Skip to main content

Digital Trends may earn a commission when you buy through links on our site. Why trust us?

SMS 2FA is insecure and bad — use these 5 great authenticator apps instead

You probably have what seems like a million accounts across the internet these days, right? At least, that’s what it feels like for me — with all these social media, email, and banking accounts, plus digital storefronts, and more. Regardless of where I access these from, whether it’s my iPhone 14 Pro or my Samsung Galaxy S23 Plus, or even my Mac, the first step is to make sure that I have a strong and secure (preferably randomly generated) password. But for extra peace of mind, everyone needs to look into two-factor authentication (2FA) to really keep people out.

Recently, Twitter has made the news yet again because it’s forcing everyone who uses SMS 2FA to either remove it from their account or subscribe to Twitter Blue to keep it. SMS 2FA is when you get a code sent as an SMS to your phone, and while it’s convenient, this is the least secure 2FA method available. SMS 2FA is susceptible to numerous vulnerabilities, including SIM swapping (where someone takes over a mobile phone number by convincing a carrier to link that number with the SIM card), SIM duplication attacks, and more.

Twilio Authy 2FA app running on an iPhone.
Joe Maring / Digital Trends

However, this doesn’t mean that you can’t use 2FA on Twitter, or other sites that provide 2FA. Twitter is only putting SMS 2FA behind a paywall, but you can continue to use an authenticator app or even a hardware security key for free. This also applies to any other sites that have 2FA, such as Facebook, PayPal, Google, and more.

Recommended Videos

If you aren’t using 2FA on your most important accounts, then you really should. Here are the best 2FA apps for both iPhone and Android phones.

Twilio Authy

Twilio Authy iOS app screenshots
Christine Romero-Chan / Digital Trends

Twilio’s Authy app is the one I’ve personally been using for several years now, and it is available on both iOS and Android devices. On the surface, Authy looks pretty bare-bones, but it offers a ton of functionality for a 2FA app.

Setting up Authy to use for 2FA with your accounts is easy, as all you need to do is just scan a QR code when setting up 2FA on your favorite website/app. Authy works with thousands of providers, including major players like Facebook, Dropbox, Amazon, Gmail, Outlook, and more. Authy also provides secure cloud backup with a free Authy account, so all of your data is encrypted and safe across all of your devices. And with multidevice synchronization, you don’t need to re-add your 2FA tokens — everything transfers over with your Authy account.

Best of all, Authy works offline, so you don’t even need a data connection to generate a token, unlike SMS. Twilio Authy also supports 8-digit tokens.

Download Twilio Authy for iPhone

Download Twilio Authy for Android

Google Authenticator

Google Authenticator iOS screenshots
Google

At this point, it’s hard to find someone who doesn’t have a Google account. Thankfully, Google has its own authenticator app in the form of Google Authenticator. It’s a simple app that will add 2FA to your Google account, and it supports multiple accounts, as well on iOS and Android.

The only complaint that people seem to have with Google Authenticator is the fact that it does not have a backup option, which is not as convenient. However, from a security perspective, this would be a good thing, as all of the data and codes would be stored locally on your device. Google did add the ability to transfer accounts to a different device in an update, though, so it should not be too difficult to do so if you end up getting a new iPhone or Android phone.

Download Google Authenticator for iPhone

Download Google Authenticator for Android

Microsoft Authenticator

Microsoft Authenticator iOS app screenshots
Christine Romero-Chan / Digital Trends

If your school or work uses Microsoft accounts, then you may want to consider Microsoft Authenticator for iPhone and Android. It also works for non-Microsoft accounts — like Google, Facebook, GitHub, Slack, and more — for 2FA. For Microsoft accounts, the app will let you sign in to your account without requiring a password, as you’ll use the Microsoft Authenticator app with a fingerprint, face recognition, or PIN for security instead.

The Microsoft Authenticator can also do more than just provide those one-time passcodes. You can use it for auto-filling passwords within the in-app browser, and it even saves passwords from your Microsoft Edge browser. Don’t use Edge? No problem! You can also import passwords from Google Chrome and other password managers.

Download Microsoft Authenticator for iPhone

Download Microsoft Authenticator for Android

1Password

1Password 8 iOS app screenshots
1Password

Many of us may know 1Password as one of the best password managers around — I know I do. In fact, I have been using 1Password for about a decade now, and it continues to evolve and get better. I use it for keeping all of my passwords safe and secure, as well as creating new, randomly generated secure passwords for new accounts with. But a well-kept secret is that 1Password can also be used for 2FA.

In fact, 1Password will let you know of all sites that currently support 2FA, which is convenient. If you choose to use 1Password, adding 2FA to an account involves the typical process of scanning the QR code or copying a string of characters if you’re unable to scan. Once it is added, the one-time password/passcode will show up on your credentials in the 1Password app, making it a one-stop shop of sorts.

You’ll need a 1Password subscription to access the 1Password Authenticator feature, which is $3 a month billed annually, or $5 a month for families (up to five people). Personally, 1Password is one of my must-have apps for iOS and Android, and I think it’s well worth the price just for the password management features alone.

Download 1Password for iPhone

Download 1Password for Android

Duo Mobile

Duo Mobile iOS screenshots
Cisco

Duo Mobile is developed by Cisco Systems, which is already a major player in cybersecurity. In order to use Duo Mobile, you will need a Duo Mobile account, which is about $3 per month for an individual user. Duo Mobile may be used by some employers to provide an extra layer of security for employees and their accounts.

With Duo Mobile, you can add third-party accounts at any time once you have your Duo Mobile account set up. You’ll get one-time passcodes and push notifications for one-tap authentication on your supported accounts. Duo Mobile also has backups to iCloud or Google Drive, so it’s easy to restore your credentials if something happens.

Download Duo Mobile for iPhone

Download Duo Mobile for Android

Christine Romero-Chan
Christine Romero-Chan has been writing about technology, specifically Apple, for over a decade. She graduated from California…
New iPad Air incoming? There’s a low stock warning
A person holding the Apple iPad Air (2024), showing the screen.

Less than a year has passed since the release of the current iPad Air. However, a new one could launch very soon. As Bloomberg’s Mark Gurman notes, the inventory for the popular tablet is dwindling, suggesting that a new model is set to launch.

The 2024 iPad Air was launched in May 2024, introducing a new 13-inch model alongside the traditional 11-inch model. Both versions feature Liquid Retina displays that offer vibrant colors and sharp details and are powered by the M2 chip, which provides improved performance compared to the previous generation. Beyond this, there were a few changes made between this and the previous model, which arrived in 2022.

Read more
Samsung might return to all-Exynos for its Galaxy S26 lineup
A close up of the triple camera on the Samsung Galaxy S25 Plus

Samsung has seen a smoother development with its Exynos 2600 chip than it did with the 2500, according to a new report. Prior to the release of the Samsung Galaxy S25, rumors suggested the phone could use the Exynos 2500 or the Snapdragon 8 Elite, and leaks provided a lot of conflicting information. Now, a report from a Korean news outlet says the company has already achieved a 30% yield from its manufacturing process.

The company is using a 2 nanometer production process, and it's initial yields were higher than expected according to The Bell. Samsung plans to start mass production of this chip in the second half of the year and say it could improve performance by 12% and power efficiency by 25%.

Read more
Google Messages might let you unsend awkward messages in RCS chats
The Google Messages app on the Galaxy S25 Ultra.

Google Messages, the default messaging app on Android phones, could soon get new features that will let you unsend texts like third-party messengers. The unsend functionality is reportedly under testing and will be available for chats over RCS protocol, which succeeds traditional SMS with improved support for multimedia, emoji, reactions, etc.

Presently, when you delete a message, it is only removed from your device without impacting other participants in the chat. Now, Google appears to be testing a new "delete for everyone" functionality for conversations that will delete messages for all parties, similar to instant messaging apps such as WhatsApp and Telegram. 9to5Google spotted references to the under-development functionality, suggesting it might be available for a wider audience to benefit from -- though the exact timeline of remains unknown.

Read more