AndOTP: Open-source two-factor authentication for Android

by xrisk on 9/15/2019, 10:30 AM with 36 comments
  • by gravitas on 9/15/2019, 12:57 PM

    A little bit ago in another HN article (https://news.ycombinator.com/item?id=20232164) where AndOTP popped up, a link was shared with a nice discourse between the AndOTP author and a newer one, Aegis:

    https://old.reddit.com/r/androidapps/comments/b45zrj/dev_aeg...

    AndOTP isn't seeing a lot of development, but Aegis is moving like gangbusters and recently passed the 1.0 mark. Thanks to that HN trail of info, I've switched from AndOTP to Aegis:

    https://github.com/beemdevelopment/Aegis

    The Aegis devs have been doing a bang up job and the app is worth a look, it can import your AndOTP (and other apps) data. This is not a slight against AndOTP, just what I personally see as a natural progression based on that reddit thread above.

  • by NilsIRL on 9/15/2019, 12:58 PM
  • by dastx on 9/15/2019, 4:09 PM

    Is there a reason people don't use their password manager for OTP? In my case I'm using 1Password, which supports OTP but I know most other password managers support it too including clients for Keepass.

    I guess there is the issue of your password manager being compromised but honestly I'm way less worried about that than website x or y getting compromised.

  • by edent on 9/15/2019, 12:35 PM

    I use this extensively. Took a little while to swap all my codes from Authy - but well worth it.

    Simple app, encrypted backups, and open source. What's not to like?

  • by ggm on 9/16/2019, 12:49 AM

    Being able to move without having to hold Q/R codes is good. I have to maintain PGP encoded (and keystore held) images of screengrabs of Q/R codes because very few of the OTP out there want to acknowledge you might want to move a 2FA to another system.

    These are not secrets which have to stay locked in one cupboard. They are secrets which might stay locked in several cupboards: I have two phones. Is it not sensible to share the Q/R initialized state amongst them?

  • by naranja on 9/15/2019, 12:50 PM

    I still prefer the much simpler FreeOTP+. Just start, tap and go. Can be easily backed up and restored: either via Import/Export or plain Titanium Backup.

  • by coderobe on 9/15/2019, 1:33 PM

    Been using AndOTP for months and i love that it supports android's keystore and device credentials for authentication. I had switched to it from Authy, which was quite heavy.

    Aegis' design looks a lot less dense than AndOTP on the screenshots, though it seems to be widely recommended. I'll have to check what that's all about

  • by rlvesco7 on 9/15/2019, 7:37 PM

    The best AndOTP feature for me is the fact that it integrates with OpenKeyChain thus allowing the use of PGP keys for backups. I also wish there were more apps that use OpenKeyChain. For example something that allowed notetaking.

  • by shmerl on 9/15/2019, 7:39 PM

    Yep, it's pretty good. For regular Linux I can also recommend oathtool: https://www.nongnu.org/oath-toolkit/

  • by 8K832d7tNmiQ on 9/15/2019, 3:11 PM

    I used to use this app frequently until my workspace required me to switch to iOS. I need to manually set all my OTPs to OTP Auth due to its backup incompactibility. Does anyone knows a way to do that?

  • by nkootstra on 9/15/2019, 7:01 PM

    Another alternative is: https://github.com/tijme/raivo

    Unfortunately it's only for iOS

  • by snvzz on 9/15/2019, 12:56 PM

    I have used this for years. I don't know a better solution.

  • by pkstn on 9/16/2019, 5:13 PM