When it comes to cyber security, one shift is not enough. A complex password (or one created with a password manager) protects your data well, but it can still be cracked. Two-factor authentication enhances this by adding a second layer of security that gives you even more protection against online threats.
For two-factor authentication or 2FA, the logged-on service requires two things to authenticate you: something that you know and do you have . Your password will serve as "something you know," and a 2FA app will prove the aspect of "something you have" where a device (such as your phone) needs to be present before someone joins your Account is not foolproof, it dramatically improves your defense. Even if someone gets their password, they also need physical access to their phone to get a temporary access code to unlock their account. Not all websites support this feature, but most popular sites already do, and you can check compatibility with this link. And for any account that supports it, you should enable it, especially for those who support software-based tokens.
Table of Contents
- Offline mode: Ability to generate 2FA codes without Internet
- Open Source: The source code is available to the public for everyone. While open source offers an advantage, no app on our list is open source (although some use different open source technologies)
- Encrypted backups: The token database is encrypted and backed up separately from your device. That way, when you update your phone, you can easily take your codes with you without having to register your new phone for all your accounts.
- Desktop Version: Whether the service has a desktop version, t needs your smartphone when you log in to your accounts. A dedicated app is advantageous over an extension that limits you to a browser.
- Smartwatch-compatible: The service supports one (or more) of the most important smartwatch operating systems. Wear OS is the Android-based smartwatch operating system, watchOS is the iOS-based smartwatch operating system. If an app supports one of these operating systems, you can also retrieve the codes when your phone is in your pocket.
- Password Protection: Integrated into the app is the ability to block intruders with some form of authentication. Both Authy and LastPass support either a PIN code, a fingerprint scanner, a Touch ID, or a Face ID (depending on which iPhone model you use).
- Cross-Device Synchronization: The ability to synchronize data across multiple devices accessing your tokens. Any accounts added or removed on one device will also be added or removed on the other devices.
- Customizable OTP time: Ability to adjust the length of the one-time password availability. Shorter times make it harder for hackers, but can be too uncomfortable. In general, the default timer is between 15 and 30 seconds. For the two apps that support the feature, both must be entered manually
- Adjustable code length: The ability to adjust the size of the one-time password. For the two apps that support the feature, both must be entered manually. Longer codes make hacking more difficult.
- Push Notifications: Rather than typing in some codes, some apps on our list support push notifications. Tokens are exchanged in the background without having to copy the numbers. You just have to accept or reject the request. However, the site must include support limited to all apps on our list.
To narrow the scope of 2FA apps in the iOS App Store and Google Play Store, we've set some basic rules. To build this list, apps had to support both iOS and Android, so that the largest possible number of users could benefit from our list. This decision removed major opportunities such as and OTP, which are limited to Android only.
A second requirement was that each app had to be currently supported by the developers. Regular support ensures that bugs and vulnerabilities are resolved in a timely manner. Therefore, we only included apps that received updates within the last year. This has eliminated another good option, FreeOTP.
Third, we decided to consider only free 2FA apps. While there are some great apps that require payment, most are free, so we thought there were enough options to avoid the paid level of 2FA apps.
Finally, we wanted apps with two factors to authenticate large numbers of websites and services. The gold standard for this is the Google Authenticator, which offers one of the largest collections of supported apps. Therefore, we searched for apps that supported at least all Google Authenticator supported apps and services.
App 1: Authy
I learned about Authy after frustrations with Google Authenticator. When I started using two-factor authentication, I did some research and chose the one with the biggest name. However, when I switched phones, I discovered Google Authenticator's biggest weakness: you need to reconnect the app to your services for the new phone. After doing this twice, I said "Enough is enough" and really dug into the best 2FA app that took me to Authy.
Only three apps on our list support encrypted backups, and Authy is one of them. However, Authy makes the process of recovering your account incredibly easy by linking your account to your phone number. While this remains open for a vulnerability, it is largely exaggerated and the service is safe to use.
Authy also understands that many of us have more than one device. Whether you have a tablet, smartphone, or two-phone life, Authy gives you access to two-factor authentication with multiple device syncing. Any changes you make to a device will be synced across all your devices. This feature makes it easier to access your token because it gives you an up-to-date database on multiple devices. So you can use the next login.
Authy is one of the best two-factor authentication apps on two operating systems. The user interface is easy to use and adding a new account is as easy as scanning a QR code. Authy even gives you a choice of what the layout of the accounts should look like to improve navigation. For any website that supports 2FA, we recommend not only enabling the feature but using Authy to enable the feature.
App 2: LastPass Authenticator
Although it took our top spot, Authy does not have much of an advantage over LastPass Authenticator. The two apps share most features, except for two differences. And it's because of the two features that LastPass lacks, which led to its second place.
- Install LastPass Authenticator: Android (free) | iOS (free)
Like Authy, LastPass supports encrypted backups. The only caveat is that a LastPass account is required. It's not a big deal, but it can be annoying to use a password manager you did not want to use. The password manager is however free and simply one of the best in the App Store and Play Store. LastPass has slightly surpassed our list of best password managers, and you can see some of the reasons with the following link.
The big advantage of LastPass Authenticator over Authy is the ability to customize tokens parameters. While you need to enter the code manually (instead of scanning the QR code), you can change the duration of the code and the length of the code. Depending on your need for safety or comfort, this feature can be beneficial.
Although helpful, this feature is unlikely to be used by the general public. What is used is the desktop version that LastPass does not have – the only app on our list that does not. It's also the only app on our list that does not support smartwatches. Another convenience that normal users would appreciate.
You can flip a coin if you want Authy or LastPass Authenticator. Some people like to keep their passwords separate from their tokens and prefer to use Authy. However, if your password manager and token are encrypted, there's no danger of relying on one company for both requirements. However, LastPass Authenticator is a good choice for those looking for a solid second line of defense for their accounts.
App 3: Duo Mobile
Duo Mobile was developed for businesses and offers several plans for multiple users. In summary, Duo is a security platform for accessing and authenticating multiple users. But with the free version it will be an excellent 2FA app for consumers that is well designed and easy to use.
In addition to the same services as Google Authenticator, Duo Mobile (along with Authy) provides better support for third-party services and social media. Duo Mobile is also constantly updated, with its last update a few weeks ago at the time of writing this article.
It supports Apple Watch users with an official watchOS app. It has an official application for Windows and Mac OS so you do not need your phone when logging in from your desktop (or laptop).
It also supports backups that are encrypted. The device used determines where the backups are stored. For iOS, the backups are stored in iCloud. For Android, the backups are stored on Google Drive.
The ability to sync your accounts makes it possible for you Database because you do not have to start over if you decide to upgrade your phone. The lack of password protection and sync finally led to his third place on our list.
Similar to Google Authenticator, Microsoft Authenticator does not perform cloud backups. Unlike Google, it is better supported and offers push notifications. While the latter requires that the user be in the Microsoft ecosystem, it is still a great convenience to have and enough to recommend using Google Authenticator.
- Install Microsoft Authenticator: Android (Free) | iOS (free)
One of the better features of Microsoft Authenticator is support for push notifications. As long as you use the app to authenticate a Microsoft Active Directory account, you do not need to enter any code, you will be asked to confirm or confirm the token sent to your device. If the token on your device matches the one on your login screen, select "Approve" and you have identified it. The process is much simpler than typing in codes, and although three other apps support the feature, the number of services they support is limited.
We moved back and forth between the other in the decision between Microsoft and Google Authenticator. Ultimately, it was about supporting and pushing notifications that they pushed through Google. Since Microsoft Authenticator received several updates per month compared to Google (more on that later), it was more appropriate to favor Google, even with limited desktop support.
If you prefer the security of isolating your data to just one device and tied to the Microsoft ecosystem, this is the authenticator for you. With push notifications and a solid (well-updated) multi-platform app, this is a good choice for users of both Microsoft and non-Microsoft accounts.
App 5: Google Authenticator
There are two main reasons that someone uses Google Authenticator over the other apps on our list: (probably) better security and broad availability. Although I switched to Authy because of the restrictions, this might be more of a benefit to some, as they prefer Google Authenticator of first choice. And for these two reasons, it deserves a nickname on our list.
- Install Google Authenticator: Android (free) | iOS (free)
Because Google Authenticator does not back up your database, it only exists on your device. For this reason, every time you upgrade your phone, you must reconnect the app to all accounts on the new device. But if security is your only priority and comfort does not matter, it also protects you if your device is stolen.
Modern smartphones can remotely erase your data if your device is stolen, what would protect your tokens, whether you had Authy or Google Authenticator. However, Authy ties the database to your phone number, which can be easily obtained and potentially faked. If someone had control of your phone line and your password was guessed (and that's a big if), you would have full access to your tokens. This is not possible with Google Authenticator.
Google Authenticator is also the standard for two-factor authentication through an app. However, it seems that Google is slowly leaving the app. The last update for Google Authenticator came on iOS two years ago. If the update for Android was not available in September 2017, it would not even have created our list.
Google Authenticator is limited to a Chrome extension for desktop users , Although it limits the use of Google's browser, it is available on all desktop platforms, including Chrome OS, unlike the other apps on our list. It's also the only 2FA app on our list officially supporting Wear OS (formerly known as Android Wear).
Frankly, the main reason for Google Authenticator is that you're worried that your data will be backed up to the cloud. t sure. Despite the inconvenience, you are worried about your privacy and that's why Google Authenticator makes sense. However, there are better options for the majority of users.
Let's start by saying that everyone should use 2FA. We understand that it is time consuming, and especially for websites that do not support apps, it is impractical to get a code from a phone number. Even text messages are cumbersome, as it is not easy to copy them from the message ( iOS 12 and Android Pie help). But 2FA can protect you and your data from unauthorized access, which is definitely worth the inconvenience.
The best choice for 2FA is currently clearly Authy. It's easy to use, easy to transfer to a new device and offers password protection. Or, if you are already a LastPass Password Manager user and you do not mind trusting your passwords and 2FA tokens from the same company, then LastPass Authenticator is a second.
Do not miss: Best Password Manager for Android & iPhone