Discussion What 2FA app do you use?

[Bapun]

If you are looking for a two factor authentication app to use, particularly the Google, Microsoft, and Authy app then this thread is for you. But the reviews for these apps are screaming to stay away. Lots of people saying they got permanently locked out of their accounts because they got a new phone or reset their phone and couldn't restore the accounts.

It seems like 2FA itself is a great thing to have but I'm not seeing an app that sounds reliable. What do you guys use? Share them here.

 

[mmadhankumar]

2FA is always risky. But it's worth taking the risk. There was a time (around 2015-17) when i had atleast a dozen accounts with 2FA enabled. Hope you remember the day, when I was part of MyBB software team and almost entire team's accounts got hacked. Only a couple of people (including me) who had 2FA on were saved. So yes, its always worth the risk.

I was using Google authenticator then and yes there's always a risk of getting locked out of our account if we lose the mobile or access to the app. But that's why we have the backup codes. Store those backup codes safely and you will be safe even if you lose access to the authenticator app. I would store them on a pendrive as well have a hard copy on hand.

 

[Sparker0i]

I use Authy. Main reason, it allows backup. I am someone who formats phone every month after OTA update. All the other 2FA apps were ruled out for me just because of this. So far Authy has worked without issues for me.

For added security, I also use a USB security key (with NFC) (attached to my keychain) for sites and apps that allow its provision.

For quite sometime, I also used Krypton Authenticator as well, but then I just got tired of its cumbersome experience.

 

[sumitroy]

I use Google Authenticator. I use it for Gmail, Microsoft account, Twitter, Facebook and Lastpass.
It is not cloud based, so everything is saved offline on your device. If you delete data or reinstall app all your data is lost and you'll have to add every site again.
I'm using authenticator on two device. So, if anything happens to one device I have another device as backup.

For some reason if I lost all of my authenticator device, there are couple of ways to avoid locked out of accounts.

• I've saved (written) backup codes on paper. Google and Facebook gives 10 backup codes, Twitter and Microsoft gives recovery codes.
• 2FA codes can be send on registered (or recovery) phone number.
• I've also written all authenticator keys on paper (kept it safely and only accessible by me). I can setup Google authenticator on new device without requiring internet or signing into any account.

When you setup 2FA it displays QR code and key (sometimes appears when clicking on "I can't scan code"). You can take screenshot of QR code and save it or you can write it on paper. I've written it on paper. To setup just click the "+" button and tap "Enter a provided key"and type your saved key (written on paper). That's easy.

If authenticator keys or backup codes gets compromised then just login and setup 2FA again and get fresh backup codes.

 

[Sparker0i]

And moreover when websites tell you to use Google Authenticator only to scan the QR code, you can use any 2FA app to scan the QR. I don't want Google to get access to my codes.