The Best Authenticator Apps for 2024

2FAS is a simple but fully functional app that does everything you want in an authenticator. It lets you add online accounts either manually or with a QR code. It can create cloud backups of your registered accounts either in iCloud for Apple devices or Google Drive for Androids, which is critical if you lose your phone or get a new one. The backup is encrypted and only accessible from the 2FAS app. 2FAS doesn't need your phone number or even require you to create an online account, so it's not susceptible to SIM-swapping fraud the way Authy is. You can set a PIN to access the app, and on the iPhone, you can use FaceID or TouchID. A home-screen widget keeps it ever at the ready.

Aegis Authenticator is a free and open-source option for Android users. It gets a higher rating on the Google Play store than any other authenticator app included here (4.8 compared with Google Authenticator's 3.6). And by the way, it's also available from the open-source F-Droid catalog of apps. The authentication tokens are encrypted at rest and accessing them requires a password or biometric unlocking—by comparison, Authy and Google Authenticator show the codes immediately when you run their apps. Aegis also provides automatic backups to an online storage provider of your choice, as long as said provider supports the Storage Access Framework of Android (most major cloud storage services do). Aegis lets you import your accounts from an existing authenticator, and the app offers good organization tools, such as custom icons for accounts, custom login groups, and search.

Duo Mobile is geared toward corporate apps, especially now that it’s part of Cisco’s portfolio, but individuals can use it, too—it was the first authenticator I ever used. Duo Mobile offers enterprise features, such as multiuser deployment options and provisioning, one-tap push authentication, and one-time passcodes. It's a simple authenticator app, and if you use it, you'll appreciate the ability to back up your logins using Google Drive for Android and iCloud KeyChain on iPhone.

Since our last update of this roundup, Google has beefed up its Authenticator app's functionality, adding an all-important backup capability. To enable this backup, you sign in with a Google account, though you're not required to sign in to an account, which is good. The double-edged sword is that, while signing in backs up your logins, if that account gets hacked, so, potentially, do all of your accounts protected by Google Authenticator.

When you use Google Authenticator to log in to your Google account, you enter the six-digit code shown in the authenticator app, just as you would to log in to any other service. The app also lets you import logins from an old phone to a new one if you have the former on hand. As with Microsoft Authenticator, there's no Apple Watch app or even an Android Wear app for Google Authenticator.

Along with standard TOTP multi-factor support, Microsoft Authenticator includes optional secure password generation and lets you log in to Microsoft accounts with a button press or by tapping a two-digit number in a push notification. The app also enables schools and workplaces to register users’ devices. If you use this app, you can turn on account recovery. That way, when you get a new phone, you will see an option to recover by signing into your Microsoft account and providing more verifications.

For added security, you can require that you unlock your phone with a PIN or biometric verification to see the codes. Password management options are in a separate tab at the bottom. If you sign in to the same account you do in the Edge browser, you see the logins you’ve saved and synced there. One problem (and it’s an Apple lock-in issue) is that if you’ve backed up to iCloud, you can’t transfer your saved MFA accounts to an Android device, though that's the case for most authenticators that offer cloud backup. Microsoft no longer has Apple Watch or Android Wear apps for Authenticator since the devices don't support new security requirements for its number-matching push notifications.

One of Twilio Authy’s big advantages is encrypted cloud backup. However, it’s somewhat concerning that you can add the account to a new phone using “a PIN code sent via a call or an SMS,” according to Authy’s support pages. There’s also an option to enter a private password or passphrase that Authy uses to encrypt login info for your accounts to the cloud. The password is only known to you, so if you forget it, Authy won’t be able to recover the account. It also means that authorities cannot force Authy to unlock your accounts.

Unlike the other apps listed here, Authy requires your phone number when you first set it up. We're not fans of this step since we’d rather the app consider our phones anonymous pieces of hardware; some have suggested that requiring a phone number opens the app up to SIM-card-swap fraud. Authy’s Help Center offers a strategy to mitigate the vulnerability, but we'd prefer it worked more like other authenticator apps. At least there's an Apple Watch app for those who want it.