You probably have what seems like a million accounts across the internet these days, right? At least, that’s what it feels like for me — with all these social media, email, and banking accounts, plus digital storefronts, and more. Regardless of where I access these from, whether it’s my iPhone 14 Pro or my Samsung Galaxy S23 Plus, or even my Mac, the first step is to make sure that I have a strong and secure (preferably randomly generated) password. But for extra peace of mind, everyone needs to look into two-factor authentication (2FA) to really keep people out.
Recently, Twitter has made the news yet again because it’s forcing everyone who uses SMS 2FA to either remove it from their account or subscribe to Twitter Blue to keep it. SMS 2FA is when you get a code sent as an SMS to your phone, and while it’s convenient, this is the least secure 2FA method available. SMS 2FA is susceptible to numerous vulnerabilities, including SIM swapping (where someone takes over a mobile phone number by convincing a carrier to link that number with the SIM card), SIM duplication attacks, and more.
However, this doesn’t mean that you can’t use 2FA on Twitter, or other sites that provide 2FA. Twitter is only putting SMS 2FA behind a paywall, but you can continue to use an authenticator app or even a hardware security key for free. This also applies to any other sites that have 2FA, such as Facebook, PayPal, Google, and more.
Twilio’s Authy app is the one I’ve personally been using for several years now, and it is available on both iOS and Android devices. On the surface, Authy looks pretty bare-bones, but it offers a ton of functionality for a 2FA app.
Setting up Authy to use for 2FA with your accounts is easy, as all you need to do is just scan a QR code when setting up 2FA on your favorite website/app. Authy works with thousands of providers, including major players like Facebook, Dropbox, Amazon, Gmail, Outlook, and more. Authy also provides secure cloud backup with a free Authy account, so all of your data is encrypted and safe across all of your devices. And with multidevice synchronization, you don’t need to re-add your 2FA tokens — everything transfers over with your Authy account.
Best of all, Authy works offline, so you don’t even need a data connection to generate a token, unlike SMS. Twilio Authy also supports 8-digit tokens.
At this point, it’s hard to find someone who doesn’t have a Google account. Thankfully, Google has its own authenticator app in the form of Google Authenticator. It’s a simple app that will add 2FA to your Google account, and it supports multiple accounts, as well on iOS and Android.
The only complaint that people seem to have with Google Authenticator is the fact that it does not have a backup option, which is not as convenient. However, from a security perspective, this would be a good thing, as all of the data and codes would be stored locally on your device. Google did add the ability to transfer accounts to a different device in an update, though, so it should not be too difficult to do so if you end up getting a new iPhone or Android phone.
If your school or work uses Microsoft accounts, then you may want to consider Microsoft Authenticator for iPhone and Android. It also works for non-Microsoft accounts — like Google, Facebook, GitHub, Slack, and more — for 2FA. For Microsoft accounts, the app will let you sign in to your account without requiring a password, as you’ll use the Microsoft Authenticator app with a fingerprint, face recognition, or PIN for security instead.
The Microsoft Authenticator can also do more than just provide those one-time passcodes. You can use it for auto-filling passwords within the in-app browser, and it even saves passwords from your Microsoft Edge browser. Don’t use Edge? No problem! You can also import passwords from Google Chrome and other password managers.
Many of us may know 1Password as one of the best password managers around — I know I do. In fact, I have been using 1Password for about a decade now, and it continues to evolve and get better. I use it for keeping all of my passwords safe and secure, as well as creating new, randomly generated secure passwords for new accounts with. But a well-kept secret is that 1Password can also be used for 2FA.
In fact, 1Password will let you know of all sites that currently support 2FA, which is convenient. If you choose to use 1Password, adding 2FA to an account involves the typical process of scanning the QR code or copying a string of characters if you’re unable to scan. Once it is added, the one-time password/passcode will show up on your credentials in the 1Password app, making it a one-stop shop of sorts.
You’ll need a 1Password subscription to access the 1Password Authenticator feature, which is $3 a month billed annually, or $5 a month for families (up to five people). Personally, 1Password is one of my must-have apps for iOS and Android, and I think it’s well worth the price just for the password management features alone.
Duo Mobile is developed by Cisco Systems, which is already a major player in cybersecurity. In order to use Duo Mobile, you will need a Duo Mobile account, which is about $3 per month for an individual user. Duo Mobile may be used by some employers to provide an extra layer of security for employees and their accounts.
With Duo Mobile, you can add third-party accounts at any time once you have your Duo Mobile account set up. You’ll get one-time passcodes and push notifications for one-tap authentication on your supported accounts. Duo Mobile also has backups to iCloud or Google Drive, so it’s easy to restore your credentials if something happens.