Passwords alone are no longer enough. Data breaches, phishing attacks, and credential-stuff bots have made two-factor authentication (2FA) a baseline requirement for anyone who worries about their online security. And yet, while most people know they should be using 2FA, far fewer realize that the choice of an authenticator app can make a huge difference.
I spent the past several days putting five of the most popular authenticator apps through their paces: Google Authenticator, Microsoft Authenticator, Authy, 2FAS, and Step Two. I tested each solution on my iPhone, although it’s important to know that all but Step Two are also available for Android. I tested the apps in terms of the setup process, account recovery options, cross-device functionality, and everyday usability. Here’s what I found.
What to look for in an authenticator app?
Beyond the basics: What separates good apps from great ones
Before diving into the apps themselves, it’s worth noting what separates a good authenticator app from a frustrating one. The central job of all of these solutions is to generate a time-based one-time password, or TOTP. You enter these alongside your regular password. All five of the apps mentioned here do this, and then they diverge.
The important factor, at least in my view, is account backup and recovery. Losing your phone without a backup plan can lock you out of dozens of accounts at once, a nightmare scenario that’s entirely avoidable if your 2FA app handles it well. Beyond this, cross-platform support, ease of setup, and extras like biometric locking and browser extensions also play a role in the day-to-day experience.
There Is Finally a Free Two-Factor Authenticator That Beats All Others
Proton Authenticator fixes everything Google Authenticator gets wrong.
Google Authenticator
The app most people already have, but should they keep it?
Google’s solution is probably the app that many people already have on their devices, although some have decided to ditch it. It’s the one most services use when you turn on 2FA, and there’s a good reason: it’s easy to use. For a long time, Google Authenticator was the go-to recommendation because of its well-known name in authentication. Many people continue to trust it, and it remains widely used; therefore, many services support it when you wish to add an extra layer of security.
In 2023, Google finally added cloud backup to its authentication product, which was way overdue and had been a major weak point. Now, you can set up Google Authentication in mere moments, sync it across all your devices, and experience a smooth, intuitive interface.
The biggest drawback? Google Authenticator is a one-trick pony. Beyond the core 2FA feature, the software does little else. There’s no desktop app, and you won’t find any sort of browser extension either, as support doesn’t extend beyond iOS and Android.
If you want nothing more than a reliable TOTP generator and use Google products heavily, this is a good choice for you. It gets the job done, but compared to other options, it seems a bit basic. Therefore, it’s really best for people who are already deeply invested in the world of Google.
Microsoft Authenticator
Passwordless sign-in and other standout features
Microsoft’s offering does more than Google’s and is especially useful if you are a Microsoft 365 or Azure user. One of its best features is that it sends you a notification when you try to sign in to your Microsoft account. All you have to do is tap “Approve” on your phone and continue with your day, which is quicker than entering a six-digit code. This is extremely useful if you use a lot of Microsoft tools for work, as it makes signing in faster and more convenient.
The Microsoft Authenticator app also lets you sign in to a Microsoft account without a password, and it can remember your passwords and fill them in automatically. Additionally, your Microsoft account provides cloud backup, and it is available for Apple Watch.
The cracks show when you start stepping outside the Microsoft universe, however. The account recovery process is somewhat convoluted, especially on a new device, and the interface feels more complex than it needs to be. Regardless, if you are a heavy user of Microsoft services, this is probably the best solution for you.
Authy
Security concerns and slowing development: Should you still use Authy?
Here’s a solution that was once the gold standard for multi-device 2FA, and Authy remains one of the most capable apps in the category. Its encrypted cloud backup, desktop app (for macOS, Windows, and Linux), and multi-device sync put it ahead of both Google and Microsoft Authenticator, if those features are what’s most important to you.
For better or worse, setting up Authy is a little bit different than many other 2FA solutions, as it requires a phone number instead of a traditional account. While this makes it easier to get started, some people who care about their privacy might not like this.
It’s also important to note that Authy is owned by Twilio, which has experienced some security issues over the years. In 2022, for example, there was a major breach that affected some of its users. Authy has also seen its development slow down in recent years, especially compared to other solutions.
Regardless, if you’re looking for a free 2FA solution that works across multiple devices and has a desktop app, Authy is worth considering.
2FA
The open-source authenticator app you’ve probably never heard of
2FAS is probably the most underappreciated app on this list, and it really deserves more recognition. The thing is, it’s completely open source, like some other options, requires no account whatsoever, and has a clean, modern interface that makes setting up and managing tokens genuinely pleasant. There’s also a browser extension for Chrome, Firefox, and other Chromium-based browsers that lets you approve logins with a tap on your phone, a smart, privacy-conscious alternative to desktop apps.
Some people might be worried about giving their two-factor authentication secrets to a company, but with this system, that’s not a problem. The app backs up your data to the cloud, either on iCloud or Google Drive, so it never actually goes through a 2FAS server. This is a big plus for users who are skeptical about handing over their sensitive information to any company. It’s an extra layer of protection and peace of mind, knowing that your data is safe and secure.
The main knock against 2FAS is name recognition: because it’s not backed by a major tech company, it has seen less mainstream adoption. That said, anyone can publicly audit the open-source codebase, which is arguably a stronger security guarantee than any corporate promise.
- OS
-
Android, iOS
- Price model
-
Free
Step Two
The best-looking authenticator app built exclusively for Apple users
Finally, let’s talk about Step Two: an app available only on Apple devices, such as your iPhone, iPad, Mac, and Apple Watch. I actually use this app all the time, which is why I wanted to mention it. It’s really useful and can easily work with services like Google, X, and Amazon. One of the best things about Step Two is that it uses iCloud to back up and sync your codes across all your devices, so you can easily get to them whenever you need to. Plus, it has a Safari extension that makes it super easy to sign in to your accounts securely.
The Step Two design is the best I’ve seen; it is simple and nice to look at. It shows each account as a card with the name, email, and code. When you get to the second part, it automatically picks a color for each account so you can tell them apart easily. You can also change the color if you want to.
One thing that really stands out is that it works with the Apple Watch, which is impressive. You can have up to 10 entries for free, and if you need more, you can buy them inside the app.
There are some downsides to consider, however. For one, it only works with Apple devices, so if you’ve got an Android or Windows device, you’re out of luck. Also, when it comes to syncing and backing up your stuff, you’re stuck using iCloud. Another thing that might be a bit of a pain is that there’s no way to organize your accounts into folders or groups, which can get pretty messy if you’ve got a lot of them. And if you’ve got a ton of accounts, the free version might not cut it.
With all that being said, however, if you’re already using a lot of Apple products, Step Two is probably the best app for getting special security codes. It looks great and works smoothly.
Is there only one choice?
Matching the right app to the right part of your digital life
Here’s the thing: every authentication solution is good and meets the basic needs. But when you need more features, that’s when it matters which one you choose. And there’s something else to consider: as a user, you might not have a choice and might have to use multiple solutions, depending on what you’re doing.
You might be using Microsoft 365 at your job, but at home, you’re really into Google’s stuff, or maybe you prefer something that’s open-source. In situations like that, it’s totally okay to have two or more of the solutions we discussed earlier as options.
The bottom line: Pick the app that fits your ecosystem(s)
When it comes to authenticator apps, there isn’t one that stands out as perfect for everyone. But the good news is that the right one for you is probably out there, waiting to be found. The thing is, the most important thing isn’t necessarily finding the “best” app — it’s just choosing one and enabling two-factor authentication wherever you can. By doing so, you’ll be taking a huge step towards making your accounts a lot more secure.