Selecting an Authenticator App
Authenticator apps are applications that are commonly used for multi-factor authentication (MFA) and multi-step authentication to provide an additional level of security for your online sites. For example, you can install an authenticator app on your mobile device for enhanced security. When you log in to your online account and enter your username and password, you will be prompted for the security code from your authenticator app on your mobile device. Entering the security code displayed on the authenticator app will give you access to your online account (Gmail, Office 365, Dropbox, Facebook, etc.). Even if someone steals or guesses your password, without the code displayed on your authenticator app that person will not be able to login to your account. The code on the authenticator app is synchronized with a server and changes every 30 seconds. This means that if a person looks over your shoulder and reads the security code, he/she must enter it within 30 seconds or else the code will be useless. This type of secure authentication makes it highly unlikely for a hacker to get into your account without your permission.
NOTE: Although the method used by most authenticator apps is a two-factor authentication (2FA), it’s commonly referred to as MFA because MFA involves two or more factors.
Authenticator apps are available for Android, iOS, and Windows Phone for your mobile devices. One nice thing about these authenticator apps is that they tend to be pretty lightweight and typically take only 2-3 MB on the mobile device. If an authenticator app has lots of additional features then it may require 5-6 MB of storage. The second nice thing is that even if you don’t have an Internet connection or mobile service, you can still use the authenticator app. This can come handy in certain situations.
Which Authenticator App Should You Use?
There are several FREE authenticator apps available today. I have selected four of the top authenticators that are reputable and worth using. These are all popular authenticators that work with different types of applications and services and are considered universal in that sense. My review of the authenticators is not scientific by any means. I have selected the four I would recommend and then shared my thoughts about each of them. You may have different needs and therefore give them a different rating, which is okay. My goal is to offer some guidance. Something you can think about before you select one. They do have pros and cons, but frankly you can’t go wrong with anyone of these authenticators.
Google authenticator is perhaps the most well-known free authenticator app. It’s like an old model of Volkswagen Beetle. It will get you from point A to point B, but if you are looking for new features of a modern authenticator, this should not be on your radar. It’s simple, perhaps too simple, because it lacks features and additional functionality that’s available in other authenticators. However, it is used by millions of users because it’s an old timer.
Microsoft authenticator is also a popular free app and includes several useful features. It’s available for Android, iOS, and Windows Phone. It is the most pleasing to use because of its nice user interface and clean look. It supports one-tap approval push-notifications for Microsoft Accounts. For iOS, it allows backing up your account credentials and all the related app settings to the cloud.
LastPass offers a free authenticator app that supports one-tap approval push-notifications for commonly-accessed sites (Amazon, Evernote, Google, Dropbox, and Facebook), but not for every site. Because LastPass is compatible with Android Wear, you can get a push notification on your smartwatch. LastPass authenticator will work with any app or service that supports Google authenticator or Time-based One-Time Password (TOTP)-based two-factor authentication. It has some of the most useful features, such as the ability to backup securely to LastPass and security features, such as use of fingerprint and PIN code, both of which add an extra layer of security to the app. I am not a big fan of fingerprint authentication on mobile devices, but the use of PIN code can be useful. LastPass also allows you to mark a device as “trusted” so that you don’t have to keep entering the security code on that device for a certain period of time.
Authy 2-Factor Authentication is a free authenticator which gives you the ability to securely back up the tokens in the cloud on its servers, similar to LastPass. This feature is appealing because if you have a lot of accounts added to an authenticator and you replace your smartphone, you have to manually scan the QR code and add the accounts. However, the method Authy uses for backups needs improvement because the backup is encrypted with the password you use on your smartphone. I won’t go into the details in this article, but I see many problems with this kind of setup. This feature should only be used by experience professionals who know how to work around the limitations to prevent themselves from getting locked out. Authy also offers additional features, such as multi-device synchronization, can support 8-digit tokens, and protect your bitcoins. Not everyone needs the last two features, but they are nice to have for those who can take advantage of them. One really nice thing about Authy is that it has a desktop version.
If you search for “authenticator” in the app store, you are likely to see Google, Microsoft, LastPass, and Authy authenticator apps at the top of the search results. When I did a search for the word “authenticator”, these four were among the top six apps. The end result is the same with these apps. They all provide a second factor for authentication and secure your online accounts and services. So far I haven’t run into a situation where I wasn’t able to use an authenticator for some technical reason.
When selecting an authenticator app, a lot depends on what you are looking for in an app. If you are new to authenticators and want something very simple, I would recommend either Google or Microsoft authenticator. If you want simple, yet somewhat advance, I would suggest Microsoft authenticator. If you are looking for something advanced with extra layers of security, I would suggest LastPass. Authy is a nice authenticator, but some of its features need to be improved.
Rating the Apps
Here’s my rating of best authenticator apps based on a combination of security features, ease of use, customization, user interface, and functionality.
- LastPass Authenticator
- Microsoft Authenticator
- Authy 2-Factor Authentication
- Google Authenticator
Comparing Google Authenticator to Microsoft Authenticator
Because Google and Microsoft authenticators are the two most popular authenticators and most people who don’t know much about authenticators are unfamiliar with LastPass or Authy, let me compare the two major brands. As you already know by now, I prefer Microsoft authenticator over Google authenticator because of its convenience, ease of use, and the ability to customize the app. Microsoft authenticator can be used in one of two ways.
- Notification. The app will push a notification to your smartphone or tablet. You simply choose Verify on the mobile device to accept it or simply deny to refuse access.
- Verification code. The app can also generate an OAuth verification code. Once you’ve entered the username and password on the Web site or app, it will wait for you to enter the software token, which is a 6-digit code displayed on the screen in the Microsoft authenticator app. Once you enter the code you are granted access.
At the time I wrote this article, the following were the major differences between them.
- Instead of the blue round shrinking circle that Google uses as a countdown timer, Microsoft uses a 30 second counter so I know exactly how many seconds I have before the 6-digit software token will reset. The first image below is from Google Authenticator and the second one from Microsoft Authenticator. Just this one feature is enough reason for me to select Microsoft authenticator over Google.
- Microsoft supports one-tap push notifications for Microsoft Accounts, Google doesn’t.
- Microsoft lets you hide or copy the security code which can come handy, Google doesn’t.
- Microsoft lets you edit the account name, Google doesn’t.
- Microsoft color codes the icons for each entry to make them more recognizable, Google doesn’t.
- Microsoft offers several useful “customization” options under Settings, which you can access by clicking the set of three horizontal dots in the upper right-hand corner. This is called ellipsis (plural is ellipses). Google offers no customization at all and offers one option under Settings for Time correction for codes.
- Microsoft has a refresh button at the top of the screen next to the ellipsis, Google doesn’t. Tapping this button checks for any new push notifications on Microsoft authenticator.
- Microsoft uses a bright blue icon which is easy to recognize among dozens of other small app icons on a smartphone screen, while Google uses a dull gray icon instead of using the Google’s recognizable colors from its logo.
- One noticeable thing that Google authenticator does that Microsoft authenticator doesn’t is time correction for the security codes. I haven’t had the need for this yet, but there are certain scenarios which call for using this feature. On Microsoft app, my understanding is that if the time on the mobile device is in sync with the Internet, the app will work fine. Apparently, that’s why Microsoft doesn’t have this setting anymore. It used to have Automatic time correction option in its authenticator in the past.
- Google also has the option to switch the screen colors between light mode (white background, blue code) and dark mode (dark gray background, white code). The default is light mode. Microsoft authenticator has just one mode, which is similar to the Google light mode (white background, blue code).
- One other thing that Google offers is the ability to change the email for the accounts that have added. Microsoft Authenticator doesn’t give you the option to change the email. It only allows you to change the name of the account that is displayed on the screen. This feature is not used frequently, but if you ever have a need to change the email for your account it will come handy. I had to use this feature only once and it helped because I didn’t have to remove the account add it back again by scanning the barcode.
If you are still not sure which app you are going to like, simply install the ones you may like and compare them side by side. They are all free and don’t take much space on your mobile device. You can even add the exact same online sites or services (Amazon, Gmail, Microsoft Office 365, etc.) on all the authenticator apps. For example, if you have Google and Microsoft authenticator installed and one of them is not working, you can simply use the other app to authenticate your account. I have been using both Google and Microsoft authenticator for a long time and have never experienced any issues with either one of them. If you have both of them installed, they will display the exact same code so you can use one or the other app. However, if you find this confusing then just use one authenticator.
Helpful Links
- Difference Between Multi-Factor Authentication and Multi-Step Authentication
- Best Practices for Configuring Multi-factor Authentication in Office 365
- Microsoft Authenticator to Allow Phone Sign In Without a Password
- Get started with the Microsoft Authenticator app
- Backup and recover account credentials with the Microsoft Authenticator app on iOS
Thanks for reading my article. If you are interested in IT training & consulting services, please reach out to me. Visit ZubairAlexander.com for information on my professional background. |
Copyright © 2018 SeattlePro Enterprises, LLC. All rights reserved.