Aegis Authenticator
★★★★★
I was very quickly impressed by how easy it was to switch from Google Authenticator, and how even if I wasn’t trying to cut down on my dependence on Google, it’s still better.
You can organize accounts into groups. That alone would make it worth switching, and now I don’t need to set up two non-Google apps to split work and personal two-factor authentication codes. You can also choose to hide codes until you tap on one (with double-tap to copy), and to protect the app behind its own password or a fingerprint scan. It’s also free, open-source, and works offline.
Aegis imports from several authenticator apps’ exported file formats. Rooted phones can import directly from another app. And it can import Google Authenticator’s QR codes in batches of 10. Yes, you can take a screenshot of the code to migrate on the same device. (Though you should try not to let that screenshot sync to the cloud!)
If you do set up a password to encrypt your 2FA vault, it will also offer to back up your vault locally or to a cloud account. This was you can restore from a bricked phone or move to another device. It doesn’t seem to recognize Dropbox, but does recognize Nextcloud. And you can optionally choose a different password to encrypt the backups.
Tuta recommend it in their latest Degoogling round-up of alternative apps and services, which is where I noticed it.
More info at Aegis Authenticator.
Available from Play Store, F-Droid.