Hackers these days are everywhere studying how to get your passwords and gain access to all your online accounts like emails, social media accounts, online banking, and other transactions on the web. Using the same password on more than one site, downloading software, and clicking links in email are some of those actions that could put you at risk to give those scammers an open hole to access your accounts. An added security is what you need to secure even if they’ve got your password, that’s why a 2-Step Verification is implementing these days by some websites to protect their accounts.
Google Authenticator
Developed by Google. Needs to be backup manually by “Transfer for account” on settings. It generates a secured QR code where you can scan if you install the application on another device. It will not allow you to screenshots, so you might take a picture of it using another mobile phone and save to a secured storage location. No option to delete the existing credentials on application.
Lastpass Authenticator
Developed by LogMeIn Inc., the creator of well know password manager plugins for internet browser. You need a Lastpass account and enable “Backup to Lastpass” to make a backup manually.
Microsoft Authenticator
2FAS Authenticator
2FAS company created this app. You have an option to enable backup manually on settings and stored your tokens on Google Drive. Has an option to delete the credential application.
How it works?
Every time you login your accounts like Google, Facebook, Microsoft, or other services to a new device, it will send a Time-based One-Time Password to verify and approved the sign-in.
What is TOTP?
Time-based One-Time Password (TOTP) is a single-use passcode typically used for authenticating users. The user is assigned a TOPT generator delivered as a hardware key software token. The generator implements an algorithm that computes a one-time passcode using a secret shared with the authentication server and the current time – hence the name time-based OTP. The passcode is displayed to the user and is valid for a limited duration. Once expired, the passcode is no longer valid. The user enters a valid passcode into a login form, typically together with his username and regular password.
Keep in mind that:
You need to secure your Authenticator apps backup to make sure that anytime you need to install it to another device, it will be available for export on your new device.
- If you want to remove the authenticator for your account. You need to disable the 2-Step Verification to deactivate the feature for the specific website.
- Some website like Facebook has four different methods of 2-Step Verification. It is a good option to enable an alternative method to secure and safety.
These 4 methods are:
- Authentication app – You’ll receive a login code via an authentication app
- Text message (SMS)
- Security Key – You’ll be asked to use your key for verification.
- Recovery codes – Use recovery codes to log in if you lose your phone or can’t receive a verification code via text message or an authentication app.
Points of View:
Every authenticator has its features that you need to review for you to avoid problems getting locked or stuck if you need to reinstall it on your new phone. Look for authenticating that you can backup or restore later if needed. Please note that as I made this writing, the features may change or updated by the developer.