Security on the internet has become more important with each passing year. It seems like every other month there is a major data breach from major retailers or online properties. One of the key things that you can do to minimize the effect these breaches will have on you is to set up and use two-factor (or multi-factor) authentication. Two-factor authentication can be explained as something you know (your password) and something you have (a smartphone or another authorized device). With most implementations, you will log in to a website using your normal login, and you will then prompted to input a secondary code. The secondary code can be generated in multiple ways (more on that later) and changes every thirty seconds. By enabling two-factor authentication on websites that support it, a hacker wouldn’t be able to log in just using your username and password. They’d need access to your two-factor authentication database in order to access the current code.
Apple has two-factor authentication built right into iOS and macOS, but they implement it in a slightly different way. Instead of using a third-party solution to generate a code, you’ll receive an alert on another one of your registered devices. Once you approve the login, a six-digit code will pop up, and you’ll input that on the new device.
An example of when this would occur is if you were logging into iCloud.com on your work laptop, and you’d get an alert on your iPhone and iPad to approve the login and get the code. While Apple’s method is easier for the masses, I do wish they had the option of using the technology that other apps used. While Apple’s technology is great for securing access to your Apple devices and services, it doesn’t work with other services like Google and Amazon.
Best Apps for Two Factor Authentication
When I first started using two-factor authentication, I used the ability to generate the code from an SMS message. While macOS and iOS make it easy to use (iOS 12 and macOS Mojave can autofill these from the SMS message), it’s not recommended from a security perspective.
SMS messages are not secure, and your account is only secure as the customer service people at your cellular carriers. There are many reports over the years of accounts being hacked by social engineering. With that being said, I recommend a dedicated two factor (2FA) app when setting up this additional security measure. A benefit of the apps is they work when offline (or away from LTE). One final thing to remember is that even if a website says it only works with Google Authenticator, any of the other apps I mention will also work. They use the same process to set up the two-factor code.
Personally, I use 1Password to manage all of my online passwords. My wife and I use 1Password so much that we chose the family plan. It’s only $60 per year, and it will expand to cover my kids when they are old enough (covers up to five people). We have a shared “vault” where we can keep passwords that we both need access to (bank logins, etc.).
A few years back, 1Password integrated one time passwords into the app, and I immediately started using it for all of my two-factor logins. It has some great integrations on macOS and iOS where it will automatically copy the one time password onto your clipboard when you use it to sign in. So once you sign in, you’ll just have to hit CMD + V to paste in your two-factor code.
Another awesome feature of 1Password for two-factor codes is that it will inform you if a service you have a password saved for has two-factor support and prompt you to set it up. You can easily scroll down through your database to see which services support it. Another bonus is that you can use the 1Password Apple Watch app to generate the codes as well.
If you don’t use 1Password for password management, I probably wouldn’t recommend you use it solely for two-factor, though. I do recommend 1Password for password management if you aren’t using a password manager yet.
If you don’t use 1Password, I would have to recommend Authy has your solution for the best two-factor authentication app. One of the aspects that makes Authy easier to use than 1Password is that two-factor authentication is all that it does. If I was rolling out required two-factor authentication across my organization, Authy would be the app I would deploy.
Most of the apps are very similar in what they do. The main goal is to allow you to scan a QR code to generate the rotating password, and then save it. The thing that Authy does really well (along with 1Password) is handling multiple devices and new device setup. One final reason to pick Authy over Google Authenticator and Microsoft Authenticator are that it offers apps for every platform. If you are using 1Password, you already know how convenient a Mac app is to have, and Authy has apps for macOS, Chrome, iOS, Android, and Windows. If you have a lot of two-factor accounts set up (which you should), having a desktop app will be very convenient.
Google Authenticator has been the default solution for a lot of two-factor deployments over the years. In fact, I think the first time I heard about two-factor authentication was Google prompting me to do it. My main concern with using Google Authenticator is the complications in moving to a new device. If you search for how to do this on Google, there are countless articles and it’s a fairly manual process for each of your accounts. Inside the app, there is no way to sync your database with your Google account either.
Overall, the app is straight forward. It’s missing some features that Authy has like Face ID support, but it’s still better than nothing. With Authy being free (their revenue is a different source), it’s just hard to recommend Google Authenticator.
Microsoft Authenticator is a really well designed two-factor authentication app. If you are working in an organization that heavily uses Microsoft products, you’ll likely be using this app for two-factor authentication since it works very well with Office 365.
It works very similar to the way Google Authenticator works, but it does it make it easier to set up a new device. (assuming it’s iOS to iOS). The app is free to use, and you’ll need to sign in with a personal Microsoft account and be signed into iCloud to get the most out of the app. However, it’s hard to recommend over Authy since it lacks desktop apps.
If you aren’t using 2FA already, this is one of the tech-related tasks you need to do soon. There are great options to use (1Password or Authy), and you can set it up for no cost to yourself. Most popular websites now support it as well. If you want to search a database of all the website that supports it, visit twofactorauth.org. If you’ve yet to set up two-factor authentication on your Apple devices, I highly recommend doing it as soon as possible.