An ever growing number of services and tools require sensitive, personal data. Whether it’s a new account for an online order or your airline tickets, it’s essential to have a creative, strong password. Unfortunately, cybercriminals and their techniques are also becoming increasingly creative, so you should really think about using an authenticator app. Read on to learn how they work, what the benefits are, and how the most popular apps differ from each other.
Also discover how to use the authenticator feature built into Avira Password Manager as well as how you can set strong passwords for all your different accounts and strengthen their protection in the process.
Your 101 guide to authenticator apps
Always protect your data whenever you go online — especially as the more user accounts you create for websites and services, the more potential doors open for cybercriminals to get their hands on your personal information. Alongside a strong password, using an authenticator app can offer additional protection against account hacking.
What’s an authenticator app?
An authenticator app enables you to quickly and securely verify your identity. To log in to an online user account, you not only need your name or email address and a password but also the randomly generated code from the app. When you log in to a website, the website can use the authenticator app to ensure that it’s actually you who’s logging in.
Authenticator apps belong to the group of two-factor authentication (2FA) or multi-factor authentication (MFA) methods. The terms represent a registration process comprising at least two steps: Factor one represents your registration on the website with your email address and password. Factor two is the entry of the security key generated via the app.
How do authenticator apps work?
Authenticator apps are simple and efficient. Most apps you find on the market work on the same principle: At fixed intervals (usually every 30 seconds) a password is created that’s only valid once and only within the respective period.
This is what’s known as a TOTP, or time-based one-time password. This password is assigned to you via the app as soon as you log in to your user account. The code is generated either the moment you log in to your account or constantly changes as soon as you have linked your account to the app. In both cases, the access code (often six-digit) is only valid for a short period of time.
This short time span lies at the heart of the beefed up security, making it almost impossible for hackers to intercept the code or generate it randomly. In addition, the codes for most apps are created locally on the respective device and not transmitted from a server on the internet. This makes it even more difficult for criminals to obtain the sequence of numbers. You read the numerical code on your smartphone or computer/laptop/tablet, enter it manually when registering, and are logged in securely.
Why use an authenticator app?
Even if you don’t “need” an authenticator app, the benefits are clear. Most apps are completely free and can be set up in seconds. The added value you get in terms of protecting your personal data should justify this extra step in the registration process.
All passwords can be cracked by cybercriminals over time. All it takes is for a website’s database to have a security hole for your login data to be passed on to third parties. With an authenticator app, you ensure that unauthorized people can’t access your accounts and data without the security code.
By the way: Good passwords and two-factor authentication help you log in to your online accounts more securely. But don’t forget to keep your eye out when using your smartphone and keep it safe and secure. Check out our article on how to additionally protect your smartphone from phone hacking.
Which authenticator apps are best?
There are a whole bunch out there, with some exclusive to a particular service but most designed to be used universally. Although they never really differ in how they work, some providers offer additional features that might interest you. This makes it impossible to rank one particular stand-out app as the winner. To help you decide, we’ll now look at some of the most popular authenticator apps and mention what makes them so special.
Google Authenticator
Google Authenticator is one of the most widely used MFA services. It’s super easy to use and is very popular. Most websites and apps that support two-factor authentication can be linked to Google Authenticator. The only potential downside is that you can only install the app on your smartphone and not on your computer. Google Authenticator works on iOS and Android devices.
The app is so easy to use because you don’t need to configure anything and there are no complicated features. You simply add your user accounts via a QR code, and the app generates a new code every 30 seconds. A really practical aspect: The app now also allows you to back up your codes in the cloud. This means that if you get yourself a new smartphone, you can use your existing Google Authenticator codes without having to go through the hassle of linking each account again.
Microsoft Authenticator
Microsoft Authenticator is ideal for securing Microsoft services such as Outlook and OneDrive. And as it’s designed by Microsoft itself, you can log in to all applications and services without even needing your password. When you register, you receive a push notification to confirm your login. In the same way as Google Authenticator, you can also make a cloud backup and get going easily on new devices.
A really practical aspect: The authenticator can send push notifications about security alerts, so you’re informed immediately as soon as your password is changed or you log in from a new device.
Twilio Authy
With Twilio Authy, you get an authenticator app that’s also very easy to use and is supported by many websites. What’s special about Twilio Authy is that you can run the app on multiple devices at the same time using the multi-device feature. In addition, the codes in the app are only displayed in encrypted form. This means that you (and everyone else) can always see which website a code is for — but to actually view the code, you must authenticate yourself using a passcode you know.
Another advantage of Twilio Authy is that the app works not only on Apple and Android smartphones but also on Windows, Mac, and Linux computers.
Avira Password Manager
The Avira Password Manager app for iOS and Android not only offers 2FA functionality in the form of the built-in authenticator app but also creates and stores super strong passwords for your various online accounts. This means you can generate 2FA codes to boost the security of the log-in process and you no longer have to remember annoyingly long and complex passwords. Avira Password Manager is also available as a browser extension, so you can manage your passwords via the web dashboard and synchronize them across all your different devices.
Do authenticator apps work on multiple devices?
Even though most authenticator apps offer the same basic functions, some of them stand out from the crowd with special features. For example, you can install Twilio Authy on multiple devices. That means you don’t need to worry about losing access to your accounts if your smartphone gets broken. Google Authenticator now also offers the option to back up your codes in the cloud. This way, you can log in to your account on a new device and have all your tokens right at your fingertips again.
However, keep in mind that installing authenticator apps on multiple devices poses an increased security risk. Take good care of your smartphone and think carefully about who you give access to your authenticator app.
How do I set up an authenticator app?
The apps are installed in a flash, easy to configure, and intuitive to use. Here’s what you need to do:
- Add the app: Add the authenticator app of your choice to your smartphone. For Android devices, you can find most apps in the Google Play Store. Visit the App Store if you’re using an iPhone.
- Set up the app: Once it’s on your device, the next step is to start setting it up. If you need to create a user account to use the app, this can usually be done very quickly. With some authenticator apps, you don’t even need to create a user account to use them — like with Google Authenticator.
- Set up 2FA for logins: Once you’ve added and set up the app, link your logins from the various websites, apps and services of your choice. To do this, simply log in to the user account in question and go to Settings > Security. If the desired website or application offers 2FA, you can turn on this option there. You’ll receive a QR code that you scan with your authenticator app. Once you’ve scanned the code and added the user account, you’ll receive the first code in your app. Enter this on the website and 2FA will be activated for all future logins.
The benefits of authenticator apps for work and social media
This article has already shown that authenticator apps are a great addition and investment in your online security. What’s more, this form of two-factor authentication also offers clear advantages in the work environment and on social media.
Authenticator apps for the workforce
Although personal user accounts rarely fall victim to systematically planned hacker attacks, larger companies are a popular target for cybercriminals. This makes the case clear that business-critical applications and accounts should be secured as strongly as possible. Don’t let sensitive customer information, banking details, and business plans fall into the wrong hands.
Authenticator apps are very easy to use, and only a small amount of training is needed to familiarize employees so they know how to use the app correctly. Even colleagues who are less tech-savvy only need to read a code on one device and enter it when logging in on the other (usually the work computer).
What’s more, as the apps are installed on existing devices — like work smartphones and computers — you don’t need to invest in additional devices. This makes the apps affordable and efficient to deploy.
Social media authenticator apps
The larger the number of followers, the more attractive user profiles are on social media to cybercriminals. Anyone who uses platforms like Instagram, Meta, or TikTok should secure their account using an authenticator app. This way you protect your personal data and private chat histories.
Troubleshooting your authenticator app
If your 2FA app isn’t working as expected, there could be several reasons for this.
Why is my authenticator app locked?
Can’t access your authenticator because the app won’t open? The most common reasons for a locked app are:
- Linking your authenticator app: Even though configuring 2FA apps is relatively easy, you can still run into issues. Bear in mind that after linking your user account with the app, remember to store the generated code in your profile to confirm the correctness of the link. If you close the browser window too quickly, the link will not be established correctly. If this happens to you, remove the token from the authenticator app and re-link your account to the app.
- Changing your device: Trying to open the app on a different device? You might run into issues if you don’t have a backup or one-time authorization code.
- Software version: Check you have the latest version of the app. You may need to install updates from your app store for the app to work as expected. You should also regularly update your computer or smartphone to the latest version to close security holes and ensure apps work as expected.
- Internet connection: Are you running into network issues with your authenticator app? Even though the codes for the login process are generated locally on your device, most authenticator apps require a stable internet connection for verification. Make sure you are logged into a network and can send and receive data.
- Unsafe network: Have you logged into an open network? In some cases, apps will deny access if your device is not logged into a closed, secure network.
Double or triple the protection of your online accounts
Using an authenticator app and multi-factor authentication are crucial to strengthen your online security. The apps are installed in a flash, easy to configure, and intuitive to use. However, in addition to using the apps, you should also use strong passwords. To ensure your password isn’t cracked or even guessed in a flash, use long, complex passwords comprising random characters. Ideally, also use a unique, long password for each user account.
Avira Password Manager not only provides you with an authenticator that allows you to generate 2FA codes but also creates complex and, most importantly, unique passwords for your various accounts. If the password of one of your accounts falls into the wrong hands, your other accounts won’t be at risk.
Never forget that strong passwords are your first line of defense for your online accounts and the data stored there. With two-factor authentication, you can add a second password — or even add a third using Avira Password Manager Pro.
That’s because Avira Password Manager Pro also analyzes your existing passwords and notifies you if you’re using the same password for multiple accounts or if any of your passwords are too weak. On top of that, you’ll get alerted if one of your accounts is hacked or a website you have an account with is insecure.