Best Authentication Apps for IPhone and Android
Two-factor authentication (2FA) is essential to secure your accounts these days. The password is no longer enough. Leaked passwords and weak and reused passwords make it all too easy for hackers to learn your secrets and break into your accounts. Two-factor authentication fills in security gaps, but not all two-factor authentications are the same. For most people, authentication apps offer the best combination of convenience and security. But which one is best for you?
While any two-factor authentication is better than no two-factor authentication, using an authentication app is more secure than SMS-based authentication . The premise is the same for everyone: when you try to log into your account, you will be prompted to enter a code to verify your identity. SMS-based authentication sends the code as a text message, while the authentication app will lock the code inside, changing it every 30 seconds. Attackers can steal your phone number by swapping your SIM card or forwarding text messages, which can lead to your codes being stolen before they get to you. However, in a special application, the codes remain at your disposal.
Should You Use the 2FA Features of a Password Manager?
Some password managers have built-in authenticators. If the password manager you use has it (and you should use a password manager), you can always use it. However, some block 2FA behind paywalls, so if you’re using the free version of the service, you won’t be able to store your codes here. In addition, a separation of church and state, so to speak, can be helpful. Keeping your passwords separate from your authentication codes means you’re protected if one of the vaults gets leaked.
There is one caveat in my opinion, which is why I recommend it to many people:
Built-in Apple Authenticator
If you have an iPhone, iPad, or Mac (or all three), the easiest way to access authenticators is to use Apple’s built-in tool. With iOS 15 and macOS Monterey, Apple added 2FA to iCloud Keychain, the company’s password manager.
Many of us rooted in the Apple ecosystem already store our passwords in iCloud Keychain, so setting up 2FA verification codes directly in this tool is a handy option to increase the security of our accounts. The codes are encrypted with your iCloud password, and the service supports autofill on Apple devices. This means you can automatically enter your password and then automatically enter your 2FA code when prompted, speeding up login.
Again, the most secure solution is to use a separate app, but because iCloud Keychain is protected by both your iCloud password and your own 2FA, and offers a free and convenient way to set up 2FA for your various accounts, I think it’s a great option for users Apple.
Aegis (Android only)
For Android users looking for the best authenticator app on their platform, Aegis might just take the cake. It’s free, open source, and not tied to a proprietary system like Google. This means that you are free to take your tokens and import them to another device.
Best of all, when you set a password for your Aegis, all your codes are encrypted. It doesn’t matter who has access to your phone or app, as long as they don’t know the Aegis password, they can never access your codes. While it doesn’t support native device sharing, you can back up your codes and transfer them at your leisure.
Aegis has built its brand on simplicity. It’s not flashy and it’s not fully functional. It stores your tokens, encrypts them and allows you to transfer them to another device if necessary. It’s everything you need from an authenticator app, which is why Android users love Aegis.
Raivo OTP (Apple only)
Just like Aegis is the king of authenticators on Android, Raivo OTP could be the GOAT for Apple users. For everyone in the ecosystem who wants to opt out of iCloud Keychain, the open source Raivo platform offers strong authentication to secure your accounts.
Like Aegis, Raivo encrypts all codes stored in the app, protecting your accounts from prying eyes. You can either store and encrypt them directly through Raivo, in which case they will be locked with your chosen Raivo password, or choose to sync via iCloud, in which case the codes will be encrypted with your iCloud password.
Raivo syncs your codes across all your Apple devices. If you initially set up an account in the Raivo iOS app but are trying to sign in on your Mac, you can use the macOS app to do so. You can also create encrypted ZIP archives of your codes for easy local backup.
It even comes with fun features like dark mode and custom icons for each account. After all, authentication shouldn’t be that hard.
Google Authenticator
Google Authenticator , like most Google products, is the default authentication option on Android. However, it also has an iOS app, so no matter what platform you’re on, you can use Google Authenticator.
The app does not offer cloud backup, which poses a serious risk to data if something happens to the device you keep it on. This is a common problem when changing smartphones ( don’t throw away your old phone until you transfer your codes). However, it’s good from a security point of view. Keeping your codes on one device and only one device means zero risk of someone hacking into your cloud account and stealing them. As long as your smartphone is locked, your codes are safe.
Microsoft Authenticator
Microsoft Authenticator is a handy option for Microsoft users (obviously) as well as anyone with multiple account types. You can store your personal codes in the app, along with your work or school account codes, with proper security for each. This makes it a popular option for organizations when setting up 2FA among their members.
It supports autofill so you don’t have to dive into the app itself every time you try to log in. Microsoft also offers account recovery by backing up the application to the cloud. Again, this isn’t the most secure way to store your 2FA codes, but it does ensure that you have a path to recover your accounts if you lose access to your current device.
Twilio Auti
Authy is one of OG’s authentication apps that is marketed as a more user-friendly version of Google Authenticator with support for cloud backups of your codes. It also supports multi-device sync so you don’t have to refer to one device when trying to sign in to another.