I’d like to say thanks to “King_Jay16” from the TechJamaica forums. Details can be found on my Discourse and on their forums.
https://forums.carlosthomas.net/t/2024-general-account-security-passwords-2fa
You can get right into it or just check the TLDR below.
I may edit this and add more details or photos as things progress.
TLDR
- Authenticator Plus (Android) – Paid
- Aegis Authenticator (Android) – Free/Paid
- Authy (Android/iOS) – Free
- TOTP Authenticator (Android/iOS) – Free/FOSS
Those above are what I’ve tested. If you’re on iOS you can pick any of the two lower ones. My choice would be Authy based on the fact that some services specifically use it. If none of the services you’re on use it, then go with TOTP since it has browser push features.
If you’re on Android, Aegis is the one to go with. Authenticator Plus was put there to set the arena for the others. It was the best on the market back in the day, but it’s lack of development has reduced some features and made it lose the #1 spot.
Check more details below for why I’d pick one over the other.
2FA/MFA
2FA or TFA – Two Factor Authentication – is something that came about for added security of accounts. Hackers have been able to breach servers or use brute-force attacks to get access to data over the years, and the use of 2FA has reduced the risk significantly.
2FA may also be referred to as MFA at times – meaning multi-factor authentication.
2FA essentially uses your password with something else to authenticate the account. This can include, but isn’t limited to:
- A text message (SMS).
- A pushed notification (like Google).
- An IM message (sent to WhatsApp or FB for example).
- RSA hard or soft token (like those used by banks).
- OTP – One Time Password.
- Biometrics.
- PIN.
- Security Question/s.
2FA/MFA may include your password plus one or more of the items listed above. Again, it’s not limited to what’s above – other options may exist that I’ve overlooked.
MOST COMMON 2FA
By far the most common ones are those used by your bank and those used by email providers. Google and Microsoft are good examples.
Your bank may provide you with a hardware token that is tied to your specific account. This device generates codes that are put in with (or after) your password to get access to your account.
Google uses push notifications on your Android device to prompt for signing in. Microsoft has an option to use a timed authenticator with a 6 digit code – very similar to the one you’d use from your bank, but in a different app.
Part of the issue with all these apps is having so many installed to do the same task – we’ll get into that some more.
SETTING UP
If you’re not using a physical hardware token or key, most 2FA options include a QR code that’s scanned using your mobile device. This code then allows your authenticator app to register the entry with some name and other identifying data to differentiate each entry. As stated before, some companies – like banks – may have specific software that they require you to use. If there isn’t a defined requirement for specific software, then you can use any authenticator app and just add the entries.
SPECIALIZED 2FA
Probably not the best heading, but that’s how I’ll phrase it. As said before, there are some companies decide that they won’t use a regular authenticator app and you must use theirs. An example of this is NCB and their SecurID app. Other companies integrate a specific authenticator app into their backend, and you have no choice but to use that app.
Gamers that are familiar with STEAM or BattleNET are aware of the specialized push notifications and generation of tokens to secure their accounts. Most people with a Google account or an Android device will also get push notifications for login authentication. If you’ve seen these before – you have an idea of what a specialized app is like.
OTHER 2FA APPS
Personally, I have over 70 accounts in my listing. That list grows over time as more companies integrate 2FA. Emails and gaming accounts are just some of the ones that are secured. This brings me to the part I wanted to talk about – the various authenticator apps.
I won’t be talking much about specialized apps used by companies – unfortunately you have no way of getting around those. This will be focused on authenticator apps you can use for your daily life for adding all your accounts for 2FA security – minus the ones that force you to use a specific app. The focus will be on:
- Authenticator Plus (Android)
- Aegis Authenticator (Android)
- Authy (Android/iOS)
- TOTP Authenticator (Android/iOS)
So let’s get into each one in the order above.
Authenticator Plus
I’ve personally been interested in account security since around 2007/2008, and when this app came around I jumped right on it. This was the first app that I saw with backup and export capabilities. All other authenticator apps simply had “add” options. If something happened to your device you’d have lost all your keys/codes. Authenticator Plus allowed you to backup to DropBox whenever changes were made – this was somewhat revolutionary.
The problem is – development stopped. This means less compatibility with newer Android devices and resulted in the loss of online backup capabilities. This was still a great option though, as you could do a local backup (encrypted) and then upload it manually. You could also do an unencrypted export, which was then placed in a password ZIP file, and you could the import that to any other authenticator app which supports that feature. I use WinAuth periodically and would export so I still have access to my 2FA even if my phone is dead/charging. I was looking for an alternative, and then “King_Jay16” from the TechJamaica forums introduced me to the next app in this list.
LINK: https://www.authenticatorplus.com/
Aegis Authenticator
I’d consider this to be the absolute best authenticator on the market. The only reason it’s not a definitive #1 is the lack of iOS support. IMO, this is like a continuation of Authenticator Plus with a lot of improvements. The ability to change the views, to export both encrypted and unencrypted and – best of all – the ability to backup to cloud services.
Aegis also has one added feature that I’ve not seen elsewhere – the ability to share a code. This means you can generate a QR code for a specific entry and have it scanned into another device.
With the various security options available within the app, the chances of someone stealing your info is minimal – unless you’re literally held at gunpoint and forced to send over all your account details. IMO – it’s far more secure than just about everything else out there, with the next entry being an awesome competitor for the security department but lacking in features.
LINK: https://getaegis.app/
Authy
This is (arguably) far the best option for security that supports Android and iOS. They did have a desktop app which is being retired – which is why they’re not ranked higher in my list.
Authy ties to your phone number and then sends a text (SMS) for the initial install. Thereafter, each added device is authenticated using a push notification on previously added devices. You can also audit and remove devices from your listing if you wish.
Cloud backup is done through their own servers, but the feature isn’t there by default. You must specify a password to decrypt the data and then it will backup and sync across devices.
There are some companies that use Authy exclusively, and I can understand based on how secure it is.
For persons that want a bit more control over their data though, Authy won’t be the top pick, but it is one of the best that I’ve come across. If only it had the ability to push to your desktop like our final entry.
LINK: https://authy.com/
TOTP Authenticator
This makes the list as one I was testing before finding Aegis. This is the only one I saw that has an option to push the 2FA to your browser from your mobile device. That’s a great feature to reduce typing out the code and maybe missing a digit.
TOTP supports cloud backup and sync options. There are options to order your listing in a custom manner or show it alphabetically. One reason why this didn’t end up at the top – or higher – is the lack of export and sharing features.
Unfortunately I don’t have much to say about TOTP, but it is still a great option depending on your use case and needs.
LINK: https://www.binaryboot.com/totp-authenticator
SUMMARY
There’s lots of options available for whichever platform you’re on. Using a 2FA app with your password to bolster security is a great way to keep undesirables out of your stuff.
If you want a regular set and forget it – Authy is probably the best way to go. Just ensure you set up the backup options.
If you want some added features like pushing to your browser, use TOTP.
If you’re on Android, the best option IMO (at the time of this writing) is Aegis.