An authenticator app generates special login codes for you to verify your identity online. Wondering why you need these codes when you have passwords? We'll explain that and more below.

What Is an Authenticator App?

An authenticator app is a desktop or mobile application that secures accounts, apps, financial transactions, and more with six-to-eight-digit, time-based, one-time passwords (TOTPs). You can use each code only once. It expires after a set amount of time-usually 30 seconds-after which a new code shows up.

In most cases, people use an authenticator app for multi-factor authentication. Here, the app provides an optional second layer of protection for digital accounts. With such an app in place, logging in is possible only if you use your, username/password or fingerprint and the verification code.

Why You Need an Authenticator App

An account secured with a password is safe only as long as the password is not compromised, which isn't guaranteed, especially given the prevalence of cyber threats. That's why we recommend using a combination of the following identity verification methods:

• Something you know (password, PIN, or pattern recognition)
• Something you have (physical security key, an authenticator app, or an SMS)
• Something you are (biometric recognition, usually using your voice or your fingerprint)

Since your smartphone is with you most of the time, it makes sense to use it as a second method for authentication. That's where an authentication app comes in: It allows you to generate backup codes for various online accounts. So even if your password gets stolen, the hacker can't access your account without the login code that goes with it (and neither can you).

You're not restricted to mobile apps for authentication, but we don't recommend using desktop authenticator apps. Use a mobile app from a trusted developer.

How to Set Up and Use an Authenticator App

We have already shown you how to set up and use Google Authenticator. We have also covered instructions for Microsoft Authenticator.

Regardless of the authenticator app in question, to set it up, install it from the relevant app store and create an account if prompted.

The steps to generate codes for a third-party account vary from app to app, but they generally follow the same pattern:

1. Open the settings for your online account and follow the prompts to enable two-factor or multi-factor authentication if it's supported.

2. Ensure that you can see an alphanumeric key and/or a QR code on your screen.

3. Log in to the authenticator app on your device and tap on the option to add a new account.

4. Either copy and paste the key from your online account or scan the QR code.

5. Enter the code generated by the authenticator app in the relevant field in your online account.

   

6. Follow the prompts to finish the setup.

7. Back up the recovery codes provided by your online account. If you're unable to access your authenticator app, you can enter one of these codes to regain access to your account.

Following the backup and recovery instructions outlined by your authenticator app is a must. It will come in handy if you lose your device, uninstall the app accidentally, or if you want to move to a new device.

How Do Authenticator Apps Work?

When you set up TOTP-based authentication for an account, a secret algorithm embedded in the QR code (and the key) uses the current time to generate a special code; the server for the account you're logging in to also uses the same information to come up with the same code. Only the app and the server "know" these credentials.

When you log in to the account in question and enter the code at the relevant prompt, the account server compares what you entered to what it has generated. If they match, you're in. If not, you're denied access.

Why Choose An Authenticator App Over SMS?

You can also generate verification codes via SMS by linking your mobile phone to your online account. However, we recommend generating codes via an app for a few reasons. An authenticator app:

• Enforces extra security via your device PIN or biometric lock
• Stores codes locally. SMS is unencrypted and vulnerable.
• Regenerates codes every few seconds. SMS OTPs are active for several minutes, giving hackers plenty of time to intercept them.
  
• Is immune to SIM swapping
• Works completely offline (even in Airplane mode!), unlike SMS, which requires a mobile network connection.

Of course, SMS authentication is always better than no multi-factor authentication. Besides, an authenticator app can be as insecure as SMS if you screenshot the QR code provided during setup and save the image where anybody can access it. The same applies if you leave your device or the recovery codes unprotected.

In any case, if you decide to go with an added layer of security, an authenticator app (or even a physical key) is a safer bet compared to SMS. Some apps and websites have even done away with SMS authentication altogether.

We recommend enabling multi-factor authentication for popular online accounts and everywhere else the feature is available. Install the same authenticator app across all of your devices for quick access to codes.

If your password manager has a TOTP-generation feature, you can use that to generate codes instead of installing a standalone authenticator app.