Two-factor authentication (2FA) has become standard practice when it comes to online security, but threat actors can still find a way to trick unsuspecting users and steal your valuable private information. With an authenticator app, however, you can fortify your cybersecurity measures and make logging in a breeze.
As with just about everything, there are app solutions to deal with 2FA. These are called authenticator apps, which offer a secure way to sign into accounts and applications with a one-time password verification code. Chances are you have come across this form of online security before, as this form of account verification is often used in mobile banking apps — but who said all your other accounts aren’t as important?
Everything from social media accounts to cryptocurrency wallets are at risk, especially for those who use their phone number to receive authentication. In fact, there’s a very good reason why you shouldn’t use your number for 2FA on crypto accounts. Whether you’re worried about phishing scams snooping around for your password or don’t want to risk a malware attack, read on to discover the best authenticator apps to stay secure online.
What is two-factor authentication?
Multi-factor authentication (MFA) is a digital authentication method used to confirm the identity of a user to allow them access to a website or app through at least two pieces of evidence. Two-factor authentication, more popularly known as 2FA, is the most commonly used method.
In order for 2FA to work, a user must have at least two important pieces of credentials in order to log in to an account (with multi-factor usually involving more than three different details). This means if an unauthorized user gets their hands on a password, they will still need access to an email or phone number linked to the account where a special code is sent for an extra level of protection.
For example, a bank will require a username and password in order for a user to access their account, but it also needs a second form of authentication such as a unique code or fingerprint recognition to confirm a user’s identity. This second factor can also be used before a transaction is made.
With an authenticator app, users are given an automatically generated one-time password (OTP), which can act as a highly secure second factor for 2FA. Not only is it virtually impossible for threat actors to swipe these one-time authorization codes, seeing as it refreshes around every 30 seconds, but these codes also aren’t sent via SMS. Using your phone number as a factor for 2FA or OTP is dodgy territory, and there’s good reason for everyone to stop using their phone number for two-factor authentication. Instead, let an authenticator app bolster your online security.
What are the best authenticator apps?
There are dozens of authenticator apps on the market, but a few that we would recommend are Authy, Microsoft Authenticator, LastPass and 1Password. Google Authenticator is another popular option, but seeing as it doesn’t require either a password or biometric login, it’s a potential security gap in a process that is trying to eliminate them.
Authy is a dedicated authenticator app and is expressly used for 2FA login, whereas Microsoft Authenticator, LastPass, and 1Password are password managers that have incorporated an authenticator component. Once you choose your authenticator app and have it installed, you can begin setting up 2FA for your accounts.
The best authenticator apps you can buy today
Authy comes with a host of benefits for those who want to stay secure online without having to pay a dime. However, it does come at an inconvenient cost: your phone number. In order to sign up to this authenticator app, Authy requires you to verify and ensure that you have access to the phone number you claim to own. Fair enough, but other authenticator apps don’t require a phone number in order to evade SIM swapping scandals.
Still, Authy offers tight security measures and a number of advantages to make it difficult for anyone to nab your details. This includes multi-device support, allowing users to easily authorize their phone, tablet and laptop to be used to receive 2FA codes and confirm their authorization into different websites or accounts. Own an Apple Watch? It even works on that. Plus, if you lose one of these devices, it can just as easily be deauthorized.
Authy also has a back-up feature that encrypts and stores your data, which can be incredibly handy when you lose or damage your phone. Of course, you’ll need to remember just one password in order to access your account when a device is lost, but if you can’t remember the password or lose access to your account, all is not lost. The authenticator app has an account recovery process, although it may take over 24 hours to gain access again due to extra precautions taken. If you’re after an easy 2FA solution for multiple accounts, Authy is a good option
If you often use Microsoft Office products, the Microsoft Authenticator app is a no-brainer. It isn’t just for Microsoft accounts though, as it can be used with any online account that also supports 2FA.
The authenticator app uses time-based, one-time passcodes, along with fingerprint, face recognition, or a PIN, all to login to Microsoft’s suite of products or sites with a simple press of a button. The free app is available on both Android and iOS, and even if you make the switch to a new phone, the account recovery feature lets users simply download the Microsoft Authenticator app and recover their details by signing into their account. Oh, and it also works on Apple Watch.
If you’re a fan of password management, the Microsoft Authenticator also comes with password management support, so users can sync and autofill any online accounts associated with the authenticator. Now that’s handy for a free-to-use app.
LastPass has long been known as the best password manager, but it now requires users to pay for a subscription to use its services — except for the LastPass Authenticator. Available for Android, iOS and Windows devices, this authenticator is incredibly simple to set up, and allows users to use its multi-factor authentication on the website of their choice with a press of a button.
The app supports six-digit generated passcodes, automated push notifications for one-tap login, and SMS codes, even though the latter isn’t the ideal choice. Whether it’s Google, Facebook or Amazon, expect to sign in without any hassle.
The one caveat about LastPass is that using the authenticator app does go hand-in-hand with its password manager app, as those with a LastPass account with the multifactor authentication switched on can back up their authenticator account information in the LastPass vault. Having a subscription also allows you to use multiple devices, so you won’t get access to the app’s full potential unless you pay. Still, it’s as little as $4 a month for premium services, which isn’t much considering the cybersecurity benefits it boasts.
Google has been a long-time supporter for a password-less future, and its authenticator app stands as a testament, albeit a very basic one. Google has already started auto-enrolling people to start using its 2FA system, so we may expect to see its authenticator app play a bigger role in the near future.
The good news is it’s the baseline of all authentication, as the Google Authenticator is the app that started it all. Like many of the best authenticators, it doesn’t require an online connection in order to receive codes, and all it takes is a QR code to link accounts that accept OTP. Plus, it’s hard to find a website that doesn’t accept the Google Authenticator.
It’s completely free to use, which makes this a no-brainer for most, but it also lacks some benefits that its competitors boast. The app doesn’t support backups and it can’t sync to multiple devices, which makes account recovery a pain if you can’t gain access. While users can transfer their account information between devices by using a QR code, if you’ve lost the device it is on, then good luck recovering your account. For those looking for a simple 2FA setup, the Google Authenticator will do your online security justice.