• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

All Things Secured

Online Security Made Simple

FREE ONLINE SECURITY CHECKLIST! DOWNLOAD NOW

  • Security Basics
    • Start Here (Security Guide)
    • What is a Digital Footprint?
    • What is a VPN?
    • What is 2-Factor Authentication?
    • What is SmartDNS?
    • Bad Security Habits
    • Http vs Https?
  • VPN Security
    • Best VPNs 2022
    • Best Free VPNs 2022
    • VPN Reviews
      • ExpressVPN Review
      • Surfshark Review
      • NordVPN Review
      • ProtonVPN Review
      • VyprVPN Review
      • Mozilla VPN Review
      • IPVanish Review
      • Avast VPN Review
      • Ivacy VPN Review
      • PureVPN Review
      • Atlas VPN Review
    • Frequent Asked Questions
      • Are VPNs Illegal?
      • Tor vs VPN?
      • What is a VPN Kill Switch?
      • What is Split Tunneling?
      • Zero Log VPN?
      • Free VPN vs Paid VPN?
      • Lightway vs WireGuard vs OpenVPN
      • Increase Internet Speed on VPN?
      • How to Watch Netflix in China?
    • 10 Important VPN Features
    • Common VPN Myths
    • Common VPN Scams
    • VPN Connection Protocols Guide
  • Password Security
    • Password Manager Setup Guide
    • Best Password Managers 2022
      • 1Password Review
      • Dashlane Review
      • NordPass Review
      • Best iOS Password Manager
    • Frequently Asked Questions
      • How Do Password Managers Work?
      • Are Password Managers Safe?
      • Are Chrome Passwords Secure?
    • Double Blind Password Strategy
    • Using Google Authenticator
  • Email Security
    • Secure Email Providers in 2022
    • Email Phishing Scams
    • Best Gmail Alternatives
    • Gmail vs ProtonMail
  • Resources
    • Help! I’ve Been Hacked!
    • Password Strength Checker
    • Security Checklist PDF
    • Digital Death Checklist
  • About
    • Contact
    • Advertise

Stop Using Google Authenticator App! (it’s not a secure 2FA in 2023)

January 25, 2023 By Josh

The basic foundation of all security online nowadays can be summed up in two features: a strong password and the use of two-factor authentication (2FA). For years, the standard for 2FA authentication was the Google Authenticator app, but it is now widely considered insecure. So which are the most secure 2FA apps in 2023?

Be sure to subscribe to the All Things Secured YouTube channel!

As I’ve already shared in my explanation of 2-factor authentication, the process can be accomplished in one of three popular ways:

  • SMS Text (least secure)
  • Authenticator app (most popular)
  • Physical 2FA key (most secure)

When possible, I recommend that you not use SMS text as a means of 2FA verification since it has been easily hacked using a scam known as the SIM swap.

And since a 2FA key requires you to purchase a physical key, that leaves the authenticator app as the best free option to use here. Here are the four apps that are worth downloading.

  • Why you should delete Google Authenticator
  • What to look for in a secure 2FA app
  • Best Authenticator Apps for 2023
    • Authy
    • 1Password
    • Microsoft Authenticator
  • Why Use a 2FA Security App?

Use the links above to jump down to a specific section or continue to scroll. Let’s dive in!

Note: Some of the links in this article may be affiliate links, which means that at no extra cost to you, I may be compensated if you choose to use one of the services listed. I only recommend what I personally have used, and I appreciate your support!

Why You Shouldn’t Use Google Authenticator

Just because Google pioneered the 2FA standard doesn’t mean they’ve maintained that standard.

Unfortunately, most of the time you won’t realize how this app is vulnerable until it’s too late. But consider these situations:

  • Easy Access: If somebody hacks your phone and tries to log into your bank account, what happens? They still have to log in with a password or biometric data. But what if somebody gets access to your phone and tries to log in to Google Authenticator? It’s not an issue at all. There’s no way to lock the app or hide it behind a password.
  • Easy to Lose: The Google Authenticator App doesn’t connect to your Google account and sync your codes. What this means is that unless you’ve been diligent about keeping backup codes, if your phone gets lost or stolen, and you no longer have access to Google Authenticator, you have just lost access to all of your most secure accounts. There is no way to get those codes back.
  • Very Annoying: If you’ve used the Google Authenticator app, you know just how annoying it is to fish your phone out of your pocket just to retrieve a code while on your laptop. And let’s not even talk about the steps required to get that same code while on the phone. There are better (and still secure) ways.

PLEASE READ THIS

The fact that you cannot lock the Google Authenticator app and you can’t backup your codes is reason enough to stop using the service TODAY.

You don’t even want to know how much of a nightmare it is when you lose access to your 2FA codes.

In some cases, companies won’t (or can’t) give you access back to your account without that code.

2FA Security Features You Need

So if 2FA codes are incredibly important to your online security but they also pose a risk of being completely locked out of your online accounts if they get lost…

…how do you strike the right balance of features?

Best 2FA Authenticator Apps in 2023

Best Authenticator App for 2FA in 2022

There are quite a few apps that offer what is known as time-based one time passcodes, or “TOTP” for short.

While it’s a fairly simple app, its function is incredibly important to your online security, so that means it’s equally important that you choose the right one. And thankfully, it’s not too difficult to transfer your Google Authenticator codes to a new app.

Here are the three best options to choose from, with screenshots and reasons why.

Authy (FREE) | Best Overall 2FA App

Authy app logo

Authy represents a new age for the 2FA authentication apps. When setting it up, the app will require that you provide them with a phone number that they use to authenticate any new device that you want to add.

This is to say Authy allows you to use multiple devices for two-factor authentication.

Even better, the app is available for multiple operating systems including iOS, macOS, Android, Windows, and Chrome OS.

Additionally, the app allows you to backup all your accounts to the cloud which makes it extremely easy to recover the accounts should you lose or reset your old device. And unlike the Microsoft Authenticator, Authy encrypts the accounts locally before backing them up.

Use Lifelock for ID theft protection

I don’t like that Authy uses your phone number to authenticate new devices because a hacker can perform a sim-swap and add their device. If they already have your password then they can easily decrypt your backed up accounts and proceed to hack into them.

The good news is that Authy has a feature that blocks the addition of new devices once you’ve already added all the devices that you’ll be using for 2FA.

The app works even when offline.

Microsoft Authenticator

Microsoft Authenticator app logo

Microsoft Authenticator is a popular solution for Microsoft services like Skype and OneDrive, but it’s also a great solution for other third-party websites.

It’s available for Android and iOS devices and it lets you add your accounts immediately after installation. No registration is required (although they do require a Microsoft account for some features to work).

Unlike Google Authenticator, Microsoft authenticator allows you to backup your accounts on the cloud so that you can access them using any device. You don’t have to worry about getting locked out of the accounts if the device you are using for authentication is stolen or breaks.

Save passwords using 1Password!
Go ahead. Forget your passwords. 1Password remembers them for you.

Another good thing about this authenticator app is that it allows you to use the pin, fingerprint, or face lock that you use to lock your screen to prevent unauthorized access to the app

1Password (Paid) | Best 2FA in a Password Manager

Use 1Password as a password manager and 2FA app

1Password is a popular password manager but, it can also double as a two-factor authentication app. If you are already a premium user, then setting up 2FA for various accounts is pretty easy.

Of course, the first step is to enable 2FA on the website you need to protect. The next step is to store the QR code or Pin generated by the website on 1Password. There is a step by step process of how to do that on their support page.

1Password does not come with an option to backup the account data and thus, if your phone gets lost or reset, you may end up locked out of the accounts.

This is why the 1Pasword team recommends that you also store the account data on another authenticator app like Authy to serve as your backup.

Yes, I know. You can just use Authy for authentication instead of using it as a backup. 1Password just gives you the convenience of having a password manager and a 2FA authenticator in one application.

If you are not already using 1Password it may not make sense to use the app for your authentication needs unless you are also in the market for a password manager.

Go ahead. Forget your passwords. 1Password remembers them for you.

Why 2FA Authentication is Important

If you are just using your username and password to log in to your account, that account is just a brute-force attack away from being compromised. The hackers only need to guess your password and they are in.

Enabling 2FA will add another layer of security to your account so that even if the hackers manage to crack your password, they still need to enter a six-digit code that was sent to your phone.

SMS messages are currently the most popular method to receive the authentication code but, they have become increasingly unsafe now that hackers can easily pull sim-swapping attacks. There is also the security and privacy concerns that come with handing over your phone number to organizations.

The best option is to use a physical 2FA key, but if you’d rather not buy a key, the authenticator app option works well.

Further Reading & Resources

  • How secure is Google Drive?
    How Secure is Google Drive in 2022? Answers & Tips for Online File Storage
  • 2FA Security Key tutorial
    2FA Security Key Setup Tutorial | How to Use Yubikey!
  • Google Authenticator Setup tutorial
    How to Set Up Google Authenticator on Your Phone | 2023 Guide
  • Google Authenticator migration tutorial
    How to Transfer Google Authenticator to New Phone (2023 Tutorial)

Download the Security Checklist!

A Free Resource from All Things Secured

    Reader Interactions

    Comments

    1. Avatar for JoshAiah-Z says

      March 1, 2021 at 3:04 pm

      Thanks for this article. I’ve been trying to use FIDO & FIdo2 more and more often, but a lot of the sites i use still don’t offer these services. So I’m using authy & Google Authenticator for most of my sites. Too many sites are so behind the times that they consider offering only google authenticator as a 2FA as “cutting-edge.” The latest security just isn’t in their immediate business interests.

      I wish I could use authy for all the sites that offer 2FA, but lots of sites require you to use google. I also agree with you that having to run downstairs to get my phone, unlock it with pin, fish out the right authenticator app, navigate to the right site for credentials, memorize the 6-digit code before it’s timed out, run back upstairs, and for google auth move the cursor inside their tiny box (why not automatic like authy??)–all this is a massive inconvenience. can’t wait til security keys’ use is nearly universal.

      • Avatar for JoshJosh Summers says

        March 2, 2021 at 8:43 am

        I’m curious – which sites require Google? As far as I know, anywhere that you can use Google Authenticator, you can also use Authy. They run on the same setup, so I’ve never heard of a site having the ability to mandate use of the Google app over another.

    Primary Sidebar

    Download the free online security checklist!
    Check your password with this password checker by All Things Secured

    Best Personal Privacy Tools

    Use DeleteMe to Remove Your data onlineDeleteMe (remove personal data online)
    Use Traveling Mailbox to keep your address privateTraveling Mailbox (private virtual address)
    Hushed private second phone numberHushed (private 2nd phone line)

    Recommended Password Managers

    1Password Logo Mark1Password (Best for Individuals)
    Dashlane Logo MarkDashlane (Best for Businesses)
    Bitwarden Logo MarkBitwarden (Best Free Option)

    Best Secure Email Providers

    ProtonMail Logo MarkProtonMail (Best Gmail Alternative)
    StartMail Logo MarkStartmail (unlimited email aliases)
    Mailfence Encrypted EmailMailfence (Best Limited Free Option)

    Recommended VPNs

    ProtonVPN Logo MarkProtonVPN (Best Overall)
    iVPN Logo MarkiVPN (Most Privacy)
    ExpressVPN Logo MarkExpressVPN (Best for Streaming)

    Best Identity Theft Protection

    Identity Guard Logo MarkIdentity Guard (Personally Recommended)

    © 2022 All Things Secured
 · Affiliate Disclaimer 
· Privacy Policy
 · Advertise
 · Contact