If you want the best two-factor authentication app on the market, our choice is Authy. A close second is LastPass Authenticator. If you do not like it, try Duo Mobile or Microsoft Authenticator. But if you're good at missing great features then you should use Google Authenticator.
While Google Authenticator is one of the most popular 2FA apps in both mobile markets, it has been a good name for a while now. The well-designed interface is no longer enough – the competition has not only caught up, but also exceeded the Google app. If you use two-factor authentication apps, you should look elsewhere for four reasons.
It has not been updated in more than a year
While software has no lifespan like humans, it expires. This expiration date occurs when developers stop supporting it, a sign that they are moving on to bigger and better things.
It appears that Google Authenticator is reaching this period based on its update history. On Android, the app has not been updated since September 2017 – compared to Authy, which received an update the day before. And on iOS, Google Authenticator is even worse with its last update in February 2016.
Without updates, bugs are not fixed and vulnerabilities are not resolved. Features are not added, and changes to the design and other optimizations are never treated despite the public outcry (see for example, how Google Authenticator looks on an iPhone X). The limitations of Google Authenticator are unlikely to be resolved in the foreseeable future and are therefore always behind the competition.
. 2 You Can not Back Up the Database
I personally gave up on Google Authenticator after I decided to switch my phone. When I finished the new phone by transferring all my messages, call history, and other data, I soon learned that all the accounts I set up tokens could not be transferred to the new phone. A quick Google search revealed the sad truth to me: I had to repeat all the accounts on the new phone. After my second phone change, I decided to switch to Authy and I never looked back.
Privacy advocates argue that Google's prevention of cloud storage improves security as it can be compromised. However, there are security measures (encryption) to protect the database, so it's mostly a contentious issue. In addition, comfort outweighs the risk potential by far.
Google could have at least locally stored an encrypted backup that was passable and protected with a passcode, but the fact that nothing exists in the form of backup is a bad design choice. If you lose your phone or it is stolen, you can only access the accounts with the 2FA protection if you contact the technical support of each site.
Compare this to 2FA apps like Authy, Duo Mobile and LastPass Authenticator They store encrypted backups and use them to set up new phones. With Authy and LastPass Authenticator, you can even sync the database to multiple devices if you want to have your database on two or more devices, such as a smartphone and tablet.
With 2FA as the second line of defense, you would think Google would provide a way to protect the database of tokens stored in the authenticator. While phones have a lock screen that can be password protected, there are lock screen bypass hacks for both Android and iOS in the wild. Without individual protection for the app, someone could use the unprotected Google Authenticator app to access your accounts (knowing the account password) and the data they contain.
Authy and LastPass Authenticator allow you to set a PIN code for authentication users before the app can be opened. For convenience, you can also use the Fingerprint Reader (Touch ID for iOS) or the Face ID (for iOS only) to unlock the database as well. This security measure shows that the Google Authenticator contest recognizes the importance of these codes and their protection with the same urgency as your passwords.
Although Google Authenticator has been the standard for 2FA support for years, it's no longer the best. Most competitors have the same widespread support because they can provide tokens for any Google Authenticator-supported Web site. However, Google Authenticator has also been surpassed in some ways
Apps like Authy and Duo Mobile offer better support for social media sites and third-party services. Combine this with the fact that these two apps support the same sites as Google, and you see how using Google Authenticator makes less sense.
Google Authenticator is the second best free tool on the Play Store at the time of writing, and is not worthy of its popularity. We expected more because of the reputation of Google and its apps. But Authenticator seems to be on its way out, and right now it's much better to use Authy, LastPass or just about any other option for your 2FA needs.