# Aegis Authenticator — Secure Open-Source 2FA for Android

> A free, secure, and open-source two-factor authentication app for Android with encrypted vault storage and flexible import/export options.

## Install

Save as a script file and run:

# Aegis Authenticator — Secure Open-Source 2FA for Android

## Quick Use
```bash
# Install via F-Droid or download from GitHub releases
# Import tokens from other apps using the built-in migration tool
```

## Introduction
Aegis Authenticator is a free and open-source two-factor authentication app for Android. It stores TOTP and HOTP tokens in an encrypted vault, giving users full control over their 2FA credentials without relying on proprietary cloud services.

## What Aegis Does
- Generates time-based (TOTP) and counter-based (HOTP) one-time passwords
- Encrypts the token vault with AES-256-GCM using a user-chosen password or biometrics
- Imports tokens from Google Authenticator, Authy, Microsoft Authenticator, and other apps
- Supports scanning QR codes or manual entry for adding new accounts
- Provides automatic backups to user-selected storage locations

## Architecture Overview
Aegis is a native Android application written in Java. It uses a local SQLite database wrapped in an encrypted container (AES-256-GCM) as its vault. The app runs entirely on-device with no network calls for token generation, ensuring air-gapped security for credential storage.

## Self-Hosting & Configuration
- Download the APK from GitHub releases or install via F-Droid
- Set a vault password on first launch to enable encryption
- Enable biometric unlock for convenience while keeping encryption active
- Configure automatic backups to local storage or a cloud-synced directory
- Use the export feature to create encrypted or plain-text backups for migration

## Key Features
- Fully offline operation with no cloud dependency
- Groups and icons for organizing tokens by service or category
- Dark mode and Material Design UI with search functionality
- Panic trigger support to wipe the vault in emergency scenarios
- Compatible with any standard TOTP/HOTP service

## Comparison with Similar Tools
- **Google Authenticator** — no encryption, no export, limited backup options
- **Authy** — cloud-synced but proprietary and closed-source
- **andOTP** — similar open-source approach but no longer actively maintained
- **FreeOTP** — minimal feature set without vault encryption
- **Bitwarden Authenticator** — requires Bitwarden ecosystem for full functionality

## FAQ
**Q: Can I use Aegis without a password?**
A: Yes, but vault encryption will be disabled. A password or biometric lock is recommended.

**Q: Does Aegis sync across devices?**
A: Not natively. You can export an encrypted vault and import it on another device manually.

**Q: What happens if I forget my vault password?**
A: The vault cannot be recovered without the password. Keep a backup of your encrypted export file.

**Q: Is Aegis available for iOS?**
A: No, Aegis is Android-only. Alternatives like Raivo OTP serve the iOS ecosystem.

## Sources
- https://github.com/beemdevelopment/Aegis
- https://getaegis.app

---
Source: https://tokrepo.com/en/workflows/asset-87baf9fc
Author: Script Depot