Aegis Authenticator is an app for multi-factor authentication that offers a lot of different ways to secure and speed up your workflow. It doesn't collect any data on Android phones, and it is easy to import and export tokens with other authentication apps. Most impressively, Aegis doesn't reveal your tokens when you open the app. The codes are encrypted until you unlock them using a password or biometrics, making the app ultra-secure. The only real drawback is limited availability—the app only runs on Android devices, so there's no support for iPhone or other Apple products. Even so, Aegis Authenticator easily earns our Editors' Choice award for multi-factor authentication on Android devices.

Getting Started With Aegis Authenticator

Aegis is only for Android devices. No desktop, iOS, or wearable versions are available. I tested it using a Samsung Galaxy A71 5G.

(Credit: Aegis/PCMag)

After installing it, the app asked me to create a password or use biometrics, such as a face or fingerprint scan, to unlock my vault. This extra layer of protection can prevent unauthorized access to your vault. After setting a password, navigate to the Settings menu and set up a separate password for decrypting backups and exports. That way, even if someone has the password to your token vault, they still can't access your data. I do not recommend the option that doesn't require any form of authentication before opening the vault, because that makes it less secure. It's worth noting that this is the default option for similar apps, such as Google Authenticator.

Signup Requirements

The app does not offer options to create or sign up for an account, which is ideal. Generating tokens isn't a data-hungry process, so I like apps in this category that don't require email addresses, phone numbers, or other information.

Data Collection Policies

According to the Google Play listing for Aegis Authenticator, the app does not collect any data. The app's privacy policy is just three sentences long and states that it only requires camera access to scan QR codes, which appears to be accurate. It's a refreshing change, as it's not unusual for authenticator apps to collect location data, as I've seen from Microsoft Authenticator. Similarly, Google Authenticator requests data from six different app categories, including your Contacts list and photos.

Hands On With Aegis Authenticator

The app's default interface has a black, gray, and white layout with easy-to-navigate menus. Screenshots are disabled by default, a helpful feature I've also seen in 2FAS. As you peruse the menus, the Appearance section allows you to adjust the color scheme. I changed mine to match the test phone's background and color settings.

(Credit: Aegis/PCMag)

In the Behavior section of the Settings menu, you can change how you interact with the tokens the app generates. For example, there's a setting that immediately minimizes the app after copying a token. That way, the numbers are visible for the least amount of time, shoulder surfers don't get a chance to read your codes, and you don't have to remember to close the app window on your phone. This setting worked well in testing.

I didn't have such luck with other Behavior settings, though. I enabled a setting that lets me highlight a token to make it easier to see while entering it. I also enabled a separate setting that freezes the token while it's highlighted, so I wouldn't race against a timer while entering the code. Unfortunately, these settings didn't work as expected during my testing period. The token did not stay highlighted when I tapped it, and the code did not freeze.

Creating a new token was easy, though, and you can do it by scanning a QR code or an image, or by manually entering a code to connect the app to your online account. I enabled multi-factor authentication on my test social media account and successfully logged in using the code generated by Aegis. To view your login history in the app, open the Security menu and select Audit Log.

(Credit: Aegis/PCMag)

I like that you can quickly delete your tokens if they're in danger. A setting in the vault allows you to use Ripple, a panic button trigger from the Guardian Project, to delete your token vault instantly.

Backing Up Account Info

With Aegis Authenticator, you can create an auto-backup schedule or set reminders to save your data locally or to external storage. It's a good idea to back up your data so you can log in to your accounts with a new phone if your old one is lost or stolen. Visit the Settings menu to explore those options.

Token Exporting and Importing

(Credit: Aegis/PCMag)

In an unusual but welcome move, Aegis can import token lists saved by other apps as plain text files. It can process special files from 17 competing apps, including 2FAS, Authy, Battle.net Authenticator, and Steam. You can also import tokens directly from another app if it's installed and you're willing to grant Aegis Authenticator root access, which involves a bit of trust. I recommend sticking with the file import option, which worked well during my tests.

You can also export your token list to use it in another app. I successfully imported the Aegis list to Google Authenticator, for example. I also like that you can long-press on a token in your vault and generate a QR code to transfer the individual account token to a different authenticator app. Only Stratum allows easy exports and imports like Aegis. The rest of the apps I've reviewed only support exporting to the same app on a different device, or they're import-only.