As privacy concerns continue to rise, the use of two-factor authentication (2FA) apps is now a necessity. Apart from Google and Microsoft, a handful of players are offering their 2FA apps packed with new and innovative features. Authy and LastPass Authenticator are quickly rising the popularity charts among the 2FA apps.
Authy provides a beautiful interface, which is easy on the eyes and functional as well. It offers multi-device sync with cloud backups. Useful for when you lose access to your smartphone.
Time to see which 2FA should you trust with your online world and why.
1. UI and Usage
Surprisingly, Authy and LastPass Authenticator adopt a red theme. As with most 2FA apps, the layout is pretty simple. There is a plus sign to scan and add 2FA codes quickly, either by scanning the QR code or by entering the key manually. For me, scanning a QR is faster and easier.
It might sound odd to you that Authy asks for your mobile number when you launch the app for the first time. That means you need an active SIM card. However, that does raise the question of SIM swapping hacks (more on that later).
Authy pulls logos of most popular sites making it easy to identify codes in a sea of text. LastPass Authenticator misses out on this simple but useful feature, making the UI less appealing and more difficult to navigate. Also, Authy supports both list and grid view.
Overall, both apps have a near-identical UI and make it easy to add and read QR codes on the fly, but Authy does it better.
Also on Guiding Tech
2. Backups and Recovery
Authy will ask you to enable the backup option when you scan a QR code for the first time. Of course, you can always enable it later from the app's settings. After that, Authy will encrypt them on your device first, and then take a backup of all the codes to its servers.
What if you lose your phone or it gets stolen? If you lose complete access to your phone, then you will have to download Authy on a new device. However, you must use the same phone number to sign in and initiate the recovery process. Before you can access the codes, you will have to decrypt them using the backup password that you created at the time of taking backups. No one has access to this backup password. If you lose it, not even Authy can recover it for you. So make sure you save it a very safe and secure location.
LastPass follows a similar process. When you enable the backup option, the codes will be encrypted and stored on the LastPass servers. But, there is one difference. You will need a LastPass account. It also offers a password manager that will manage your passwords.
LastPass provides an in-depth tutorial on how to do that. Basically, you need to connect the Authenticator app with LastPass and enable Multifactor option from the Settings. You can then decide to store everything locally (encrypted), or keep everything online which will need an active Internet connection to sign in. Multifactor authentication does not work in offline mode, which makes it redundant, in my opinion.
Unlike Authy, your account is tied to your LastPass account. Some users argue that keeping everything local, and not taking cloud backups, is more secure. That way, you are protected from SIM swapping attacks as the only way to access the 2FA codes is to steal your device. Fat chance. Hopefully, LastPass's server doesn't get hacked again.
You must know by now that Authy uses SIM number to register the device on their servers. To avoid SIM swap attacks, Authy has a multi-device feature. It means that you can only install Authy and sign in to recover codes when the option is enabled. That’s why we recommend you to toggle that option off when not in use.
LastPass employs a similar technique where you can allow specific devices to install their 2FA app and recover your codes. That option is available under Settings>Mobile Devices.
That is a simple but effective way to prevent unauthorized devices from gaining access to your authenticator apps forcefully.
One key difference is that instead of SIM, LastPass Authenticator depends on your LastPass account, which requires an email ID to register. So it is recommended that you use 2FA for your email provider too. If you lose access to your LastPass account and email ID, then you can recover it using your SIM number (recovery phone option).
Also on Guiding Tech
4. One-Tap Approval
LastPass Authenticator comes with a unique feature that’s currently not supported by any 2FA app. When you are using the LastPass Password Manager with the Authenticator, you don’t have to enter the user ID and password — those details will be auto-filled.
There's more — you won’t have to enter the 2FA code either. You will receive a pop-up notification with an option to approve or deny the sign in in the notification center. Just tap on it and you are good. The feature works with most of the popular sites and apps.
5. Platform and Pricing
Authy and LastPass Authenticator are both free. There is even a free version of LastPass Password Manager, which should be good enough for most users.
Authy supports Android, iOS, Windows, macOS, and Chrome browser. Meanwhile, LastPass Authenticator supports Android, iOS, and Windows only.
Also on Guiding Tech
Security or Convenience?
Confused? Let me simplify. If you use LastPass Password Manager, using the LastPass Authenticator makes sense, especially if you are paying for the Premium service. You get a one-tap sign-in and password auto-fill, making it easy to log in anywhere you want quickly.
Authy has become the gold standard of 2FA apps and for a good reason. It has a clean record, it's UI is better, and it automatically fetches the logos of most services.
Next up: Are you using Google Authenticator as your default 2FA app? Learn why you should switch to Authy today.