In the modern world, two-factor authentication is a must for protecting your account. Passwords are no longer enough. Hackers can easily access your accounts and steal your secrets due to password leaks and weak or reused passwords. 2FA can fill in security gaps, but not all 2FA are created equal. Authenticator apps are the most convenient and secure option for many people. Which one is right for you?
Authentication via an app is safer than SMS-based. Both use the same premise: when you try to log in to an account, you will be asked to enter a code that proves your identity. SMS-based authentication will send the code to you via text, while the authenticator app has the code stored within it, and changes it every 30 second. Bad actors can hijack the number of your phone through Sim swapping and text message forwarding. They could steal your codes before you even know it. The codes are kept in your possession with a dedicated app.
Should you use 2FA in a password manager to protect your account?
Some password managers include authenticators. You can use the authenticator if your password manager has it (and you must use a password manger). Some services lock their 2FA behind a paid-for paywall. If you are using the free service, then you will not be able store codes. It can also be beneficial to separate church and state. If you keep your passwords and authentication codes separate, then you are protected in the event of a data breach.
This is a great product, but I do have one caution.
Apple’s built in authenticator tool
Apple’s built in tool is the best way to authenticate your iPhone, iPad or Mac. Apple’s password manager, iCloud Keychain now supports 2FA with iOS 15.
Those of us who are already part of the Apple ecosystem save their passwords in iCloud Keychain. Adding 2FA codes to this tool to improve account security is a convenient way to do so. The service allows autofill on all Apple devices. Codes are encrypted with your iCloud account password. You can then AutoFill your 2FA code, and your password.
It’s best to use a separate application. However, since iCloud Keychain can be protected with both your iCloud account password and its 2FA, ,it is a convenient and free way to setup 2FA on your different accounts.
Aegis for Android only
Aegis is the most popular authenticator for Android users. It is free, open source, and not tied down to a proprietary platform like Google. This means that you can import your tokens to other devices.
When you create a password, all of your codes will be encrypted. No matter who has your phone or app, as long as they do not know the Aegis Password, they will never be able access your codes. It doesn’t allow native device sharing but you can still backup and transfer your codes at any time.
Aegis’ brand was built on simplicity. It’s not flashy and doesn’t have many features. It allows you to store your tokens and encrypt them. You can also transfer them from one device to another if necessary. Aegis is the only authenticator you’ll ever need.
Raivo OTP
Raivo OTP could be the GOAT of Apple users, just as Aegis has been the king authenticator on Android. Raivo’s open-source platform is a great option for anyone looking to move beyond iCloud Keychain.
Raivo, like Aegis, encrypts any codes you save to the app. This protects your accounts from prying eye. You can choose to either store and encrypt the codes directly through Raivo (in which case, they will be locked behind a Raivo password) or sync them through iCloud (in which case, the codes are encrypted behind an iCloud password).
Raivo syncs all your Apple devices. You can log in to your Mac using the macOS app if you originally created the account with the iOS Raivo application. You can also create encrypted ZIP archives for local backup.
Even fun features are included, like a dark mode or custom icons for every account. After all, authentication doesn’t need to be serious.
Google Authenticator
Google authenticator, like many Google products, is the default option for Android. Google Authenticator is available on iOS, as well.
It does not have cloud backups. This is a serious problem if you want to switch from your old phone to a new one. This is a common problem when switching phones. This is a good thing for security. If you only store your codes on a single device, there’s no risk that someone will break into your cloud account to steal them. Your codes are safe as long as you lock your smartphone.
Microsoft Authenticator
Microsoft Authenticator offers a convenient solution for Microsoft users, but it is also a good option for anyone who has multiple accounts. The app allows you to store codes for your work and school accounts with the appropriate protections. This makes it an attractive option for companies when setting up 2FA.
Microsoft also offers account recovery by backing up the app to the cloud. Microsoft offers account recovery through the backup of the app in the cloud. This isn’t a very secure way to store 2FA codes but it will allow you to access your account if you lose your device.
Twilio Authy
Authy, one of the OG authenticator applications, is a convenient alternative to Google Authenticator. It also supports cloud backups for your codes. It supports syncing between multiple devices so that you don’t have to use one device to log in to another.