2y ago

The Best Two-Factor Authentication App? (iOS)

What’s your prefer two-factor authentication app for iOS?

I'm looking for an app that offers the best combination of platform compatibility (preferably available on Mac OS, iPad OS, and iOS), security, usability, and reliability.

It would be great if the app is open source and has a backup feature as well.

I came across a recent Wirecutter article from The New York Timesthat recommends Cisco DUO Mobile as the top choice, followed by Authy and Google Authenticator.

I would greatly appreciate your insights and security perspectives.

Thank you!

32 comments

Authy works well for me
- Authy is very concerning lately https://www.androidpolice.com/authy-hacked-what-to-know/
  
  the security team found out that only 93 Authy users out of 75 million were affected
  Also this was a social engineering attack and if you’re syncing your 2fa seeds then you should be encrypting them with a secret. Cracking that should take years if not more.

Raivo

If you also use a password manager, then 1Password is what I use since it handles both and does cross platform and can auto fill on mobile.
- Any solution that holds both together… is not really a 2fa solution imo.
  
  True but still better than no 2FA. Would be great if these password managers informed a second level of security (ie different password) into their 2FA.

Surprisingly, Microsoft Authenticator works very well. On iOS it lets you back up your authentication tokens to iCloud and on Android I believe there is some way to do this too (I don’t have an Android phone so idk). I would avoid Google Authenticator because to the best of my knowledge there is no way to back up, and at some point in the past it crashed on me and I lost all my 2FA logins, which was a huge pain to recover from.
- Authenticator allows you to back up your passcodes to to your google account. I actually prefer DUO’s way of backing up 2FA codes by protecting them with a different password. I don’t like google’s approach as it basically means that if your google account is compromised then the attackers have the keys to the castle.

Since you only listed apple platforms you can also just use the built in options for both password management and 2FA.
Edit: https://support.apple.com/en-ca/guide/iphone/ipha6173c19f/ios
There are even plugins for browser on windows for it if needed.
Lacks advanced family password sharing and other features but it is hard to beat for ease of use for an individual who mostly uses apple devices.
- The only gripe I have about this is that third party browsers on MacOS don’t support Passkey. If you use Safari it’s absolutely wonderful, but…safari.
  Still though, it isn’t incredibly difficult to just go into Settings to get passwords, but it’s still a pain.
  
  They released a Chrome and Edge extension to support 3rd party browsers about a year ago. I have never tried it but I noted it lets you be cross platform with the password feature.
  https://support.apple.com/en-ca/guide/icloud-windows/icw76039ec0f/icloud
  
  This is pretty much the reason I use 1Password. I don't like Safari, and it has reasonably good UX and extensions for all browsers + native apps.

There's 2FAS. It's open source, available on Android and iOS as well as on desktop through the browser extension.

Bitwarden, you can self host if you prefer.

I have been a big fan of authy for a few years. Works well for me.

I teally like Aegis!
- It's only on Android, OP is asking for iOS.
  
  Oy vey! I totally missed that. 😕

I use a yubico hardware key, for all of my TOTP and bitwarding password manager and my Google Voice for the 2FA

If you wear an Apple Watch DUO has a watch app and so I’ve migrated all my accounts that support duo to it so I can leave my phone in my pocket and just look at my wrist

I just use a keepass vault and KeePassium (Strongbox is also great) after deciding I don’t trust Authy.
Biggest advantage over Authy for me is that I control the data and that the solution is open source.
Vault is synced locally with syncthing but a vault on a cloud drive requiring a key file that is local is also a good option.
Backups are easy. KeePassXC can be used on the desktop for totp.
Vault is not kept with my password vault.

I use OTP Auth. Syncs via iCloud and has an Apple Watch app. Plus allows export which is convenient for if I ever want to switch platforms back to Android.

I am all-in on Bitwarden - and I use Apple's 2FA with a widget shortcut to Passwords in settings to unlock Bitwarden. For maximum security it makes sense to keep your OTP in a separate app, but if you choose to keep them in Bitwarden, it will add your 2FA codes to your clipboard after inserting your login and password on the site. Extremely convenient.
Bitwarden is light, multi-platform, will support Passkeys, open source, offers username and password generation, free (and VERY cheap if you want to unlock sharing). In my opinion nothing comes close.

On Android I use Aegis

32 comments