Apps: Aegis
Last updated: September 17, 2025
What Aegis is an offline 2FA authenticator that supports TOTP/HOTP with an encrypted vault. Package: com.beemdevelopment.aegis.
Why on Zer0
- Keeps 2FA secrets local and encrypted (Argon2id + AES-256).
- No Google account required; works fully offline.
- Good export/import for controlled device migrations.
Safe use
- Set a long passphrase; enable biometric unlock only as convenience.
- Turn on hardware-backed keystore if available; enable auto-lock on app switch.
- Create an encrypted backup file; store offline; print provider recovery codes.
- Organize tokens by compartment (personal/work/burner); avoid cross-use.
Limits
- No automatic cloud sync by design; you must manage backups.
- Losing device and backup means loss of tokens.
Links
- Website/Docs: https://github.com/beemdevelopment/Aegis
- F-Droid: https://f-droid.org/
- Store: Andromeda Store
Verify
- Prefer install via F-Droid or our Andromeda repo (signed index).
- If sideloading an APK, verify the publisher's signing certificate fingerprint and checksum before install.
- After install, verify future updates come from the same signing key.
- See: Verify