The basic foundation of all security online nowadays can be summed up in two features: a strong password and the use of two-factor authentication (2FA). For years, the standard for 2FA authentication was the Google Authenticator app, but it is now widely considered insecure. So which are the most secure 2FA apps in 2021?
Be sure to subscribe to the All Things Secured YouTube channel!
As I’ve already shared in my explanation of 2-factor authentication, the process can be accomplished in one of three popular ways:
- SMS Text (least secure)
- Authenticator app (most popular)
- Physical 2FA key (most secure)
When possible, I recommend that you not use SMS text as a means of 2FA verification since it has been easily hacked using a scam known as the SIM swap.
And since a 2FA key requires you to purchase a physical key, that leaves the authenticator app as the best free option to use here. Here are the four apps that are worth downloading.
Use the links above to jump down to a specific section or continue to scroll. Let’s dive in!
Note: Some of the links in this article may be affiliate links, which means that at no extra cost to you, I may be compensated if you choose to use one of the services listed. I only recommend what I personally have used, and I appreciate your support!
Why You Shouldn’t Use Google Authenticator
Just because Google pioneered the 2FA standard doesn’t mean they’ve maintained that standard.
Unfortunately, most of the time you won’t realize how this app is vulnerable until it’s too late. But consider these situations:
- Easy Access: If somebody hacks your phone and tries to log into your bank account, what happens? They still have to log in with a password or biometric data. But what if somebody gets access to your phone and tries to log in to Google Authenticator? It’s not an issue at all. There’s no way to lock the app or hide it behind a password.
- Easy to Lose: The Google Authenticator App doesn’t connect to your Google account and sync your codes. What this means is that unless you’ve been diligent about keeping backup codes, if your phone gets lost or stolen, and you no longer have access to Google Authenticator, you have just lost access to all of your most secure accounts. There is no way to get those codes back.
- Very Annoying: If you’ve used the Google Authenticator app, you know just how annoying it is to fish your phone out of your pocket just to retrieve a code while on your laptop. And let’s not even talk about the steps required to get that same code while on the phone. There are better (and still secure) ways.
PLEASE READ THIS
The fact that you cannot lock the Google Authenticator app and you can’t backup your codes is reason enough to stop using the service TODAY.
You don’t even want to know how much of a nightmare it is when you lose access to your 2FA codes.
In some cases, companies won’t (or can’t) give you access back to your account without that code.
2FA Security Features You Need
So if 2FA codes are incredibly important to your online security but they also pose a risk of being completely locked out of your online accounts if they get lost…
…how do you strike the right balance of features?
Best 2FA Authenticator Apps in 2021
There are quite a few apps that offer what is known as time-based one time passcodes, or “TOTP” for short.
While it’s a fairly simple app, its function is incredibly important to your online security, so that means it’s equally important that you choose the right one.
Here are the three best options to choose from, with screenshots and reasons why.
Authy (FREE) | Best Overall 2FA App
Authy represents a new age for the 2FA authentication apps. When setting it up, the app will require that you provide them with a phone number that they use to authenticate any new device that you want to add.
This is to say Authy allows you to use multiple devices for two-factor authentication.
Even better, the app is available for multiple operating systems including iOS, macOS, Android, Windows, and Chrome OS.
Additionally, the app allows you to backup all your accounts to the cloud which makes it extremely easy to recover the accounts should you lose or reset your old device. And unlike the Microsoft Authenticator, Authy encrypts the accounts locally before backing them up.
I don’t like that Authy uses your phone number to authenticate new devices because a hacker can perform a sim-swap and add their device. If they already have your password then they can easily decrypt your backed up accounts and proceed to hack into them.
The good news is that Authy has a feature that blocks the addition of new devices once you’ve already added all the devices that you’ll be using for 2FA.
The app works even when offline.
Microsoft Authenticator
Microsoft Authenticator is a popular solution for Microsoft services like Skype and OneDrive, but it’s also a great solution for other third-party websites.
It’s available for Android and iOS devices and it lets you add your accounts immediately after installation. No registration is required (although they do require a Microsoft account for some features to work).
Unlike Google Authenticator, Microsoft authenticator allows you to backup your accounts on the cloud so that you can access them using any device. You don’t have to worry about getting locked out of the accounts if the device you are using for authentication is stolen or breaks.
Another good thing about this authenticator app is that it allows you to use the pin, fingerprint, or face lock that you use to lock your screen to prevent unauthorized access to the app
1Password (Paid) | Best 2FA in a Password Manager
1Password is a popular password manager but, it can also double as a two-factor authentication app. If you are already a premium user, then setting up 2FA for various accounts is pretty easy.
Of course, the first step is to enable 2FA on the website you need to protect. The next step is to store the QR code or Pin generated by the website on 1Password. There is a step by step process of how to do that on their support page.
1Password does not come with an option to backup the account data and thus, if your phone gets lost or reset, you may end up locked out of the accounts.
This is why the 1Pasword team recommends that you also store the account data on another authenticator app like Authy to serve as your backup.
Yes, I know. You can just use Authy for authentication instead of using it as a backup. 1Password just gives you the convenience of having a password manager and a 2FA authenticator in one application.
If you are not already using 1Password it may not make sense to use the app for your authentication needs unless you are also in the market for a password manager.
Why 2FA Authentication is Important
If you are just using your username and password to log in to your account, that account is just a brute-force attack away from being compromised. The hackers only need to guess your password and they are in.
Enabling 2FA will add another layer of security to your account so that even if the hackers manage to crack your password, they still need to enter a six-digit code that was sent to your phone.
SMS messages are currently the most popular method to receive the authentication code but, they have become increasingly unsafe now that hackers can easily pull sim-swapping attacks. There is also the security and privacy concerns that come with handing over your phone number to organizations.
The best option is to use a physical 2FA key, but if you’d rather not buy a key, the authenticator app option works well.
Thanks for this article. I’ve been trying to use FIDO & FIdo2 more and more often, but a lot of the sites i use still don’t offer these services. So I’m using authy & Google Authenticator for most of my sites. Too many sites are so behind the times that they consider offering only google authenticator as a 2FA as “cutting-edge.” The latest security just isn’t in their immediate business interests.
I wish I could use authy for all the sites that offer 2FA, but lots of sites require you to use google. I also agree with you that having to run downstairs to get my phone, unlock it with pin, fish out the right authenticator app, navigate to the right site for credentials, memorize the 6-digit code before it’s timed out, run back upstairs, and for google auth move the cursor inside their tiny box (why not automatic like authy??)–all this is a massive inconvenience. can’t wait til security keys’ use is nearly universal.
I’m curious – which sites require Google? As far as I know, anywhere that you can use Google Authenticator, you can also use Authy. They run on the same setup, so I’ve never heard of a site having the ability to mandate use of the Google app over another.