We were actually already working on Aegis when we first found out about andOTP,
and the feature-sets seem to overlap quite a bit. For us, it's mostly about
security. andOTP does not support using fingerprint and password unlock at the
same time. With just fingerprint unlock, you run the risk of Android deleting
the key that is used to encrypt your tokens when changing the security settings
of your device, which means you lose access to all of your tokens. Aegis does
not have this issue, as it would still be possible to decrypt your tokens with
the password in such an event. This means you can safely use fingerprint unlock
with Aegis, while it is risky thing to do with andOTP.
andOTP also does some pretty scary stuff with regards to its use of
cryptography. It's been a while since I've looked at the code, but andOTP
appears to derive the key for the encryption of backups with a single iteration
of SHA-256, making a brute-force attack on backups a lot easier than it should
be. In another piece of the code it splits the output of PKBDF2, which also
gives attackers an advantage. The latter is not nearly as bad as the former, but
it's still bad practice.
Update (16-JUN-2021): This issue has long been fixed (more than a year ago). Please read my original reply below for more details. This update is just for clarification since people keep spreading outdated information by linking to this comment.
Original comment:
I sadly have to admit that the part about the crypto of andOTP being pretty bad is true. This is partially due to the fact that I had absolutely no clue about cryptography and very little coding experience when I forked it. In the beginning I just wanted to add backup functionality but then feature request kept comming in and it kind of snowballed from there. By the point I had enough experience to actually somewhat know what I was doing the code was already pretty bad, which is why I decided to rewrite everything from scratch rather than trying to fix it. Sadly I currently have basically no time to work on it, so this will have to wait.
Just wanted to explain the bad crypto a bit, now I'm off to download you app and play with it a bit. I'm glad to see that there are more open source 2FA alternatives emerging.
I just want to follow up on this and add that I just now finished fixing the backup encryption. It now uses proper key derivation (PBKDF2 with random salt and iterations). The next release will include this fix.
The second point, where the output of the PBKDF2 is split, is still the same. But as /u/beemdevelopment said, it's not nearly as bad as the backup stuff. This part of the code is also only used for the internal database, not for the backups, which should limit it's impact on security a bit (since getting your hands on the internal database file should be way harder than getting a backup file). Nevertheless it will be fixed at some point as well, I just don't have enough time to work on it right now.
Interesting to know about the cryptopgraphy. I've always wondered about the security since there doesn't seem to be many details out and I can't read code so...
Yeah, getting a good idea of the security is kind of difficult without a design document. We used to have one, but with the amount of changes our code went through, it got outdated pretty quickly, so we dropped it for now. This is something we'd like to revisit, so that other people can interact with Aegis' vault format in their own code.
There is an option to use device credentials, which allows you to unlock it with the already setup device FP and password combo at the same time. So you can use either pass or fp to unlock it
Making backups is still a manual process currently. When you click on "export", your vault is copied to a folder called "Aegis". You could then use a program like Dropbox or Syncthing to sync that folder to another device. We're planning on making this easier in a future release.
It could be the main reason for many people to use this app. Just set it and forget it. Authy syncs automatically. I would love to move away from it, but the possibility to forget backing up after adding a new account is unacceptable for me.
Fair enough. Implementing our on syncing logic is quite involved, but the simple thing we could do is automatically exporting the vault to a certain folder, and having an external sync service like Dropbox or Syncthing pick it up.
Keepass2Android does really good job at syncing. It's GPLv3, so you might look into it's source code, so you don't have to reinvent the wheel: https://github.com/PhilippC/keepass2android
Yes, at the very least try to implement this for now. But ideally it would be backed up along with the default Android backup or by manually integrating it with Google Drive (but Google may limit this type of functionality in the future).
Doesn't andOTP say the backup can be synced with Android backups? I think I saw the option in the settings. Might want to check it out.
I wanted to give this a go but it seems like it can't import from andOTP. I've tried plain text and encrypted back ups and none of them import into Aegis (get an error saying Aegis couldn't parse the files).
But outside of that it does seem like a nice app, good job.
Which version of andOTP are you using? It's possible that andOTP's format changed between versions, but maybe it's just a bug in our parsing logic. We'll take a look at this today.
I also just tested both encryption methods (KeyStore and Password/PIN) with and without encryption and I'm getting the same error
I really wanna test your app because I like the idea of using fingerprints and a password (especially since I've never been able to use fingerprints on andOTP, which always bothered me). If you can solve this issue I'd be more than happy to use it regularly for a while. I have a lot of codes and moving them all manually is quite the hassle at the moment.
Though if I find some time I might move some codes over just to give it a whirl anyway. In any case I hope this can be fixed.
Just wanted to let you know I decided screw it and manually input every code from a plain text backup into Aegis and I have to say I really enjoy it. Using my fingerprint to unlock the app is awesome and I didn't even know you could change the individual thumbnails of the entries, that's super dope. I think I'm going to stick with your app as my daily driver for now, thanks for all the work you put into it.
The only security feature I would ask for at this point, which andOTP has, is a way to hide the codes and only unhide them when you press the code you want. Though this isn't a major deterer, just a feature I really got used to in andOTP.
We're glad you like it! The andOTP import issue should be fixed in the new version we just released.
As for the tap-to-reveal request, we're tracking this feature request on GitHub in case you'd like to follow along: https://github.com/beemdevelopment/Aegis/issues/28.
We just want to let you know that we've published a new update of Aegis which includes tap to reveal. This will automatically hide all tokens and only show the desired token when you tap it. We've also added a timer for this so you can set it to your preference.
Works pretty well and the UI is way more polished than similar apps, but how do I migrate data from FreeOTP? I use FreeOTP+ which let you export the keys in a JSON file.
Sounds amazing, I currently use andOTP. But the lack of customizable icons and using fingerprint to unlock without any danger if I change my ROM bothers me enough. Thank you for it!
I have feature request: before using andOTP, I used Thenticator. And one thing I loved about this app was the compatibility with Android Wear (now Wear OS). Could you add this feature?
EDIT: Bug, maybe? I can't import my andOTP backup, I tried encrypted and unencrypted backup. I try and "An error occurred while trying to parse the json file".
EDIT 2: App Shortcut to read a QR Code not does anything.
> I have feature request: before using andOTP, I used Thenticator. And one thing I loved about this app was the compatibility with Android Wear (now Wear OS). Could you add this feature?
We've given support for Android Wear some thought before, but we're not sure if it's possible to add support for it in a secure way. This is a feature we'd also like to have though, so we'll definitely take another look at it at some point.
>EDIT: Bug, maybe? I can't import my andOTP backup, I tried encrypted and unencrypted backup. I try and "An error occurred while trying to parse the json file".
The andOTP import issue should be fixed in the latest release!
> EDIT 2: App Shortcut to read a QR Code not does anything.
That's odd, it works for us. Could you provide some more detailed reproduction steps?
About the app shortcut bug: when the app is locked, it's works fine after entry my password/fingerprint. But when unlocked, the App Shortcut opens Aegis normally, without directing me to the QR Code reading screen.
And another feature request (sorry!): Please add intents to use with Tasker to automate backup when I want.
Like the look and features, just not sure about the hassle of redoing the 20 I already have in Google's app. Wish there was a way to move them over with root or something.
Yeah, copying 20 tokens by hand is a pretty cumbersome. Importing from Google Authenticator is a definitely a feature we plan on adding, but it didn't make it into the initial release.
As far as I know you can't even copy them - don't you have to go back and disable/re-enable for all? I'll be sure to keep an eye on this. Importing ability and I'm in.
Ah, you're right, Google Authenticator doesn't even have the ability to reveal the secret. We're tracking this feature request on GitHub: https://github.com/beemdevelopment/Aegis/issues/29.
EDIT: We've published an update which allows you to import your tokens from Google Authenticator with root!
Would love to give it a shot but it's showing as incompatible on my chromebook (C302) and I need to be able to use the authenticator on multiple devices. Good luck with the app though. I hope to revisit it at a later date.
One request, right now if you tap on an item it opens a menu with copy, edit, and delete. Given that after you've set everything up, 99% of the time your going to want to copy, can you make tapping copy, and holding open the menu?
I would have to disagree with copying codes being uncommon. If you need to put it into a Web page or app on your phone, copy/pasting would be the easiest way. And many people have copy paste integrated between their phone and primary computer, in which case copy and pasting is again easier than typing out the code.
Additionally, you can just look at competing authenticators:
Google Authenticator copies on long press
Microsoft Authenticator copies on tap, and has copy in a drop down menu.
andOTP have copy buttons presented along side the codes, even when hidden.
If copying codes was uncommon then every single one of your competitors wouldn't priorities it so much in their UX. And it is currently slower to copy in Aegis than any of the authenticators I have listed.
Edit: and with the newly added hidden codes feature, it is even slower to copy, requiring a tap to reveal, hold to open the menu, then tap to copy. Compared to Authy, which also hides your codes, only requiring two taps (1 to reveal, 1 to copy).
Hello, I ve been testing the app. It looks better than FreeOTPplus that I was using. Automatic import didn't work but hopefully I didn't have to manually migrate many keys.
I have one question, how does one get the custom icons for each entry? Custom icons are showed on screenshots and are mentioned in the Readme but I still can't find out how to add them.
Thanks a lot for your work on the app - and for putting it Fdroid as well :)
As of the moment we are not aware of other 2FA apps supporting our format. So there is no way you can import our backups into other apps easily. However, since we support unencrypted backups you can read them in plain text and copy them over to other 2FA apps manually.
>Re-import it into Aegis as a restore ?
Yes. We added the ability to import from a handful different 2FA apps, including our own.
>What is the format ? Is it encrypted ?
The vault is stored in JSON and encoded in UTF-8 and can be stored encrypted. We've made detailed document describing Aegis' security design and file format. If you're interested in reading it, you can find it here.
Thank you. So I understand that's it's easy to protect against the risk of phone loss or other mishaps (just export the database, back it up on multiple disks and import it back into Aegis if needed), however how easy it is to transfer manually what needs to be transferred into another app ?
I had a look at your document, and it's a bit frightening. I'm a beginner at 2FA. Is it enough to copy, one by one, the "secret" item for each site ? I see many types of entries there. I can't make sense of many of them.
Seems like I'm late to the party. I just started using this authenticator but I'm wondering what the best policy is for the backups as I'm due to change my phone soon and want to be prepared. I can see that there is an export function, are these password protected? Can they be automated? Will the backups be included in the google back up? - if not should I consider a back up app? and if so what would you suggest?
I apologise for all the questions, and thank you in advance for any answers!
williamwchuang | 6 years ago
What does your app offer that AndOTP does not?
[OP] beemdevelopment | 6 years ago
We were actually already working on Aegis when we first found out about andOTP, and the feature-sets seem to overlap quite a bit. For us, it's mostly about security. andOTP does not support using fingerprint and password unlock at the same time. With just fingerprint unlock, you run the risk of Android deleting the key that is used to encrypt your tokens when changing the security settings of your device, which means you lose access to all of your tokens. Aegis does not have this issue, as it would still be possible to decrypt your tokens with the password in such an event. This means you can safely use fingerprint unlock with Aegis, while it is risky thing to do with andOTP.
andOTP also does some pretty scary stuff with regards to its use of cryptography. It's been a while since I've looked at the code, but andOTP appears to derive the key for the encryption of backups with a single iteration of SHA-256, making a brute-force attack on backups a lot easier than it should be. In another piece of the code it splits the output of PKBDF2, which also gives attackers an advantage. The latter is not nearly as bad as the former, but it's still bad practice.
We also think that Aegis has a nicer UX.
flocke000 | 6 years ago
Update (16-JUN-2021): This issue has long been fixed (more than a year ago). Please read my original reply below for more details. This update is just for clarification since people keep spreading outdated information by linking to this comment.
Original comment:
I sadly have to admit that the part about the crypto of andOTP being pretty bad is true. This is partially due to the fact that I had absolutely no clue about cryptography and very little coding experience when I forked it. In the beginning I just wanted to add backup functionality but then feature request kept comming in and it kind of snowballed from there. By the point I had enough experience to actually somewhat know what I was doing the code was already pretty bad, which is why I decided to rewrite everything from scratch rather than trying to fix it. Sadly I currently have basically no time to work on it, so this will have to wait.
Just wanted to explain the bad crypto a bit, now I'm off to download you app and play with it a bit. I'm glad to see that there are more open source 2FA alternatives emerging.
flocke000 | 6 years ago
I just want to follow up on this and add that I just now finished fixing the backup encryption. It now uses proper key derivation (PBKDF2 with random salt and iterations). The next release will include this fix. The second point, where the output of the PBKDF2 is split, is still the same. But as /u/beemdevelopment said, it's not nearly as bad as the backup stuff. This part of the code is also only used for the internal database, not for the backups, which should limit it's impact on security a bit (since getting your hands on the internal database file should be way harder than getting a backup file). Nevertheless it will be fixed at some point as well, I just don't have enough time to work on it right now.
MurkyFocus | 6 years ago
Interesting to know about the cryptopgraphy. I've always wondered about the security since there doesn't seem to be many details out and I can't read code so...
[OP] beemdevelopment | 6 years ago
Yeah, getting a good idea of the security is kind of difficult without a design document. We used to have one, but with the amount of changes our code went through, it got outdated pretty quickly, so we dropped it for now. This is something we'd like to revisit, so that other people can interact with Aegis' vault format in their own code.
Avrution | 6 years ago
I was looking into andotp, but didn't like the lack of a fingerprint option combined with a pin or password.
Nickdv9 | 6 years ago
There is an option to use device credentials, which allows you to unlock it with the already setup device FP and password combo at the same time. So you can use either pass or fp to unlock it
Avrution | 6 years ago
Yes, but that disables the ability to backup with Titanium, which is a must for me.
zaggo0 | 6 years ago
Seems to work well so far! What's the best way to automate backups of my vault?
[OP] beemdevelopment | 6 years ago
Making backups is still a manual process currently. When you click on "export", your vault is copied to a folder called "Aegis". You could then use a program like Dropbox or Syncthing to sync that folder to another device. We're planning on making this easier in a future release.
ddtoz | 6 years ago
It could be the main reason for many people to use this app. Just set it and forget it. Authy syncs automatically. I would love to move away from it, but the possibility to forget backing up after adding a new account is unacceptable for me.
[OP] beemdevelopment | 6 years ago
Fair enough. Implementing our on syncing logic is quite involved, but the simple thing we could do is automatically exporting the vault to a certain folder, and having an external sync service like Dropbox or Syncthing pick it up.
ddtoz | 6 years ago
Keepass2Android does really good job at syncing. It's GPLv3, so you might look into it's source code, so you don't have to reinvent the wheel: https://github.com/PhilippC/keepass2android
johnmountain | 6 years ago
Yes, at the very least try to implement this for now. But ideally it would be backed up along with the default Android backup or by manually integrating it with Google Drive (but Google may limit this type of functionality in the future).
Doesn't andOTP say the backup can be synced with Android backups? I think I saw the option in the settings. Might want to check it out.
drakehfh | 6 years ago
Maybe you could add webdav integration so the app would backup the database automatically to Nextcloud?
-Nosebleed- | 6 years ago
I wanted to give this a go but it seems like it can't import from andOTP. I've tried plain text and encrypted back ups and none of them import into Aegis (get an error saying Aegis couldn't parse the files).
But outside of that it does seem like a nice app, good job.
[OP] beemdevelopment | 6 years ago
Which version of andOTP are you using? It's possible that andOTP's format changed between versions, but maybe it's just a bug in our parsing logic. We'll take a look at this today.
Thanks for the kind words!
-Nosebleed- | 6 years ago
I'm using andOTP version 0.6.1
I also just tested both encryption methods (KeyStore and Password/PIN) with and without encryption and I'm getting the same error
I really wanna test your app because I like the idea of using fingerprints and a password (especially since I've never been able to use fingerprints on andOTP, which always bothered me). If you can solve this issue I'd be more than happy to use it regularly for a while. I have a lot of codes and moving them all manually is quite the hassle at the moment.
Though if I find some time I might move some codes over just to give it a whirl anyway. In any case I hope this can be fixed.
[Deleted] | 6 years ago
Thanks for the detailed response. I'll look into it later tonight.
-Nosebleed- | 6 years ago
Thanks for caring about the issue.
Just wanted to let you know I decided screw it and manually input every code from a plain text backup into Aegis and I have to say I really enjoy it. Using my fingerprint to unlock the app is awesome and I didn't even know you could change the individual thumbnails of the entries, that's super dope. I think I'm going to stick with your app as my daily driver for now, thanks for all the work you put into it.
The only security feature I would ask for at this point, which andOTP has, is a way to hide the codes and only unhide them when you press the code you want. Though this isn't a major deterer, just a feature I really got used to in andOTP.
[OP] beemdevelopment | 6 years ago
We're glad you like it! The andOTP import issue should be fixed in the new version we just released.
As for the tap-to-reveal request, we're tracking this feature request on GitHub in case you'd like to follow along: https://github.com/beemdevelopment/Aegis/issues/28.
EDIT: Tap to reveal is now available.
-Nosebleed- | 6 years ago
Can confirm the issue is no longer present! Also glad to see you're working on that feature, I'll be keeping an eye out.
[OP] beemdevelopment | 6 years ago
Hi Nosebleed!
We just want to let you know that we've published a new update of Aegis which includes tap to reveal. This will automatically hide all tokens and only show the desired token when you tap it. We've also added a timer for this so you can set it to your preference.
Please let us know what you think about it!
hig999 | 6 years ago
Nice, I like the design! Will try it out
tge101 | 6 years ago
Please let me know when you get it on f-droid, I'm interested
thosolbel | 6 years ago
Works pretty well and the UI is way more polished than similar apps, but how do I migrate data from FreeOTP? I use FreeOTP+ which let you export the keys in a JSON file.
rodrigoswz | 6 years ago
Sounds amazing, I currently use andOTP. But the lack of customizable icons and using fingerprint to unlock without any danger if I change my ROM bothers me enough. Thank you for it!
I have feature request: before using andOTP, I used Thenticator. And one thing I loved about this app was the compatibility with Android Wear (now Wear OS). Could you add this feature?
EDIT: Bug, maybe? I can't import my andOTP backup, I tried encrypted and unencrypted backup. I try and "An error occurred while trying to parse the json file".
EDIT 2: App Shortcut to read a QR Code not does anything.
[OP] beemdevelopment | 6 years ago
Glad you like it!
> I have feature request: before using andOTP, I used Thenticator. And one thing I loved about this app was the compatibility with Android Wear (now Wear OS). Could you add this feature?
We've given support for Android Wear some thought before, but we're not sure if it's possible to add support for it in a secure way. This is a feature we'd also like to have though, so we'll definitely take another look at it at some point.
>EDIT: Bug, maybe? I can't import my andOTP backup, I tried encrypted and unencrypted backup. I try and "An error occurred while trying to parse the json file".
The andOTP import issue should be fixed in the latest release!
> EDIT 2: App Shortcut to read a QR Code not does anything.
That's odd, it works for us. Could you provide some more detailed reproduction steps?
rodrigoswz | 6 years ago
Thanks you for the quick andOTP import fix!
About the app shortcut bug: when the app is locked, it's works fine after entry my password/fingerprint. But when unlocked, the App Shortcut opens Aegis normally, without directing me to the QR Code reading screen.
And another feature request (sorry!): Please add intents to use with Tasker to automate backup when I want.
occcult | 6 years ago
Trying it.
curionymous | 6 years ago
Any plans for an app for Windows? and possibly local network sync?
Avrution | 6 years ago
Like the look and features, just not sure about the hassle of redoing the 20 I already have in Google's app. Wish there was a way to move them over with root or something.
[OP] beemdevelopment | 6 years ago
Yeah, copying 20 tokens by hand is a pretty cumbersome. Importing from Google Authenticator is a definitely a feature we plan on adding, but it didn't make it into the initial release.
Avrution | 6 years ago
As far as I know you can't even copy them - don't you have to go back and disable/re-enable for all? I'll be sure to keep an eye on this. Importing ability and I'm in.
[OP] beemdevelopment | 6 years ago
Ah, you're right, Google Authenticator doesn't even have the ability to reveal the secret. We're tracking this feature request on GitHub: https://github.com/beemdevelopment/Aegis/issues/29.
EDIT: We've published an update which allows you to import your tokens from Google Authenticator with root!
darcmage | 6 years ago
Would love to give it a shot but it's showing as incompatible on my chromebook (C302) and I need to be able to use the authenticator on multiple devices. Good luck with the app though. I hope to revisit it at a later date.
SoapyMacNCheese | 6 years ago
One request, right now if you tap on an item it opens a menu with copy, edit, and delete. Given that after you've set everything up, 99% of the time your going to want to copy, can you make tapping copy, and holding open the menu?
[OP] beemdevelopment | 6 years ago
We are thinking about how to implement this. We're not sure if you created the issue on GitHub but you can follow the discussion here.
As the latest comment states: copying the code is probably not that common for most users. If it is, they're probably using 2FA incorrectly.
SoapyMacNCheese | 6 years ago
I would have to disagree with copying codes being uncommon. If you need to put it into a Web page or app on your phone, copy/pasting would be the easiest way. And many people have copy paste integrated between their phone and primary computer, in which case copy and pasting is again easier than typing out the code.
Additionally, you can just look at competing authenticators:
Google Authenticator copies on long press
Microsoft Authenticator copies on tap, and has copy in a drop down menu.
Last Pass Authenticator copies on tap
authy has a copy FAB on the code window
andOTP have copy buttons presented along side the codes, even when hidden.
If copying codes was uncommon then every single one of your competitors wouldn't priorities it so much in their UX. And it is currently slower to copy in Aegis than any of the authenticators I have listed.
Edit: and with the newly added hidden codes feature, it is even slower to copy, requiring a tap to reveal, hold to open the menu, then tap to copy. Compared to Authy, which also hides your codes, only requiring two taps (1 to reveal, 1 to copy).
Iolaum | 6 years ago
Hello, I ve been testing the app. It looks better than FreeOTPplus that I was using. Automatic import didn't work but hopefully I didn't have to manually migrate many keys.
I have one question, how does one get the custom icons for each entry? Custom icons are showed on screenshots and are mentioned in the Readme but I still can't find out how to add them.
Thanks a lot for your work on the app - and for putting it Fdroid as well :)
Zlivovitch | 6 years ago
Once you have exported the tokens file, can you :
What is the format ? Is it encrypted ?
[OP] beemdevelopment | 6 years ago
>Import it into another 2FA app ?
As of the moment we are not aware of other 2FA apps supporting our format. So there is no way you can import our backups into other apps easily. However, since we support unencrypted backups you can read them in plain text and copy them over to other 2FA apps manually.
>Re-import it into Aegis as a restore ?
Yes. We added the ability to import from a handful different 2FA apps, including our own.
>What is the format ? Is it encrypted ?
The vault is stored in JSON and encoded in UTF-8 and can be stored encrypted. We've made detailed document describing Aegis' security design and file format. If you're interested in reading it, you can find it here.
Zlivovitch | 6 years ago
Thank you. So I understand that's it's easy to protect against the risk of phone loss or other mishaps (just export the database, back it up on multiple disks and import it back into Aegis if needed), however how easy it is to transfer manually what needs to be transferred into another app ?
I had a look at your document, and it's a bit frightening. I'm a beginner at 2FA. Is it enough to copy, one by one, the "secret" item for each site ? I see many types of entries there. I can't make sense of many of them.
shinnokk | 6 years ago
Video about Aegis 2fa
noroom | 6 years ago
I really wanted to like this, but without one-touch copy like andOTP has, this is more cumbersome to use.
[Deleted] | 6 years ago
this app is amazing but the import from file doesn´t work on my phones
i wanted to test the import function, so i exported the database in Aegis and get a encrypted .json.
first problem, Aegis can´t import the encrypted .json, ok i found the decrypt.py script and have now the plaintext in a .json file.
when i try to import this file, the app put me right away to settings without a message or any changes??
tried it on lineage with the f-droid version and on an other phone via playstore, on both the same reaction
JackRedplay | 6 years ago
Is there a way to import my Authy codes to this app?
[OP] beemdevelopment | 6 years ago
Hi JackRedplay, thanks for your comment. Aegis currently only supports importing from Authy on rooted devices.
JackRedplay | 6 years ago
Shame.... it's gonna be a hassle
[OP] beemdevelopment | 6 years ago
Yes we know, but there is nothing we can do about this.
However it is possible to export your tokens from Authy using methods like these two:
After that you can enter these tokens in Aegis. Do note that we don't support using these methods out of the box and both are untested by us.
FTerrier17 | 6 years ago
Seems like I'm late to the party. I just started using this authenticator but I'm wondering what the best policy is for the backups as I'm due to change my phone soon and want to be prepared. I can see that there is an export function, are these password protected? Can they be automated? Will the backups be included in the google back up? - if not should I consider a back up app? and if so what would you suggest?
I apologise for all the questions, and thank you in advance for any answers!
hydraSlav | 6 years ago
Other than being open source, how is it different from Authy?
JoeFCaputo0113 | 6 years ago
How is this different from andOTP? Thanks!
Avrution | 6 years ago
See the previous comments on this