Skip to main content
  1. Home
  2. Mobile
  3. Features

Digital Trends may earn a commission when you buy through links on our site. Why trust us?

SMS 2FA is insecure and bad — use these 5 great authenticator apps instead

Christine Romero-Chan
By

You probably have what seems like a million accounts across the internet these days, right? At least, that’s what it feels like for me — with all these social media, email, and banking accounts, plus digital storefronts, and more. Regardless of where I access these from, whether it’s my iPhone 14 Pro or my Samsung Galaxy S23 Plus, or even my Mac, the first step is to make sure that I have a strong and secure (preferably randomly generated) password. But for extra peace of mind, everyone needs to look into two-factor authentication (2FA) to really keep people out.

Recently, Twitter has made the news yet again because it’s forcing everyone who uses SMS 2FA to either remove it from their account or subscribe to Twitter Blue to keep it. SMS 2FA is when you get a code sent as an SMS to your phone, and while it’s convenient, this is the least secure 2FA method available. SMS 2FA is susceptible to numerous vulnerabilities, including SIM swapping (where someone takes over a mobile phone number by convincing a carrier to link that number with the SIM card), SIM duplication attacks, and more.

Related Videos
Twilio Authy 2FA app running on an iPhone.
Joe Maring/Digital Trends

However, this doesn’t mean that you can’t use 2FA on Twitter, or other sites that provide 2FA. Twitter is only putting SMS 2FA behind a paywall, but you can continue to use an authenticator app or even a hardware security key for free. This also applies to any other sites that have 2FA, such as Facebook, PayPal, Google, and more.

Related

If you aren’t using 2FA on your most important accounts, then you really should. Here are the best 2FA apps for both iPhone and Android phones.

Twilio Authy

Twilio Authy iOS app screenshots
Christine Romero-Chan / Digital Trends

Twilio’s Authy app is the one I’ve personally been using for several years now, and it is available on both iOS and Android devices. On the surface, Authy looks pretty bare-bones, but it offers a ton of functionality for a 2FA app.

Setting up Authy to use for 2FA with your accounts is easy, as all you need to do is just scan a QR code when setting up 2FA on your favorite website/app. Authy works with thousands of providers, including major players like Facebook, Dropbox, Amazon, Gmail, Outlook, and more. Authy also provides secure cloud backup with a free Authy account, so all of your data is encrypted and safe across all of your devices. And with multidevice synchronization, you don’t need to re-add your 2FA tokens — everything transfers over with your Authy account.

Best of all, Authy works offline, so you don’t even need a data connection to generate a token, unlike SMS. Twilio Authy also supports 8-digit tokens.

Download Twilio Authy for iPhone

Download Twilio Authy for Android

Google Authenticator

Google Authenticator iOS screenshots
Google

At this point, it’s hard to find someone who doesn’t have a Google account. Thankfully, Google has its own authenticator app in the form of Google Authenticator. It’s a simple app that will add 2FA to your Google account, and it supports multiple accounts, as well on iOS and Android.

The only complaint that people seem to have with Google Authenticator is the fact that it does not have a backup option, which is not as convenient. However, from a security perspective, this would be a good thing, as all of the data and codes would be stored locally on your device. Google did add the ability to transfer accounts to a different device in an update, though, so it should not be too difficult to do so if you end up getting a new iPhone or Android phone.

Download Google Authenticator for iPhone

Download Google Authenticator for Android

Microsoft Authenticator

Microsoft Authenticator iOS app screenshots
Christine Romero-Chan / Digital Trends

If your school or work uses Microsoft accounts, then you may want to consider Microsoft Authenticator for iPhone and Android. It also works for non-Microsoft accounts — like Google, Facebook, GitHub, Slack, and more — for 2FA. For Microsoft accounts, the app will let you sign in to your account without requiring a password, as you’ll use the Microsoft Authenticator app with a fingerprint, face recognition, or PIN for security instead.

The Microsoft Authenticator can also do more than just provide those one-time passcodes. You can use it for auto-filling passwords within the in-app browser, and it even saves passwords from your Microsoft Edge browser. Don’t use Edge? No problem! You can also import passwords from Google Chrome and other password managers.

Download Microsoft Authenticator for iPhone

Download Microsoft Authenticator for Android

1Password

1Password 8 iOS app screenshots
1Password

Many of us may know 1Password as one of the best password managers around — I know I do. In fact, I have been using 1Password for about a decade now, and it continues to evolve and get better. I use it for keeping all of my passwords safe and secure, as well as creating new, randomly generated secure passwords for new accounts with. But a well-kept secret is that 1Password can also be used for 2FA.

In fact, 1Password will let you know of all sites that currently support 2FA, which is convenient. If you choose to use 1Password, adding 2FA to an account involves the typical process of scanning the QR code or copying a string of characters if you’re unable to scan. Once it is added, the one-time password/passcode will show up on your credentials in the 1Password app, making it a one-stop shop of sorts.

You’ll need a 1Password subscription to access the 1Password Authenticator feature, which is $3 a month billed annually, or $5 a month for families (up to five people). Personally, 1Password is one of my must-have apps for iOS and Android, and I think it’s well worth the price just for the password management features alone.

Download 1Password for iPhone

Download 1Password for Android

Duo Mobile

Duo Mobile iOS screenshots
Cisco

Duo Mobile is developed by Cisco Systems, which is already a major player in cybersecurity. In order to use Duo Mobile, you will need a Duo Mobile account, which is about $3 per month for an individual user. Duo Mobile may be used by some employers to provide an extra layer of security for employees and their accounts.

With Duo Mobile, you can add third-party accounts at any time once you have your Duo Mobile account set up. You’ll get one-time passcodes and push notifications for one-tap authentication on your supported accounts. Duo Mobile also has backups to iCloud or Google Drive, so it’s easy to restore your credentials if something happens.

Download Duo Mobile for iPhone

Download Duo Mobile for Android

Editors' Recommendations

Topics
Download these 5 apps to fight off flying monkeys, take 360-degree photos, and more

It has been a busy week, and you may be reading this on your shiny new iPhone 7 or 7 Plus. If you're not drowning your spacious internal storage with iMessage apps and stickers, here are a few apps we've hunted down from the past week that are worth a download.

Oz: Broken Kingdom
Oz: Broken Kingdom™ Official Launch Trailer
Oz: Broken Kingdom is a role-playing game that has you teaming up with the familiar Tin Man, Lion, Scarecrow, and a new character called Ophelia Shen to restore the kingdom of Oz to its former glory. The combat is turn-based and features excellent graphics. You can choose to "save the realm," or you could jump in the "Arenas of Oz" to fight other players to climb up the leaderboards.

Read more
Apple iOS 10 beta 2 might lock you out of your Apple ID
Apple iOS 10 Beta 1

Being an early adopter always comes with some risks, and in the case of the iOS 10 beta 2 update, those risks include being locked out of your Apple account. A number (albeit small) of beta testers who enabled two-factor authentication on their Apple IDs reported being signed out of their devices, and were then prevented from resetting their passwords. “All of my signed-in Apple devices requested that I enter the password in Settings,” one Reddit user wrote of the apparent bug. “I was told upon entering my password that my account had been locked out due to security reasons.”

When users tried to reset their account passwords, they were confronted by Apple's iForgot page and a message that read, “Your request could not be completed at this time.”

Read more
Download these great apps: Gboard, Opera VPN, Dark Sky, and more
best new apps 08 14 2016

It's Sunday and you know what that means -- we've got a host of new apps for you to download. This week, we were treated to a new keyboard from Google for iOS, a VPN from Opera, and more. Check this week's top five apps below.

Gboard

Read more