This is an easy one.

The entire privacy policy of Aegis:

Aegis Authenticator does not collect any data from your device.

• Camera access is only used for scanning QR codes.

If you believe this policy has been violated, please let us know.

Relevant parts of Authy's privacy policy:

We use that phone number to identify you, to provide you 2FA services, and to maintain logs for security and anti-fraud purposes.

We may also send notices about Twilio products or events to you, but you may click on the unsubscribe link that will appear at the bottom of any of our marketing emails or you can contact customer support to opt out.

Device Information. When you download and open the Authy desktop or mobile app, we automatically collect information about the type of device you have downloaded the app on and your device identifier.

Login History and Authy Account History. When you use an Authy token to log into an account, whether the token was generated on the app or one sent to you via your phone number, we collect and keep information associated with your login activity including information like your IP address, what application you logged in to, that you logged in, and when. If you change your phone number or email associated with your Authy account, we will also keep a log of that.

Geolocation information. If you have location services turned on, we collect your location based on your IP address.

How we share personal data. In general, Authy shares personal data in the same way Twilio does (see How Twilio shares personal data for more).

From "How Twilio shares personal data": However, we do need to share it in some circumstances. These may be to provide you services (e.g., to route a call or send an email), or when necessary for our suppliers to provide services to us, or for another reason listed here, or share personal data for cross-context behavioral advertising.

However, Authy users should be aware that an application that integrates with the Authy 2-Factor API can access your phone number, email address, and user name. It will also be able to access your primary device type and information associated with your login activity to that application. It may also retain this information on its own servers. We may also share other information related to your account with that application to help them and us detect suspicious or fraudulent activity on your account.

The main point is that Authy is a company that hosts your data on their cloud and you can't know what they do with it. Aegis is local, but has the ability to create scheduled backups, which then you can sync to your own server or just copy it in different locations for safety.

Authy locks you in and intentionally makes it very hard to export keys. I made the mistake of using it once years ago and it was annoying to get out of it.

Aegis works the best for me, it is specifically for power users because it allows sharing of the seed phrase quite easily. So may not be for users who don't understand that part. But for me has been a godsend. I am trying to get my parents on a better 2fa standards. And it works because I scan and setup 2fa first on aegis and then share it to their authy. They find authy useful and I'm not worried about them accidently sharing seed phrase.

For backups, aegis does automatic backups to local storage and next cloud syncs it to my cloud. It is encrypted so you can use something like foldersync to sync it your gdrive or mega or something like that.

Aegis is not multi platform, but I honestly don't care, in my opinion it's better to have aegis on my phone and when I need to login from a desktop, looking up the code in phone is a separate device factor which adds on to the security. Meaning if somebody knew my passwords and stole my laptop, they'll still have to steal my phone to access 2fa. Different story if they steal my phone though.

Aegis may import and export seed with easy. I switch from Authy to Aegis just for this. It also have automatic backups. Authy only selling point was the sync function and maybe the bad desktop app. Now I had a double backup, the native function, and a synced keepassxc file with all the Aegis OTP exported for desktop use. KeepassXC support OTP export with QR so I can create there and export to Aegis if I want. Best solution ever.

Aegis gives you full control over your 2FA codes.

I remember thinking Authy was safe since it saves your 2FA codes to their cloud but learnt the hard way that if you lose your Authy-attached device/app, you'll have to wait a day or 2 (I think it was 48 hours IIRC) to get back your codes. Would be even worse if Authy decided that I was no longer the owner of my keys. As soon as I got my codes back I switched up to Aegis and never looked back.

Can someone give me a reason why I might want to move to Aegis from andOTP?

what works for others doesn't have to work for you, they suggest aegis because its open source and authy is not, on the other hand authy is multi-platoform and has builtin synchronization between devices, so there's the thing: you can rely on third party for backup in authy or back it up manually but where? some third party again? for me personally moving to aegis just because it's open source is a bit of a PITA, and minus being open-source, aegis is inferior IMO, no multi-platform sync, you don't have to take out your distraction device to input an OTP, there's a standalone PC app or browser addons

You might want to check out FreeOTP+, open source OTP client, all stored locally so be sure to backup everything from time to time.

I was using Authy for a few years until I started caring more about my online security and privacy.

I never heard of Aegis, but it seems like a good open source OTP client with automatic backups!

I moved my TOTP's from Authy to Bitwarden, where you can have access to your seeds and export if you want. But I believe this requires paying the $10 per year for Bitwarden premium (which I already had).

For me the choice is really easy: Aegis works, Authy crashes when it opens the camera 😂

I've been using Aegis for a while now and it never gave me issues. I set up automatic backups to a folder which is synchronized with my home server with syncthing so there's no risk of losing access to anything.

One more recommendation would be 2FAS, also open source

Aegis is not multi-platform so if that matters...does anyone have FreeOTP experience?

A third option is KeePassXC. You can set TOTP seeds for entries there.

Aegis lets you back up your TOTP seeds.

If you already use a password manager, why not use it for your TOTPs too? Someone already commented about bitwarden.

I use KeePassXC (on Linux) and KeePassDX (on Android) to store my TOTP secrets along with my passwords. Websites that have their input fields tagged correctly allow the browser addon/autofill service to let me autofill the TOTP too!

I've come from blindly using Google Authenticator, various game-specific TOTP apps, Authy, then Aegis, to finally looking up the TOTP spec, learning that it's just a set of default parameters and a seed, to storing it religiously in my password db, extracting the seed and params from a QR code if that's all I'm given.