News: Google Authenticator Is NOT the Best 2FA App Anymore

Google Authenticator Is NOT the Best 2FA App Anymore

If you want the best two-factor authentication app out there, our pick is Authy. A close second is LastPass Authenticator. If neither of those is to your liking, try Duo Mobile or Microsoft Authenticator. But if you're fine with missing out on great features, then and only then should you look at using Google Authenticator.

While Google Authenticator is one of the most popular 2FA apps on both mobile markets, it has been living off its good name for a while now. No longer is its well-designed interface enough — the competition has not only caught up, but surpassed Google's app. For four main reasons, when it comes to two-factor authentication apps, you should look elsewhere.

1. It Hasn't Been Updated in More Than a Year

While software doesn't have a lifespan in the same way humans do, it does expire. This expiration date occurs when the developers stop supporting it, a sign that they are moving on to bigger and better things.

It appears Google Authenticator is reaching this period based on its update history. On Android, the app hasn't been updated since September 2017 — compared to Authy, which received an update the day before I wrote this. And on iOS, Google Authenticator is even, worse with its last update on February 2016.

Without updates, bugs aren't fixed and vulnerabilities aren't dealt with. Features aren't added, and changes to the design and other tweaks are never addressed, despite outcry from the public (see how Google Authenticator looks on an iPhone X, for example). Google Authenticator's limitations will probably not be addressed anytime soon, leaving it constantly behind the competition.

Despite being a Google-developed app, Authenicator is targeting a lower version of Android (6.0 Marshmallow), than its competitors.

2. You Can't Back Up the Database

I personally ditched Google Authenticator after I decided to switch my phone. As I got the new phone ready by transferring all my messages, call history, and other data, I soon learned that all the accounts I set up tokens for couldn't be transferred to the new phone. A quick Google search revealed to me the sad truth: I had to redo all the accounts on the new phone. After my second phone switch, I decided to switch to Authy, and I have never looked back.

Privacy advocates argue that Google's avoidance of cloud storage improves security since it can be compromised. However, there are security measures in place (namely encryption) to protect the database, so it's mostly a moot point. Additionally, the convenience far outweighs the risk potential.

Google could have at least let you save an encrypted backup locally that was transferable and protected using a passcode, but the fact that there is nothing in the form of backup is a poor design choice. If you lose your phone or it is stolen, you can't access any of the accounts with 2FA protection unless you contact each site's technical support.

Compare this to 2FA apps such as Authy, Duo Mobile, and LastPass Authenticator which let you save encrypted backups and use them to set up new phones. Authy and LastPass Authenticator even let you sync the database across multiple devices in case you want your database on two or more devices (such as your smartphone and tablet).

3. There's No Passcode Protection

With 2FA acting as your second line of defense, you would think Google would include some way to protect the database of tokens stored in Authenticator. While phones do come with a lock screen that can be passcode protected, there are lock screen bypass hacks for both Android and iOS out in the wild. Without individual protection for the app, someone could use the unprotected Google Authenticator app to access your accounts (along as they know the account password) and the data within them.

Authy and LastPass Authenticator let you set a PIN code to authenticate the user before the app can be opened. And for convenience, you can also use the fingerprint scanner (Touch ID for iOS) or Face ID (only on iOS) to unlock the database as well. This security measure shows that Google Authenticator's competition recognizes the importance of these codes and how they need to be protected with the same urgency as your passwords.

4. Authy & Duo Mobile Are Better with 3rd-Party Sites

While Google Authenticator has been considered the standard for 2FA support for years, it is no longer the best. Most of the competition have the same widespread support, being able to provide tokens to any website supported by Google Authenticator. However, Google Authenticator has also been surpassed in some ways as well.

Apps such as Authy and Duo Mobile offer better support for social media websites and third-party services. Combine this with the fact that these two apps support the same sites as Google, and you see how using Google Authenticator makes less sense.

Even though, at the time of this writing, Google Authenticator is the number two free tool on the Play Store, it is undeserving of its popularity. We've come to expect more because the reputation of Google and its apps. But Authenticator looks to be on its way out, and right now, you are far better off using Authy, LastPass, or pretty much any other option for your 2FA needs.

Cover image and screenshots by Jon Knight/Gadget Hacks

Be the First to Comment

Share Your Thoughts

  • Hot
  • Latest