The Best Authenticator Apps – The Best Two-Factor Authenticator Apps In 2021

The Best Authenticator Apps – Two-factor authentication (2FA or MFA, for multifactor authentication) adds another layer of protection, and PCMag writers frequently exhort our audience to use it.

Authenticator apps, such as Authy, Google Authenticator, or Microsoft Authenticator, enable one of the more-secure forms of 2FA.

What Is Two-Factor Authentication?

As the name implies, it’s simply using more than just a password to get into your online account or app—adding another factor in addition to that password.

Experts classify authentication factors in three groups: something you know (a password, for example), something you have (a physical object), and something you are (a fingerprint or other biometric trait).

When you use one of the authenticator apps included here, you bolster the password you know with the token, smartphone, or smartwatch that you have.

The Best Authenticator Apps

Yes, you can implement MFA simply by having your banking site send you a text message with a code you then enter into the site to gain access.

However, that turns out not to be the best way to do 2FA. A vulnerability in SMS messaging recently came to light that let crooks reroute text messages.

Read: How To Secure Your Home Network – Ways To Secure Your Home Network

An authenticator app on your smartphone generates codes that never travel through your mobile network, with the potential for exposure and compromise that entails.

You set up the authentication on a site’s security settings page, in the two-factor or multifactor authentication section—nearly every financial site offers this option.

You can find out about which sites offer multifactor authentication options in our story, Two-Factor Authentication: Who Has It and How to Set It Up. There you can read about the processes for setting up 2FA for the major services from Amazon to Yahoo.

Most sites offer the simple SMS code option, but go past that and look for the authenticator app support. Setting up 2FA usually involves scanning a QR code on the site with your phone’s authenticator app.

Note that you can scan the code to more than one phone, if you want a backup. You should also save account recovery codes provided by the sites, and store them somewhere safe, such as in a password manager.

How Authenticator Apps Work

After this, whenever you log into the site from an unknown device, you’ll need to open the Authenticator app, unlock it, and find the site’s entry. Authenticator apps generate time-based, one-time passcodes (TOTP or OTP), six digits that refresh every 30 seconds.

You enter or paste this into the secured app or site, and voilà, you’re in. The time limit means that, if a malefactor manages to get your one-time passcode, it won’t work for them after that 30 seconds.

The codes are generated by doing some math on a long code transmitted by that QR scan and the current time, using a standard HMAC-Based One-Time Password (HOTP) algorithm, sanctioned by the Internet Engineering Task Force (IETF).

These apps don’t have any access to your accounts, and after the initial code transfer, they don’t communicate with the site; they simply and dumbly generate the codes. You don’t even need phone service for them to work.

Since the protocol used by these products is usually based on the same standard, you could, for example, use Microsoft Authenticator to get into your Google Account or vice versa.

Though Microsoft Authenticator adds convenient login options for its services, such as Office, Outlook, and OneDrive.

What to Look for in an Authenticator App

Something to look for when choosing one of these apps is whether it backs up the account info (encrypted, of course) in case you no longer have the phone you set everything up on.

Authy, Duo Mobile, LastPass Authenticator, and Microsoft Authenticator offer this, while Google Authenticator does not.

In a security win for Google’s mobile OS, Android prevents anyone from taking screenshots while you have an authenticator app open, whereas iOS allows them.

For even more thoroughgoing security, you could implement MFA with a dedicated device, such as YubiKey. These devices produce codes that are transmitted via NFC, Bluetooth, or when you plug them in directly to a USB port.

Unlike smartphones, these have the advantages of being single-purpose and security-hardened devices. Though unlikely, it’s possible that a malware-infested app running on your phone could intercept the authentication codes

produced by a phone’s authenticator app. Security keys have no batteries, no moving parts, are extremely durable, and don’t require an internet connection—but they’re not as convenient to use as your phone.

Authy and Microsoft Authenticator also offer Apple Watch apps, for even more convenience, something missing for Google Authenticator and LastPass.

With about 36 million of these WatchOS devices sold in 2020 alone (that’s 14 million more than Apple Mac computers sold), it’s a convenience that quite a few folks can take advantage of.

So, to summarize: (1) You should use multifactor authentication for all your online accounts. (2) Authenticator apps provide better security than SMS codes.

(3) Look through our summaries of the most popular authenticator apps below and start setting up your accounts with the one that appeals to you.

Finally, let us know your thoughts on these apps and related security issues in the comments below, and be sure to follow PCMag’s in-depth security coverage.

Duo Mobile

Duo Mobile is geared towards corporate apps, especially now that it’s part of Cisco’s portfolio. The app offers enterprise features, such as multi-user deployment options and provisioning and one-tap push authentication,

In addition to the one-time passcodes mentioned above. A nice security touch is that you cannot screenshot the Duo interface on Android (but you can on iOS). You can back up Duo Mobile using Google Drive for Android, and using iCloud KeyChain on iPhone.

Google Authenticator

The search ad giant’s authenticator app is basic and offers no extra frills. Unlike Microsoft Authenticator, the Google Authenticator app doesn’t add any special options for its own services, nor offers backup or password generation and management.

Google seems more interested in having you set up two-factor authentication by using built-in Android features rather than the Authenticator app.

Using an Android phone for 2FA with a Google account (rather than Google Authenticator app) is more convenient, since it involves just tapping on the phone rather than entering a six-digit code.

Unlike Authy, Google Authenticator lacks online backup for your account codes, but you can import them from an old to a new phone if you have the former on hand. One minor concern is that Google Authenticator doesn’t provide an Apple Watch app.

LastPass Authenticator

This is separate from the LastPass password manager app, though it offers some synergy with the better-known app’s password functions.

Installing LastPass Authenticator is a snap, and if you already have a LastPass account with multifactor authentication enabled, you can easily authorize LastPass by tapping a push notification.

Also, once the app is set up with your LastPass account, it’s easy to create a backup of your authenticator accounts in your LastPass vault. This takes some pain out of moving to a new phone.

Microsoft Authenticator

Microsoft’s entry now includes secure password generation, and it lets you log in to Microsoft accounts with a button press. The Authenticator app also lets schools and workplaces who use it register users’ devices.

Account recovery is an important feature that you should turn on if you use the app. That way, when you get a new phone, after you install Microsoft Authenticator, you’ll see an option to recover by signing into your Microsoft account and providing more verifications.

One problem here (and it’s an Apple lock-in issue) is that you can’t transfer your saved 2FA accounts to an Android device if you’ve backed up to iCloud, since the iPhone version requires using iCloud.

Microsoft Authenticator offers another layer of security: You can require unlocking your phone with PIN or biometric verification in order to see the codes.

You find password management capabilities in a separate tab along the bottom. You can simply sync with the Microsoft account you associated with the authenticator,

and after that, you’ll see the logins you’ve saved and synced from the Edge browser. In addition, you can simply use Authenticator as a password filler/saver utility on your phone.

Twilio Authy

Unlike the other apps in this mini-roundup, Authy requires your phone number when you first set it up. we’re not fans of this requirement,

Since we’d rather have the app consider our phones to be anonymous pieces of hardware, rather than something tied to our personally identifiable data. Also, some have leveled a charge that this opens the app up to SIM-card-swap fraud.

Authy’s Help Center offers a workaround for this, but we’d prefer it just worked like the rest of the apps without the phone number requirement. Apple Watch users will appreciate that there’s an Authy app version for their timepiece of choice.

One of Authy’s big advantages is encrypted cloud backup, but it’s somewhat concerning that you can add the account to a new phone using “a PIN code sent via a call or an SMS” according to Authy’s support pages.

There’s also an option to enter a private password or passphrase which Authy uses to encrypt login info for your accounts to the cloud.

The password is only known to you, so if you forget it, Authy won’t be able to recover the account. It also means that no authorities can force Authy to unlock your accounts.

Read: The Best Antivirus Software for Windows 10 – Windows 10 Best Antivirus Software

Trust this was helpful, do well to check up on more of our educating and informative articles. Also, share this post to your friends on Facebook. Twitter, Whatsapp, and Instagram.