Hello! I'm in the process of slowly de-googling my life and taking my privacy more seriously.
I currently use Google Authenticator for 2fa at the moment.
I am currently dreading swapping those to Aegis, which requires a password every time I want to use it (that's very inconvenient, to be honest) while with Google's I can just open the app and get the necessary code right away; no password required.
Should I just stop being lazy, suck it up, and make the switch? I know I'm being a bit of a baby.
Edit: Okay, apparently I can use my fingerprint scanner instead, which is a LOT better, so I'll stop being a lazy shit and do the swap tomorrow. Cheers!
Final Edit: I made the switch to Aegis. Already made a backup, and I have Biometrics setup. Ty everyone!
You can use biometrics instead of a password. Also, Google Authenticator not having a password requirement is a massive security risk to me. A 2FA app, just like a password manager should ABSOLUTELY be protected with passwords/biometrics.
I self host on my Synology and getting the reverse proxy with the webhook setup properly was such a PITA it took me giving up for a couple months and coming back to it to finally get set up. Turns out I was looking in the wrong place for security certs the whole time 🤦
Everyone has already mentioned the biometrics, but I think even without that you still should have to suck it up if you want to improve your security.
Also, I think it's worth the hassle of changing to Aegis since you can make backups of your vault pretty easily, something which Google authenticator doesn't provide.
The only option in that app is cloud sync which IIRC isn't encrypted in any way, so your keys are being sent to you-don't-no-where via you-don't-know-how in plain text.
Aegis gives you the option to sync your vault with an encrypted file which you can then import into other Aegis install (I don't know if it has the option to sync an unencrypted version).
I remember losing Google Authenticator data when I had to format my phone. This was years back and didn't have too many accounts setup. With Aegis I have an offline encrypted backup of all my 2FA codes so this is no longer a possibility. Before Aegis I was tempted to use Authy before I had to wait 24hrs to gain my access back after I reset my phone.
2FA on Android has always sucked (lazily created; app data CANNOT constitute and/or subsitute device trust). I wish I had got on to Aegis earlier.
You can also check out 2FAS, which recently got open-sourced. It comes with browser plugins to autofill 2FA pushed from the phone on request. Makes it a lot more convenient if you need another reason to switch.
Apparently you can use biometrics instead of a password each time you require access. Not sure if that still seems like a bother or not, I personally do not mind.
𝐄𝐝𝐢𝐭: Some one else already beat me to this answer, haha.
But I don't reccomend it.
I may be too paranoid, but recover a fingerprint (physically, non from the OS) from a lost/stolen phone is pretty easy and this is why I never suggest to use fingerprints to login to banks app and authenticate transactions.
At least use a 6 digit pin for Aegis.
I use aegis as the otp for bitwarden and keepassxc. Currently trying to migrate bitwarden and just use keepassxc while syncing the db to my nextcloud and backup onedrive.