Aegis only enables Google Backup if one has a password encryption key set in the app. Thus, the Aegis data goes to the cloud encrypted. Google Backups have no user interface and are available only during brief windows, whereas if one does an Ente backup to the cloud, your username/password and maybe TOTP are in front of that data and like any online web account.
You don’t even need to use Google Backup. if you have a workflow where Android files are moved off device regularly, you can have Aegis drop backups to a file location. Aegis can version them from a count of 5 to infinity.
Aegis is very flexible and has superior backup options.
Edit: a week after posting this, Ente Auth enables local backups to any folder on the device. They have to be manually started though. And one needs to copy those files off the phone routinely. Half a step closer to Aegi’s more advanced backups.
With my company, we force our users to set-up 2FA (which should be standardized anyway) and because we use M365, MS Authenticator is the easiest choice. Even if it’s installed on their own device, the IT department is in charge of securing their accounts. However, we don’t force our users to use MS Auth specifically. If there’s a single person who asked me if they can use Ente Auth instead, the answer would be yes!
Anyone who can raise issues to IT against their policy for Microsoft Auth only can easily and objectively prove why Ente Auth is better to use and why they ought to change.
It’s always worth a shot.
(this comment is for everyone, not necessarily directed at you but your comment did inspire me to mention this)
The codes are also stored locally because for some reason if you want to sync your 2FA codes, you have to use a PERSONAL MS account. So you could use it offline if it’s a privacy/security concern.
They codes sync with your account as soon as you add them in in MS Auth app and is sent to MSFT. Atleast sometime back this was proven. Now I don’t know where I saw it but I do remember this and I only remember this because it was a legitimate reputable source.
You should never trust Microsoft’s privacy. They do not have any, as much as they would like you to believe. They have a “privacy” policy so you can consent to everything non private things they do. The word has lost all meaning in the realm of big tech.
Even if that’s the case, if you have to use MS Auth (and you can’t successfully challenge your IT department to use a different app), then it should be for work use only. We have many posts about using Google or MS for work or school and the consensus is usually compartmentalization.
Maybe not a Personal account. On Android, one could have a Work Profile set up and apps installed there that are sort of under the employer to manage. MS Auth running in that profile could sync with the work 365 account and be managed such.
It might also be possible to have MS Auth in a personal profile log in with a work 365 account, if the employer set the options for such (assuming such options do exist).
My employer uses Okta, which looks like a TOTP code, but it’s proprietary. Thus I have Okta as a work app with work TOTP codes, and separated from my personal data. A better way, IMO.
Yeah, I agree with setting up a work profile. I was just talking about syncing your 2FA codes between devices. You can’t do that with a school or business account, so when a user gets a new device, we have to reset their 2FA.
So, do you consider Aegis to be more private than Ente Auth? I’m considering Aegis because there aren’t many cloud-based TOTP auth apps to compare among them.
I don’t have any issues with Ente Auth, but I’m concerned about the cloud sync facility. Cloud-based password managers are known for their services, but I think Ente has become more popular for their Photos app than for their Auth app. Also, I’ve read thousands of comments, and the majority suggest using Aegis since it stores data locally.
Yes, I’ve seen that option. Sadly, I have not set up any workflow, so I have to sync the database manually from one device to another, but that’s not a big problem since I rarely update the database.
I consider Aegis and local non-cloud Ente to be essentially equivalent privacy-wise. I mentioned earlier that Aegis has robust backup features to choose from and that reduces friction.
Why not just try both and see what you like better?
I recently switched from Aegis to Ente Auth because of his web version.
If I lose my phone and I can’t access my backup right away I have the web service always available.
Actually, I wanted to know whether I should keep my secret keys on an encrypted cloud or in local storage. I mentioned Aegis because it’s the most popular among locally stored 2FA apps and Authy among cloud-based 2FA apps.
Multi-device usage is my major consideration after privacy, but that doesn’t mean I’ll use a service with lesser privacy. Thanks to you, I think I should choose Aegis.
Also, I found this comment from another post that helps me strengthen my decision.
Do think of recovery scenarios. Your phone falls into a pond, or gets crushed or lost. And how’d you recover in those situations. I heartily recommend getting local data and especially password and TOTP keys, data you can’t afford to lose off the device and ideally into a 3-2-1 backup media - 3 copies, 2 different media, 1 in a different time zone. [I think that’s the delineations, heh]
I personally use https://stratumauth.com because I have some many codes to keep track of they have a compact view that fits my needs and importing and exporting is easy. All local on-device.