Are you tired of the mandatory password change prompts? Find it challenging to keep track of passwords? Well, Microsoft concurs that mandatory password changing trend is getting old and suggests that it should go away. Thankfully, two-factor authentication or 2FA offering apps such as Google Authenticator, Authy, and Microsoft Authenticator are around to save the day.
Surprisingly, many people continue to make poor password choices, especially when using 2FA thinking it is foolproof. When you use a 2FA app to scan a barcode, always note down backup codes somewhere safe, preferably offline. Taking a screenshot of the QR code and storing it in an encrypted vault also works, though it is less secure because it is still available online.
Now, let’s see how Authy compares with Microsoft Authenticator and which 2FA app should you use.
When you open Authy for the first time, the app will ask you to create an account using your mobile number. That means your phone must have an active SIM card. In case you are unaware, SIM swapping is a common phishing technique where the hacker will issue a new SIM card with your number and then use the same to generate OTPs (One Time Password). Authy does have a solution to that which we will discuss in the Security point below.
Authy uses a colorful layout where it is easy to find your 2FA codes since each entry uses logo of the respective service. Google Authenticator never syncs them, and thereby makes it hard to find a 2FA code in a sea of text and numbers.
Microsoft Authenticator uses a similar layout where logos are synced making it easy to find 2FA codes of respective services.
Unlike Authy, you can use it without having to create an account. However, you may use it with your Microsoft account, but that’s optional.
Scanning QR codes on both apps is easy and quick. Just tap the ‘+’ icon and point the back camera towards the QR code.
Also on Guiding Tech
2. Taking Backups
Authy allows users to take backups of their codes if they lose their smartphones. These backups are encrypted on your device and then stored in the cloud on Authy servers, owned by Twilio. These backups can then be restored to another mobile device using the same phone number with an active SIM.
However, you will need to enter the backup password to decrypt the synced keys. That way, a hacker may have access to your number using a SIM swap trick, but you still own the backup password. So, it is very important that you keep the backup password somewhere safe, preferably offline, and never share it with anyone.
Microsoft Authenticator works similarly. For now, the ability to backup 2FA codes is only available for iOS users. Microsoft has not announced anything for Android yet, but I am hopeful. You will need a Microsoft account for taking a backup of your 2FA codes.
To begin, go to Settings on your iPhone and tap on iCloud backup. The interface will ask you to feed in your Microsoft account details. The backups are encrypted and stored in iCloud, and your Microsoft account is used for verification. You should use 2FA for your Microsoft account as well.
So, how do I sign in to my Microsoft account? That’s why you should always write down one-time backup codes offline at the time of scanning QR codes on all sites. I keep a diary and an archival Sakura pen which is waterproof, fade-resistant, and chemical proof. Yup, I am paranoid when it comes to my security which brings us to the next point.
Earlier, we discussed how using a mobile number to register an account with Authy can be dangerous. To solve this problem, Authy implemented an option called Allow multi-device. You can only install Authy on a 2nd or 3rd device when it is enabled. So, make sure to disable that option after you are done setting up your accounts and scanning QR codes.
Even if a hacker uses the SIM swap trick, he won’t be able to install Authy on his device because it is disallowed. You can see a list of registered devices on the same screen.
In the case of Microsoft Authenticator, there is no need to use a SIM, and if you choose to use your Microsoft account, backups are stored in iCloud instead. That means the hacker will need to access both these accounts before he/she could steal 2FA codes. Make sure to secure your Apple account too.
Both Authy and Microsoft Authenticator allow locking apps using a 4-digit PIN and fingerprint scanner. The 2FA codes never leave your device unless you want them to, and they are encrypted on the device before they are uploaded.
Also on Guiding Tech
4. Other Features
Microsoft Authenticator also works with Microsoft’s enterprise solution. So, you can now use the app to receive one-tap push notifications to approve sign in — no need to enter the code either. One-tap push notification also works with personal accounts.
Both the 2FA apps can generate codes offline and without access to an Internet connection after the codes have been scanned and saved to the device.
5. Pricing and Platforms
Authy and Microsoft Authenticator are free and come without any ads. Authy supports Android, iOS, Windows, macOS, and Chrome browser. Microsoft Authenticator supports both the mobile platforms and Windows 10 but leaves macOS and browsers out of the mix.
Two Is a Company
Authy has a better UI and supports more platforms, but Microsoft Authenticator covers the most important ones anyway. If you are a Microsoft user, or an employee with admin access, Microsoft Authenticator makes more sense for you.
Authy backups also work on Android, which is a plus for Android smartphone users. A user might accidentally forget to toggle the multi-device option, and then it will be easier for a hacker to steal codes from Authy. While it’s not entirely Authy’s fault, it is still a risk. Microsoft Authenticator removes that from the equation.
Next up: Looking for more 2FA apps for Windows 10? Click on the link below to find out.