BERLIN: From email providers to social media, there’s hardly a major online service left that doesn't offer two-factor authentication (2FA) for user sign-ins. It’s a method that increases the security of user accounts immensely.

Apple devices such as the iPhone come with the option of generating the confirmation codes, known as one-time passwords, that are needed to sign in. On Android smartphones, however, you have to install an app that generates the codes.

One simple and secure open-source app that does this on Android devices is called Aegis Authenticator. It’s available for free from the Play Store, as well as the major alternative, the F-Droid store.

Services and accounts that you want to secure using 2FA can also be included in Aegis Authenticator by scanning a QR code or entering the key (token) manually.

The app stores all the tokens in a securely encrypted form. If you need a one-time password to log in to a 2FA-protected service, you have to open and decrypt Aegis Authenticator using your fingerprint or a PIN code.

The app also provides safety in another crucial area by offering an encrypted export function for the tokens. You can – and should – save your collected tokens on another device at regular intervals. This will protect you if your smartphone is stolen or has technical problems.

Without a backup, your access to services and accounts can be lost forever. However, some service providers provide a so-called backup code during 2FA activation, which can be used to skip the 2FA query once in the event of token loss so that you can regain access to your account.

These backup codes should be considered as an additional protection against being suddenly locked out of an account. However, they shouldn’t be thought of as a replacement for a token backup from within a 2FA app. – dpa