interesting stuff!
Community icon from opensource.org, but we are not affiliated with them.
what works for others doesn't have to work for you, they suggest aegis because its open source and authy is not, on the other hand authy is multi-platoform and has builtin synchronization between devices, so there's the thing: you can rely on third party for backup in authy or back it up manually but where? some third party again? for me personally moving to aegis just because it's open source is a bit of a PITA, and minus being open-source, aegis is inferior IMO, no multi-platform sync, you don't have to take out your distraction device to input an OTP, there's a standalone PC app or browser addons
After having issues moving away from Google Authenticator, portability became one of the requirements I was looking for in an MFA tool; that immediately discarded Authy to me.
I don't have sync using Aegis, but I know my codes are backed up to at least 3 different locations I control, and I can either set up a new device when I need, or ditch Aegis altogether if they start making stupid choices.
do you mean you can migrate directly from aegis to another app? for me it's a flaw, that way your OTPs are less secure, Authy distinctly states it has no such feature because of security, many other apps don't have export feature because of that yet Aegis developers boast about it
I'd guess that it doesn't make a huge difference in terms of security.
Surely both apps encrypt the seeds they store, and surely you can't export seeds from Aegis before decrypting them (pin, password or biometric). If someone has your credentials (or encryption keys) to both these apps, and especially if they have physical access to your phone too, there will be ways of accessing the seeds whether there's an export function in the app or not.