I use FreeOTP (https://freeotp.github.io). It’s available for Android and iOS, free and open-source and actually maintained by Red Hat. I've been using it for over a year now and haven't had any problems.
ah I didn't realize you were on iOS. I'm not very familiar with it but a cursory search showed me these 3 open-source 2FA tools:
all of them seem fine but you should probably try them out for yourself or wait for iOS insiders to give you an opinion before switching full-time.
Is this a proprietary MFA app, or is it compatible with generic TOTP and HOTP apps? If it's the second case (where you can just scan a QR code and go your way), use an open-source client like FreeOTP, it won't even use a network connection or read any files except its own stored token.
For proprietary MFA apps, if you use a VM it would instead have telltale signatures of not being a hardware device, which may/may not be what you want. The hard solution is to have a dedicated physical phone with no personal data stuck at home because mobile apps have various tricks to detect locations without IP.
Also, are you trying to hide the exact location (most IP geolocation only works on a city level) or your country? (ie, you're only allowed to work from the US, and you want to work from Mexico)
Alright so I've heard of FreeOTP+ soon after making the post. If I'm not wrong, it's said on the FreeOTP site that RedHat is sponsoring their work, but I don't know if that extends to its fork, FreeOTP+.
Have you tried using it beside Aegis?
I recommend continue with Auth. At least you can restore from backup. I tried Google Auth and Microsoft Auth but sadly they have no backups. Even though they say they are taking backups, it is a lie. I learned it via hard way.
If you want you can get Bitwarden Premium / on premise hosting, that way you can store your 2FA in addition to 1P.
I didn’t try other 2FA apps but I see recommendations for FreeOTP (it is sponsored by RedHat) https://freeotp.github.io
Can you use free OTP? It is an open source alternative.
FreeOTP implements open standards: HOTP and TOTP. This means that no proprietary server-side component is necessary: use any server-side component that implements these standards
https://freeotp.github.io checks the boxes for me: it’s open source, actively maintained, and sponsored by RedHat (ie there’s a company involved who would be embarrassed if it were a scam, and that company has a number of respected open source contributors of note).
That being said, I use Google’s. There are many legitimate reasons to not use Google services, but their TOTP app is not one of them.
FreeOTP is a two-factor authentication application for systems utilizing one-time password protocols. Tokens can be added easily by scanning a QR code. If you need to generate a QR code, try our QR code generator.
FreeOTP implements open standards: HOTP and TOTP. This means that no proprietary server-side component is necessary: use any server-side component that implements these standards. We recommend FreeIPA.
FreeOTP is sponsored and officially published by Red Hat. Pull requests on GitHub are welcome under the Apache 2.0 license. Feel free to review our privacy policy.
Sorry but that's not the point. While those examples didn't affect the average user, you surely are right that authy cannot be 100% trusted, as your (encrypted) data sits on their servers. You can use any other authenticator if you prefer, like FreeOTP. It was just a suggested app that I use and like.
Recommend you also spend time activating two factor authentication (2FA) on sites and services that you use.
Avoid SMS based authentication and use app based ToTP authentication which give you a rotating random 6/8 digit number to enter prior to logging in to a site.
Apps like andOTP / FreeOTP / Authy etc. are commonly used.
Bitwarden also has 2FA capabilities built in but it might be wiser to use a separate app for the 2FA process to avoid keeping all your eggs in one basket.
It sounds like you're talking about RFC2289 and you call it Google 2FA.
I understand you use the Google Authenticator app, but that's just the Google incarnation of an open standard.
So, in my opinion, you should say you implemented 2FA using OTP, but the fact that you use the Google Authenticator app is just a detail.
You could use your system with freeotp, for instance.
It's the same as using Google Authenticator, only the code is open source:
Keep in mind this is a red herring, and had nothing to do with OP's theft, as 2fa was disabled by Bitstamp.