Aegis VS two-factor-auth

For 1Password I use a Yubikey, but for 2FA in general, I have a backup phone running Aegis[1].

[1] https://getaegis.app/

Bottom line is, why in the world would you use a mysterious closed source app when there are better options out there? 2FAS is one of the better ones. Aegis Authenticator is another good choice for Android devices.

You can enable 2fa with amazon I suggest you do that with a 2fa app like aegis, that will greatly increase the security of your account and require the 2fa code to login to your account.

Aegis Authenticator has been a lifesaver for me: https://getaegis.app/

I use Aegis[1] on mobile and OTPClient[2] on my computer, both are regularly backed up on change.

I do not use the TOTP feature in my password manager (though I can split it to new DB in keepassXC) as feel it will defeat the purpose of 2FA.

[1] https://github.com/beemdevelopment/Aegis

Google Authentificator → Aegis

It's really easy to integrate into websites as well. I did so a few years ago. The TOTP algorithm is just a few lines of code. I adapted this implementation https://github.com/j256/two-factor-auth at the time. There are similar libraries available for lots of languages.

You need a library like that and a way to convert an otp:// url into a QR code, for which there are many libaries as well. The rest is just implementing a sane UX around this. Storing the user's TOTP secret server side is a bit tricky. I suspect a plain text field in a database is quite common for this; which of course would be disastrous if that database were ever stolen. Secret stores don't scale for this as they tend to be designed for just a handful of secrets. We ended up encrypting these totp secrets using a key from our secret store.