Which Authenticator Apps Are Safe to Use?

At the start of the year, news broke out that Twitter was changing its approach to two-factor authentication, prompting (non-blue) users to abandon SMS-based 2FA and adopt an authenticator app instead.

The move incentivized dodgy developers to flood the app stores with deceptive 2FA apps designed to get users to pay hefty sums for features offered free of charge by legitimate developers.

Warning signs

Unfortunately, many of these shady apps still plague the iOS App Store, featuring aggressive in-app purchase prompts designed to confuse the user into parting with some coin down the line. Here are some red flags:

• While the app itself may be advertised as free, its full set of features sits behind a paywall.
• The app nags you to start a free trial, buy the full version or pay for a subscription the moment you start using it.
• If you start the trial – and forget that you did – days later, the app plucks a sum from your account as it begins to automatically charge you for a subscription.
• Prices range from a few dollars a month to a hundred dollars or more annually, which is pretty steep for functionality otherwise offered free of charge by legitimate 2FA apps
• Many of the shady apps feature a similar look and feel, indicating that some may be created by the same party, and are just listed under a different developer name.
• Some even have scareware behavior, warning users that they’re “unprotected” and inviting them to buy the service to get on the safe side.
• Some developers buy ad space on the App Store to get their products listed at the top. Users end up downloading whatever turns up first, either because they trust the App Store to serve the best app, or simply out of convenience.

Only use trusted apps

In the case of authenticator apps, many legitimate ones actually turn up lower in the query list. So it’s important to take your time and find the ones worth using.

Google and Microsoft offer some of the best authenticator apps on the market. They’re both very straightforward and free to use indefinitely.

Apple offers its own official 2FA solution as part of iCloud Keychain. As an iOS user, you can safely stay in your ecosystem and avoid downloading a separate authenticator app until you absolutely need one.

Other trusted options include Duo Mobile and Okta Verify.

Threat actors can easily compromise online accounts that lack a second layer of authentication, so two-factor authentication has become a must in today’s world.

SMS-based 2FA is better than no 2FA at all. However, bad actors can go to great lengths to intercept your codes using SIM swapping / SIM jacking, so it’s advisable that you use a trusted authenticator app.

When it comes to your security and privacy, only use trusted apps and services.

And, as always, consider deploying a dedicated security solution on your personal devices.