This one doesn’t have a whole ton of features, but it does the job it promises to do adequately and without issue. Microsoft Authenticator is Google Authenticator’s biggest competitor. Steam app: Setup guide, General FAQ, I lost my authenticator. The app doesn’t use icons, which makes finding codes quickly more difficult. On Android, tap the three-dot menu and then, The account is now in Authy, but it’s not enabled yet. Here’s how it works. In any case, these aren’t common but they’re quite good. Over the course of 24 hours, Authy shares the status of this process through several channels, alerting you so that if you did not initiate the reset you can stop it from happening. Adding profiles is at least simple enough, and it only includes scanning a QR code or typing a numeric code. Talking about the functionalities, it comes with cloud backup, Stuart Schechter, independent scientist, email interview, August 13, 2019, David Temoshok, senior policy advisor at NIST, phone interview, September 12, 2019, Jim Fenton, independent consultant, phone interview, September 12, 2019, Matt Elliott, Two-factor authentication: How and why to use it, CNET, March 28, 2017, Nabeel Saeed, senior product marketing manager for Twilio Account Security, email interview, September 27, 2019. Both Duo Mobile and Microsoft Authenticator support at least PIN logins, but Google Authenticator offers no way to secure the app itself. The app supports both HOTP and TOTP methods and it should support most sites on the Internet. Some accounts may also support push notifications in place of a code, where instead of asking you to manually type in a code, the site sends you a notification on your phone and you tap a button to approve the login. Two-factor authentication is a popular and powerful security tool. The most obvious competition to Authy is Google Authenticator, the app that started it all. Now, the whole cloud syncing thing is a mixed bag because it puts all of your codes online, but the developers promise that token generation only ever takes place on your devices and never in the cloud. Email verification can be secure, but only if you have strong two-factor authentication on that email account. A two-factor authentication app doesn’t need to offer much to be good, but a poorly made one can be a serious pain to use—or even pose a security issue. One app to quickly and securely verify your identity online, for all of your accounts. We like that the company makes its security measures clear (PDF). On the Start by getting the app page, select Download now to download and install the Microsoft Authenticator app on your mobile device, and then select Next. For instance, you can lock the app and only enter after using a PIN, password, or fingerprint unlock. Authy is good for what it does. When you buy through links on our site, we may earn an affiliate commission. Before covering privacy and security for Wirecutter, I wrote extensively about both topics for the how-to site Lifehacker. LastPass limits the authenticator’s extra features, such as its optional encrypted backup and one-tap verification, to LastPass password manager customers, so those features are useful only if that’s your password manager. andOTP is one of the newer two-factor authenticator apps on the list. We used each app to add new accounts, copy and paste codes, and test out features such as renaming accounts, changing icons, and performing push notification logins. The Authenticator app will also have an Import feature so you will be able to easily bring your saved passwords either from Chrome or some of … Finally, you can back up your account and export to a new device when you get one and import from Authy and andOTP as well. You will need to register your device to your organization through the app and add your work or school account. On the next screen, the app confirms the time is synced. On the Add a method page, select Authenticator app from the drop-down list, and then select Add. If your phone is already locked this way (and it should be), this extra step isn’t necessary, but it’s a nice touch if you want to use a different PIN for added security. How to video chat with family and friends on your smartphone, You’ll eventually have to accept WhatsApp’s new privacy terms to use the app, Report: Samsung moving full-steam ahead with S Pen for Z Fold 3, WhatsApp details what’ll happen to users who don’t accept its new privacy terms. Authy pulls icons automatically from websites when you add a new account, something few other apps bother to do. These two factors can include: One common example of a system that uses two-factor authentication is a bank account with a debit card, where you need to know a PIN and have the physical debit card to withdraw money. Learn more. Authy has the best combination of features, security, and support of any two-factor authentication app we tested. Google Authenticator is a free security app that can protect your accounts against password theft. Even my thermostat (Ecobee) uses 2-factor authentication when logging into my account. However, this one adds a dark theme, widgets, fingerprint scanner support, and cross-platform support with iOS and Google Chrome browser (via an extension). Unlike with stealing passwords, an attacker needs to grab a two-factor authentication software token in real time for it to be useful. Google Authenticator. Mobile device text. Authenticator works on iPhone, iPad, and iPod Touch. In addition to your password, you’ll also need a code generated by the Google Authenticator app on your phone. Join over 150,000 readers to get a weekly digest of the best apps! LastPass Authenticator stands out mostly because it comes from LastPass, which is easily the best free password manager on the market. Open your authenticator app … It’s not a free app, but it’s well worth the money. It’s a simple app with a basic UI and it works pretty well. If the idea of manually entering a code every time you log in to a site sounds cumbersome, it is, but like typing in a username and password, it’s something you get used to. In order to use Google Authenticator as a form of 2-factor authentication, take note of the following steps. It’s a really nice app that can import your existing settings, sync between devices and backup/restore using your sd-card. Compared with other authentication apps, Authy is also available on more platforms, including iOS, Android, Windows, Mac, and Chrome, and it features PIN and biometric protection for the app. We didn’t have any real complaints and neither did most Google Play reviewers. No, but if you’re using an Android smartphone you can replace the Google Authenticator app with Authenticator Plus. There isn’t a ton of data about the specifics of phishing attempts like this, but the FBI’s Internet Crime Complaint Center received 25,344 reports of phishing in 2017 (PDF). Some other features of andOTP include multiple backup options, a dark mode, and compatibility with Google Authenticator. … You should send reports of phishing attempts to the FTC, but since most people don’t, it’s hard to know how often such phishing happens. These backups make it possible to recover your tokens if you lose a phone or move to a new device. If you lose your phone, you lose access to the two-factor authentication app. This arrangement offers the benefit of making it easier to recover all your tokens if you lose your phone, but it also involves the trade-off of providing an additional way for someone else to get into your accounts—the more devices your tokens are on, the higher the risk of someone else getting into them. You need to do this for every account on which you want to enable two-factor authentication. That's why your best bet is an option with a software-based token, and that's the method supported by each of the apps on our list. Salesforce Authenticator is an intelligent, mobile two-factor authentication app that delivers enterprise-class security, while providing simplicity and convenience to your end users. Those in the know can check out the open source code here. To solve this problem, most authentication apps offer cloud backups (even though security experts tend to recommend against using this feature), and some makers of authentication apps are better than others about explaining how (or if) they encrypt these backups. This drawback is inherent to every two-factor authentication app. Why You Need a Password Manager. With backups and multi-device enabled, your tokens sync across all the devices Authy is installed on. You should do so for any account that has personal information, including your password manager, email, chat apps, social networks, bank sites, cloud backup services, or anywhere you’re storing health data. AUTHENTICATOR ROUNDUP — Choosing 2FA authenticator apps can be hard. Learn more about 2-Step Verification: https://g.co/2step Features: * Generate verification codes without a data connection * Google Authenticator works with many providers & accounts * Dark theme available * Automatic setup via QR code Two-factor authentication is still susceptible to more advanced phishing attempts. If you don’t use two-factor authentication otherwise, 1Password’s option is still better than nothing, but keep in mind that you’d still want Authy to protect your 1Password account. There is also cloud syncing so any change you make, you can view on all of your devices. Authy is the only app we tested that offers two security features that assist in account recovery: an encrypted cloud backup and support for a secondary device. Push notifications are easier to use and more secure than TOTP, but aren’t available for many sites. Here’s what we found to be most important through our interviews with experts and our independent research: With our criteria set, we tested Authy, Duo, Google Authenticator, Microsoft Authenticator, LastPass Authenticator, 1Password’s built-in authenticator, and Salesforce Authenticator. After hundreds of hours researching the best local storage and online backup services, we’ve put together a guide to backing up your Mac or Windows computer. Duo, which is part of Cisco, is a popular enterprise option for two-factor authentication, so there’s a chance your employer or school may already require you to use it. Enter that code in the app. For example, someone could make a fake Gmail login page, email you a link to this page saying your account needs an update, and then direct you to the fake site, where you then log in with your username, password, and two-factor authentication token. Table of Contents. This code, which is time-sensitive, can come to you via SMS, or it can be generated by a two-factor authentication app, such as Authy, on your phone. Share. Backblaze is the best online backup service for most people thanks to fast, reliable performance, plus simple setup, useful features, and an attractive price. However, it is nice having an extra layer of security. The company has encouraged users to opt-in device prompts to verify the details, but this trick only works with Android and not with iOS. The sync only affects the internal time of your Google Authenticator app. HOW TO USE 2-FACTOR AUTHENTICATION ON TWITTER! You get codes from it and use them to authenticate your login. Microsoft includes a cloud backup option too, though it’s not as clear as Authy about how the encryption on those backups works. Security experts suggest keeping the recovery codes that sites provide you after you enable two-factor authentication (they’re one or more long strings of letters and numbers) in a secure location where you can access them even if you lose your phone. You may unsubscribe at any time. This app supports only the six-digit TOTP factor. Those who want to use authenticator apps have only a few good choices. As the name suggests, two-factor authentication adds a second layer of security to supported accounts to make it more difficult for someone other than you to get into them. Here are the best ones for Android! If you don’t take the required measures for a potential account recovery during the setup process, you could be permanently locked out of any account on which you enable two-factor authentication. We usually recommend Google Authenticator to people who use Google services heavily. The interface is easy to use, and you can transfer your tokens securely. Twilio, a cloud communications company, runs Authy. We’ve added screenshots and updated details about how Authy lets you attach app icons to entries. Published 1 year ago: January 2, 2020 at 1:00 am- Filed to: android. With Salesforce Authenticator, it’s even easier for employees to access business-critical apps through simple push notifications. The FBI does warn about the risks of both SIM swapping and phishing tools, but two-factor authentication is still effective in protecting accounts. The app also comes with offline support, device syncing, and it supports most popular websites and account types. In order to hack your account, someone would need more than just your password and username. Google Authenticator is one of the most simple authenticator apps out there. It generates Time-based One-time Passwords (TOTP) and Pushes authentication. Authy is free, available across platforms, and easy to use, and its security features are better than those of other two-factor authentication apps. If you do anything online—which you obviously do—whether that’s shopping, using social media, or banking, you should use two-factor authentication for your most important accounts. New features and updated app design are only available if you have completed the Windows 10 Anniversary update. You should enable two-factor authentication on your password manager, email, any cloud backup services you use, banks, social media profiles, chat apps, and any app with your health and fitness data. Multi-device support – It’s very essential to have an authenticator app that syncs across multiple devices. Without the update, you will receive an older version of the app which only supports two-step verification for work and school accounts. The biggest potential flaw of enabling two-factor authentication is that if you lose your device, you can lock yourself out of your accounts unless you also enable multi-device or enable backups. Your password is never sent to Authy, which means that even if someone were to hack Authy, they still couldn’t get your two-factor authentication tokens. For step-by-step instructions about how to set up and use the Microsoft Authenticator app, see Set up security info to use an authenticator app. Setting up the RuneScape Authenticator. If you don’t take the required measures for a potential account recovery during the setup process, you could be permanently locked out of any account on which you enable two-factor authentication. It requires you to verify that you actually logged into whatever account you logged into. Authy encrypts your account on your phone, so nobody at Authy can get access, but even though it's encrypted with AES-256 (Advanced Encryption Standard), someone could theoretically break that encryption and get your tokens because they are uploaded online, though we do not have evidence that this kind of infiltration has happened thus far. As a result, we have an authenticator app. Microsoft Authenticator is one of the biggest competitors when it comes to two-factor authentication apps. On your Android device, open the Google Authenticator app . Authy has support from its parent company, Twilio, so the apps are always updated for new operating systems. It’s also totally free with no ads or in-app purchases. The Best Authenticator Apps For Protecting Your Accounts. This app provides an extra layer of protection when you sign in, often referred to as two-step verification or multi-factor authentication. The app generates these codes using an algorithm assigned to your device when you install the app, and each code lasts 30 or 60 seconds. I recently got an iPhone replacement, and although Microsoft Authenticator app can store your accounts in OneDrive, this doesn’t store the “key code” to generate the one time passwords. The same goes for Microsoft. The website does an excellent job of explaining multi-device and backups, and it would be nice if that information were also accessible in the app itself. It encrypts all your data and protects it with a master password on the cloud. It’s not the most complicated app and that’s probably why people like it so far. Most people use Authy primarily on their phone, so let’s start there: Now, let’s walk through what it’s like to set up two-factor authentication on a site. Yes, You. Since apps, especially free ones, don’t come with warranties or guarantees of any kind, Authy’s history of frequent updates and a clear, public business model is the best we can hope for. Download and use an authenticator app to get either an approval notification or a randomly generated approval code for two-step verification or password reset. You can also install Authy on a secondary device, such as a computer or tablet, and use that device in tandem with backups to recover your account in case you lose your phone. The upside is you get the token directly from the site you want to log into. Twilio has published a white paper with its security practices (PDF), including its compliance requirements and threat management, though we’d like to see third-party researchers test Authy’s backup system for vulnerabilities. Microsoft this month announced the 'general availability' commercial release of the 'password management and autofill capability' in the Microsoft Authenticator app … David Nield. Most of these options are still secure and reliable for everyday use. Remember without the OTP generated in the app, you could permanently lose access to an account. Here are the best alternatives to Google Authenticator. Authy is one of the best two-factor authentication apps available on both operating systems. Something you know plus something else you know isn’t two-factor authentication.” Even though these backups are encrypted, someone could theoretically break that encryption and get your tokens because they are uploaded online, even though we do not have evidence that this has happened thus far. Back on Google, click. Manage your account, shop, stay up to date with games and the community. The LastPass Authenticator is similar to Google Authenticator in that it doesn’t use icons, so finding codes is harder. The company has been encouraging the user to opt-for device prompts to … Google makes transferring tokens to a new phone simple on Android, but iPhone users have to manually scan all the codes again. If a Web service doesn’t support Authy, you should use that service’s application. A hardware authentication key is more secure than a software-based authentication app on your phone because it untangles security from your not-always-secure phone and is less susceptible to phishing, but it comes with increased risk if you lose it, and it costs money to purchase. In addition, Authy is the only authentication app we tested that’s available on both smartphone and desktop, including an extension for Google Chrome, and it has feature parity between the platforms as well. It only needs a few permissions and the Play Store description tells you about all of them. Our favorite password manager, 1Password, includes a built-in authenticator, but all the security experts we spoke to were hesitant to recommend putting all your eggs into one basket in this fashion—on the off chance someone were to gain access to your 1Password account, they’d have access not just to your passwords but also to your authenticator. However, the security experts we spoke with recommended against using cloud backups for two-factor authentication tokens. Authy sends you a PIN over text message. It’s free to download and use, so there’s no need to pay any subscription fee. Microsoft Authenticator (Free) Microsoft is slowly turning its attention towards utilities more these days. Although it's effortless to use, its simplicity comes at the expense of a few features some people might miss. It works with most popular accounts, including Facebook, Google, and many others. This is the one I personally use all the time. Additionally, many banks use a similar method. Review the steps in the Configure Authenticator app pop-up modal to add your Mailchimp account to your authenticator app. Get Your Digital Accounts Ready In Case of Death, Two-factor authentication: How and why to use it, something you know (like a password or a PIN), something you have (like a phone or a hardware key), something you are (biometrics, something like a fingerprint or a face scan). (And if you're using a password manager as well, which you absolutely should, it’s less work overall, since you have to type only your authentication code while your password manager autofills the rest.). These backups are encrypted on your device before they’re uploaded, so nobody at Authy has access to your accounts. Type the six digit authentication code in the field on the PayPal website to verify the link between the authenticator app and your PAyPal account. Authy is one of the more dependable two-factor authentication apps. is quick and easy, and is done via our website. Open the Authy app on your phone. 2. Authy calls this feature “multi-device.” Once you add the second device, Authy recommends, you should disable the feature so that someone else can’t add yet another device to take control of your account (Authy will still work on both devices). It works very well with basic UI, and you can also add your secret key manually or use the QR code. In the top right, select More Time correction for codes Sync now. The Android and iPhone apps both receive updates frequently. You will see a “Backup codes” option. The app isn’t as useful if you don’t use the Salesforce platform, but if you do, it’s worth using for the rest of your tokens too. Download the Google Authenticator App. If it didn’t, we tested how the recovery process worked. Adding new accounts to the app is pretty straightforward. Steam App. In case of death: how to set up a list of important digital account info for simple and secure information sharing with family members and trusted friends. For more information about how to download and install the app, see Download and install the Microsoft Authenticator app. The best authenticator is the one you’ll use. That’s factor two. That said, in a phone interview, independent contractor Jim Fenton told me, “We define three different levels of authentication, and the highest level requires a hardware authenticator.” We plan on testing hardware authentication keys in the future. In order to install Authy on a new phone, you need to have physical access to one of the other devices you’ve already installed Authy onto. FreeOTP Authenticator is a free and open source authenticator app. The authenticator app should pick up the company and your PayPal email address automatically. To set up the Authenticator app for the first time, use its option under the Set Up Alternative Second Step heading. Authy makes it clear why the app exists and why it’s free: Authy’s authentication software is made for businesses, which help bankroll the app. However, it also works for a variety of other websites. ©2021 Android Authority | All Rights Reserved. It’s a good way to go if you don’t want to use Google or Microsoft’s apps. You can also add your secret key manually or via QR code if you want to. Two-factor authentication can be a bit mind-boggling if you haven’t used it before, so check out our section on setting up Authy for a visual explanation of how it works. Everyone should use a password manager. It competes directly with Google Authenticator, Authy, LastPass Authenticator, and several others. Having backups stolen can be worse. After interviewing experts and picking the feature criteria, we read reviews of the apps on Google Play and Apple’s App Store, and we dug through each app developer’s website looking for white papers about the company’s security measures, support process, and app features. Since you do not need to log in to Authy often, it’s very easy to forget what this password is, but Authy does at least periodically ask you to re-enter your password to help ensure that you remember it. This means only your physical device has the codes, which makes them more secure than text-message or email codes. A two-factor authentication app is a similar idea, but instead of a physical card, the second element is your phone. It works pretty well. The downside is waiting for that token to arrive. Of course, it’s not an end all, be all solution. 2FA Authenticator is an excellent choice for six digit TOTP authentication. If you use a lot of Microsoft applications and services, Microsoft Authenticator is a useful tool that supports passwordless logins (which are more secure) for Microsoft apps such as Office, OneDrive, and Outlook. We think the increased support from a larger company is worth sticking with an app like Authy. Once we settled on Authy as our pick, we spoke with Nabeel Saeed, senior product marketing manager for Twilio Account Security, to clarify details about Authy’s backup and recovery processes. It also means that if you forget your password, there’s no recovery method. On Android you need a YubiKey that supports NFC and the Yubico Authenticator app, which at this writing is the YubiKey 5 NFC ($45), and the now discontinued (but still supported) YubiKey Neo… Two-factor authentication (2FA) adds an additional layer of protection beyond passwords. Save your Mailchimp backup code offline or on a separate device. Although two-factor authentication can protect against more basic phishing attempts, where a fake website designed to look like a login page tries to steal only your password, it’s not perfect—no security tool is. TOTP Authenticator is, well, a super basic and effective TOTP authenticator app. The Google Authenticator app is available on both the iOS App Store as well as the Google Play store. Google recommends it for all of your Google accounts. Feature-wise, it’s similar to Authy, with TOTP passcodes and an optional backup that uses either iCloud or Google Drive to store your tokens. It’s run by Twilio, a reputable company that clearly outlines its security practices and updates Authy frequently. It’s completely free and open source. Google is offering an authenticator app for Android and iOS. No two-factor authentication app makes getting the hang of using multi-factor authentication particularly easy, but Authy at least employs thoughtful app design to make the experience as painless as possible. 2FA Authenticator is a simple and free app for 2FA. Google Authenticator helped create the standard of two-factor authentication, but it has lagged behind other authenticators in basic ways. David Temoshok noted, “When you mix together different authentication factors, you get into problems. News, reviews, deals, apps and more. You also get support for productivity sites like GitHub. When you log in to an online account with two-factor authentication enabled, the site first asks for your username and password, and then, in a second step, it typically asks for a code. our explanation on two-factor authentication and why you should definitely use it, 10 best security apps for Android that aren’t antivirus apps, 5 best home security apps and IP camera apps for Android, 10 best privacy apps for Android to keep your anonymity intact. Enabling two-factor authentication does have some risks worth considering. To see what sites currently support two-factor authentication, visit the Two Factor Auth (2FA) list. In addition to your password, you’ll also need a code generated by the Google Authenticator app on your phone. The Microsoft Authenticator app, which uses the same standard to create authentication tokens, is available for Android devices from the Google Play Store and for iOS devices from the App Store. We especially like Authy’s large icons and grid-based design, which lets you quickly scan your tokens and find the one you’re looking for. Duo Mobile lacks Authy’s vibrant grid of website icons and its option to use a second device. With the two-factor authentication apps we’re talking about here, the login code is a “soft token,” a Time-Based One-Time Password (TOTP). Within a couple of days, the process of opening an app to grab a code becomes second nature. We also dismissed SAASPASS, SoundLogin, Authenticator Plus, FreeOTP, Sophos Authenticator, Hennge OTP Generator, and 2FAS for a lack of features or support. By signing up, you agree to our Terms of Use and acknowledge the data practices in our Privacy Policy. Note. This code may come in a text message, in an email, as a software token retrieved from a two-factor authentication app, or as a hardware token from a physical device (more on these below). The open-source app might not be the prettiest, but it … SHOP BY GENRE Some prominent examples of sites that do this include Twitter, Facebook, and even Google when you choose not to use its authenticator app. If you lose your phone, you lose access to your authentication app. For instance, my bank lets me email, text, or receive a phone call with a code to my banking app when I log in with a new device.