Authenticator Apps - Is there any compelling reason to favor any given one of them?

britechguy

britechguy

Well-Known Member
Reaction score
4,028
Location
Staunton, VA
The two I know best are Microsoft and Google Authenticator apps, but I know there are others.

Since the trend in MFA is distinctly toward using an authenticator app on one's phone rather than text messaging, it makes sense to go that route. I have noticed that virtually everyone can work with either of those two, and probably a couple of others.

What is the thinking of those on Technibble about selection of an authenticator app?
 
From a personal standpoint I use a PW manager and the MFA code is provided within the PW manager app. But I do use Google's authenticator app for the MFA code to login to the PW manager when needed. Thats the only code that I have in the authenticator app.
 
I used Google's for a couple of years successfully - I had probably 60 accounts setup. Then, there was an update that made it not work as nicely - every code was hidden until you long-pressed it....something like that. It still worked, but not as smoothly as before. Then I got a new phone and there was a problem with the migration and I learned I would have to set everything up from scratch. I switched to the MS app just because I thought that would work better for M365. I've had no complaints on that one and I'm probably 8 months into it, I'd say...
 
Use the one that's configured for the world you live in.

I use Bitwarden for most things, but I have MS Authenticator for MS things. Google auth I almost never use, aside from the built in Google stuff attached to my Google account that MFA's itself via my Android.

I actively DO NOT recommend anyone use the MS or Google authenticators with anyone 3rd party, because they're overly difficult to rebuild when you get a new phone.

There's some logic that says MS Authentictor is on its way out! Outlook mobile will be an authenticator too soon.
 
Sky-Knight said:
Use the one that's configured for the world you live in.
Click to expand...

No snark intended, but how would Bitwarden fit into "the world you [generic] live in."

Essentially, if it's possible, I don't want my clients to have to use multiple authenticator apps. Any one that "works with everything, or nearly everything" would be fine.

For the latest client we got MS Authenticator simply because it's M365 that's the major thing involved. But if you could, for instance, use MS Authenticator for Google, and multiple third parties, to me that makes sense.

Of course, I'm willing to use SMS MFA, too, but that's not what I intend at the moment. Lectures not necessary.
 
Thanks to all who've been giving input. Just curious if anyone has tried/is using Duo (from Cisco)?

2FAS looks interesting, and I like open source software.
 
  • Like
Reactions: GTP
@britechguy Bitwarden is easier to move to a new phone when I need it.

Microsoft Authenticator is linked to a personal Microsoft account, that account must be secured, because if you lose it... game is over. The nature of recovering these accounts when they're lost is inordinately difficult.

But yes, it can do 3rd party stuff, and it does a decent job of it. I just caution people against it because the recovery procedures are several orders of magnitude more difficult than a 3rd party password manager like Bitwarden.

Whatever authenticator anyone chooses for themselves, they must take the time to document and test the recovery processes involved with it in advance of the fault.
 
I use both Microsoft and Google authenticators. Not because I carefully evaluated the choices, it just evolved, based on what service I was using and what they supported.

Right now I’m a little concerned as I may need to wipe my phone to solve a different problem, and I’m not really familiar with how to get those apps back to where they are now.
 
It is best to test recovery of a mobile device, with another mobile device.

Get a used phone off Swappa or something.
 
timeshifter said:
I use both Microsoft and Google authenticators. Not because I carefully evaluated the choices, it just evolved, based on what service I was using and what they supported.

Right now I’m a little concerned as I may need to wipe my phone to solve a different problem, and I’m not really familiar with how to get those apps back to where they are now.
Click to expand...
Just use Samsung Smart Switch. Perfect. Restores everything. Its already on your phone. (assuming its Samsung or Android)
 
Early on I had multiple auth apps on my phone.
Of recent...oh....over 5+ years...my accounts are mostly in Microsoft Authenticator.

I do happen to have DUO on my phone, because we resell DUO to clients that require MFA at their computer login, terminal servers, servers, etc.
We don't have it used for 365 or other things. I only have my clients accounts on DUO and our primary DUO partner account login.

At work we keep our "shared logins" in our documentation/password management system..HUDU.

Back to Microsoft Authenticator, I have around 20x accounts in there....my work 365, my personal 365, my facebook, linked in, Google account, and a whole plethora of accounts for various services I use at the office where I use just my own login....like DNS Filter, SyncroMSP, GravityZone, PAX8, etc etc.

Microsoft Authenticator backs up using your PERSONAL Microsoft account. I initially hated the fact that they didn't allow it to back up to your WORK 365 account. However, I later learned why Microsoft doesn't do that...conflicts with app protection policies and InTune policies...could lead you down a nasty "chicken and the egg" scenario. It does restore quite nicely, a few accounts may need to be re-verified. I've gone through that at least 3 or so times since using Microsoft Authenticator....never lost anything. On the new phone, since the built in phone services can't back up the actual account settings, MS Auth app will be blank...upon first launch, you want to make sure it's not logged in..and choose "restore from backup". That brings you to a wizard to sign into your Microsoft personal account..and then it will restore in a few minutes.

...of course, your Microsoft personal account should be itself secured and MFA'd...if someone busts into that....ugh.
Supporting clients...this is always something to have to deal with whenever they get a new phone. Since most don't know to back it up to a personal account. So it's starting all over again for their 365 account...but that's not really difficult at all. This is one advantage DUO has...within the DUO account, ALL of the accounts within the DUO app are backed up within that a little better...assuming the "enable backup of 3rd party" is enabled in the app. So get a new phone, retore DUO, and they're all back pretty easily.

However, since we're Microsoft-centric...and focus on 365...I like how Microsofts Authenticator app has more features specific for 365 accounts, such as the "numbers matching" way to authenticate, as well as showing the map with the geographic location of the log in attempt. And...the type of app requesting the login. It's pretty slick!
 
The apps all work the same way, there's no difference in implementation of security. The page generates a key, the app saves the key. The code displayed is based upon the key and the current time. It's not reaching out to any server for data. In fact, you can turn on airplane mode and still use the authenticator apps.

Just use the one you like and has the backup and restore features you want. I use MS Authenticator, only because it's what was "required" by work in another life.
 
How does Yubikey fit into this as I hear about it a fair bit but trying to understand is it actually something else or is it just a rebranding with physical security keys for MS and/or Google Authenticator?
 
Blues said:
How does Yubikey fit into this as I hear about it a fair bit but trying to understand is it actually something else
Click to expand...

Yes. It's a hardware authenticator. It's as close to a literal key, as we think of it for doors, as you can get for 2FA. You have to have it on your person and insert it in order for it to be read.

It's not an authenticator app, which while they perform the same basic function, do so quite differently.
 
I use Google authenticator, keep it on two devices, an Android phone and an iPad, and back up the accounts from my phone to my iPad when I add a new one. I chose Google over Microsoft because I have seen Microsoft Authenticator just plain old not issue codes, especially when trying to set up an account. I now also keep the account online at Google, although it kind of defeats the purpose if someone's Google account gets compromised. I've seen plenty of clients who don't know they need to keep the authenticator backed up, or need to migrate it to new devices, who are then stuck trying to recover accounts when they get a new phone. It's a topic I bring up when I see authenticator apps on their phones, and I let them know I'm available to help them migrate the accounts when they upgrade their device, rather than having the phone store do it for them wrong.
 
You must log in or register to reply here.

Similar threads

Porthos
Microsoft 365 apps say farewell to Internet Explorer 11 and Windows 10 sunsets Microsoft Edge Legacy
Replies
5
Views
4K
HankArnold
HankArnold
phaZed
[SOLVED] How to uninstall Forticlient AV that was installed from EMS management dashboard?
Replies
2
Views
17K
Your PCMD
Your PCMD
Kitten Kong
AppRiver to stop selling Office365.
Replies
5
Views
2K
Slaters Kustum Machines
Slaters Kustum Machines
Back
Top