As privacy issues continue to grow, the use of two-factor authentication (2FA) applications has become a necessity. In addition to Google and Microsoft, a handful of players offer their 2FA applications new and innovative features. Authy and LastPass Authenticator are rapidly gaining popularity among 2FA applications.
Authy provides a beautiful interface, pleasant to the eyes and functional. It offers multi-device synchronization with cloud backups. Useful when you lose access to your smartphone.
LastPass is a popular password developer that has released a 2FA application that offers cloud backups and multi-device synchronization.
It's time to see which 2FA you should trust with your online world and why.
1. User interface and use
Surprisingly, Authy and LastPass Authenticator adopt a red theme. As with most 2FA applications, the layout is quite simple. There is a plus sign to add a scan and add 2FA codes quickly, either by scanning the QR code or entering the key manually. For me, scanning a QR is faster and easier.
It may seem strange to you that Authy asks for your mobile number when you launch the application for the first time. This means that you need an active SIM card. However, this raises the question of switching SIM cards (more on this later).
Authy extracts the logos from the most popular sites, making it easy to identify codes in a sea of text. LastPass Authenticator lacks this simple but useful feature, making the user interface less attractive and more difficult to navigate. In addition, Authy supports list and grid views.
Overall, both apps have an almost identical user interface and make it easy to add and read QR codes on the fly, but Authy does it better.
2. Backups and restoration
Authy will ask you to enable the backup option when you scan a QR code for the first time. Of course, you can still activate it later from the application settings. After that, Authy will encrypt them on your device first, and then back up all the codes on its servers.
And if you lose your phone or it gets stolen? If you lose full access to your phone, you will need to download Authy on a new device. However, you must use the same phone number to log in and start the recovery process. Before you can access the codes, you must decrypt them using the backup password that you created at the time of the backup. Nobody has access to this backup password. If you lose it, even Authy will not get it back for you. So be sure to keep a very safe and secure location.
LastPass follows a similar process. When you enable the backup option, the codes are encrypted and stored on the LastPass servers. But there is a difference. You will need a LastPass account. It also offers a password manager that will manage your passwords.
LastPass provides a detailed tutorial on the procedure to follow. Basically, you must connect the Authenticator application with LastPass and enable the Multifactor option from the settings. You can then decide to store everything locally (encrypted) or keep everything online that will require an active Internet connection to connect. Multifactor authentication does not work offline, which makes it redundant, in my opinion.
Unlike Authy, your account is linked to your LastPass account. Some users claim that it is more secure to keep everything locally and not to perform cloud backups. In this way, you are protected against SIM card swap attacks because the only way to access 2FA codes is to steal your device. Big luck. Hopefully the LastPass server will no longer be hacked.
You must know now that Authy uses the SIM card number to register the device on their servers. To avoid SIM card swap attacks, Authy has a multi-device feature. This means that you can install Authy and log in only to retrieve codes when the option is enabled. Therefore, we recommend that you disable this option when you are not using it.
LastPass uses a similar technique in which you can allow specific devices to install their 2FA application and recover your codes. This option is available under Settings> Mobile Devices.
This is a simple but effective way to prevent unauthorized devices from forcing access to your authentication applications.
A key difference is that instead of the SIM card, LastPass Authenticator depends on your LastPass account, which requires an email id to register. It is therefore recommended that you also use 2FA for your email provider. If you lose access to your LastPass account and your email ID, you can recover it using your SIM number (phone recovery option).
4. One-click approval
LastPass Authenticator comes with a unique feature that is currently not supported by any 2FA application. When using LastPass Password Manager with the Authenticator, you do not need to enter the user ID and password. This information will be automatically filled in.
There is more – you will not have to enter the 2FA code either. You will receive a pop-up notification with an option to approve or reject the connection in the notification center. Just tap on it and you're good. The feature works with most popular sites and apps.
5. Platform and pricing
Authy and LastPass Authenticator are free. There is even a free version of LastPass Password Manager, which should be enough for most users.
Authy supports Android, iOS, Windows, MacOS and Chrome browsers. Meanwhile, LastPass Authenticator supports Android, iOS and Windows only.
Security or convenience?
Confused? Let me simplify. If you use LastPass Password Manager, the use of LastPass Authenticator makes sense, especially if you pay for premium service. You get a one-click connection and automatic password entry, so you can quickly connect wherever you want.
Authy has become the absolute reference for 2FA applications for a good reason. He has a clean criminal record, his UI is better and he automatically retrieves the logos of most services.
Then: Do you use Google Authenticator as the default 2FA app? Find out why you should move to Authy today.