There are currently several password authenticator apps available for a range of devices, but which ones are best for securing your social media accounts and websites? That’s the purpose of this list: to bring together the top five password authenticator apps so you can improve your online security.

In the last decade, the growth of digital crimes has increased the relevance of mechanisms related to cybersecurity, one of these examples being password authenticator applications.

Brazil, by the way, is one of the current epicenters of digital crimes, as, in January of this year, the Central Bank revealed the leak of personal data linked to people with Pix keys. Other leaks have occurred earlier, making Brazil a haven for scams.

Recently, a survey by NordVPN revealed that over 720,000 Brazilian bank details were sold on the dark web.

According to the Director of the Institute of Technology and Society of Rio de Janeiro, Ronaldo Lemos, the identification system used in Brazil “collapsed”.

Lemos blames the negligence of the Brazilian government and points to “identity authentication mechanisms” as a solution. Therefore, with digital insecurity hovering in Brazil, tools to protect people’s data are important.

Password authenticator apps are an example of these tools, so let’s go to the top five list.

What are password authenticators

A password authenticator is a way used to confirm the user’s identity, that is, to digitally authenticate the veracity. This authentication is done through a system or application that confirms that the individual actually owns and controls the authenticator.

The most popular authenticators are the two-factor authenticators (2FA – Two-factor Authenticator). For these two-factor authenticators to work, the user must have at least two credentials to log into their given account. For example, confirmation SMS messages are a form of personal authentication, as is biometrics.

However, password authenticator apps work differently as they generate a unique code called with a deadline to enter. As such, password authenticators are considered an ideal option for enhancing security.

Anyway, let’s go to the list of the best password authenticator apps.

Top five password authenticator apps

5. Google Authenticator

Google Authenticator is responsible for creating the format of two-factor password authenticators.

The App generates tokens in numerical combinations for your device android or iPhone even without an internet connection. Thanks to this application, the TOTP algorithm (Time-based one-time password) was later adopted by other applications, increasing security by limiting the time in which authentication is provided.

Also, almost all sites that accept TOTP are Google Authtenicator compatible, which makes it the most popular in the category.

However, when commenting on the best password authenticator apps, Google Authenticator doesn’t take the top position as it doesn’t have a lot of functionality. In fact, the app hasn’t been updated for over two years.

4. Microsoft Authenticator

Since Windows is the most used operating system in the world, Microsoft Authenticator is a good choice for a password authenticator, especially for those using Microsoft applications such as Office, OneDrive, and Outlook.

The app also supports the TOTP algorithm and includes a cloud backup option, as well as a more accessible interface than Google Authenticator.

In addition, Microsoft Authenticator has authentication features such as biometrics, facial recognition, and PIN codes that allow you to easily log into Microsoft products.

The app is available for android and iOS and, again, it has a feature that Google Authenticator lacks: the possibility of account recovery if you change devices.

This option is not available if switching from Android to iOS, as the iPhone version of the app requires the use of iCloud. In fact, this is not Microsoft’s fault, but Apple’s.

3. LastPass Authenticator

This list would be meaningless without LastPass Authenticator, as this app is the password authentication extension of one of the best password management apps available.

Like all previous apps on this list, LastPass Authenticator is compatible with services that use the TOTPs algorithm, but also with notification authentication systems.

The backups are joined to the LastPass servers, that is, both the passwords and the authentication system are safe, since LastPass is considered one of the best in the area.

Similar to Google Authenticator in terms of interface and extra features, LastPass Authenticator isn’t as attractive, but it offers what’s needed for those who care to add more security to their accounts.

2. Authy

The current darling of cybersecurity enthusiasts is Authy. One of the reasons that makes Authy one of the best password authenticator apps is the combination of features, security and support.

Since LastPass Authenticator is basically an extension of LastPass, Authy is the only password authenticator app that has both smartphone and PC versions. In addition to Windows and MacOS, Authy is also available for PCs running Linux.

While this is the reason behind Authy’s great reputation, another factor is responsible for its huge popularity: cryptocurrencies. Authy is the official provider of password authenticator systems for large cryptocurrency wallets like Coinbase.

In addition, Authy uses the same algorithms as banks and the US National Security Agency to protect user data, so backups are encrypted and stored in the cloud.

With encrypted cloud backups and desktop application, Authy guarantees greater protection in case of cell phone loss. All this thanks to Twilio, the company behind Authy, which specializes in communication through cloud computing.

1. Aegis

The champion of the list – whose name resembles that of the dengue mosquito – surpassed Authy only in terms of safety. At the beginning of the text, we mentioned the large number of data leaks in Brazil, a problem that affects the privacy of many people.

As privacy and digital security go hand in hand, Aegis is the best choice as it is an open source password authentication app.

Unlike the applications cited in this list, Aegis does not collect data from users, emphasizing a higher level of security by allowing access to the application’s source code.

Aegis can import data from other password authenticators, including some mentioned in this list, such as Google Authenticator. It supports the TOTP algorithm, making it compatible with most applications and websites.

The negative points of Aegis are exactly the lack of resources that strengthens Authy. First, the app is only available for Android and the developers have stated that the expansion to other platforms “is not in the company’s plans”.

The second problem is that Aegis doesn’t have the cloud backup feature, but it’s understandable as the intent of Aegis is to prioritize security and privacy. Therefore, Aegis can only do cloud backups if the user has a cloud application that supports the Android Storage Access Framework. Nextcloud is the only one to support Aegis. It’s not possible to add other cloud storage providers because Aegis doesn’t have internet access and changing that “is not in the company’s plans”.

Even so, Aegis was chosen as the best among the top five password authenticator apps for its level of security and for not needing monetization, ensuring the privacy of users’ data.

Why is Aegis unknown better than other password authenticator apps?

Short answer: the app was developed on a non-profit basis.

Google Authenticator and Authy, for example, use cookies on their systems. Incidentally, the monetization model of password authenticator applications is based on subscription plans for the company. Lastpass from Lastpass Authenticator and Twilio from Authy make their products specifically for businesses.

Therefore, it is very difficult to gain access to information on how password authenticators use user data. Twilio is an exception, as it clearly states on its website that the companies on its customer list allow Authy to be free.

In contrast, Aegis security uses different systems. The application keeps sensitive data about users’ keys, as well as related information, in a file called a vault.

Thus, users can configure the application to store data in plain text or encrypted, with access only through password.

To ensure the security of Aegis, two cryptographic primitives, that is, the basis for creating cryptographic algorithms, are in the application.

Authenticated Encryption with Associated Data (AEAD) and Cryptographic Key Derivation Function (KDF) are such primitives.

The Advanced Encryption Standard in Galois Counter Mode using 256-bit keys (AES256-GCM) is used as the algorithm of the AEAD primitive to ensure the security of the vault.

When creating the first vault, Aegis generates a key based on the AES256-GCM encryption algorithm to, of course, encrypt the contents, called the “master key”.

Aegis allows opening vaults with various types of credentials (biometrics, password, QR-code), but each credential that can encrypt or decrypt the contents of a vault has its own slot. For example, there is a specific slot for the biometric credential.

Each slot therefore contains a copy of the master key encrypted with its respective credential. However, the master key’s security level depends on the credential level. Translation: weak passwords generate weak keys, but that’s the user’s responsibility.

Final considerations

Password authenticator apps serve as a good solution to increase digital security, but they are not perfect. A more secure alternative is physical password authentication keys.

Similar in design to thumb drives, a physical password authentication key is the highest level of authentication security. Only the owner can have access to the accounts, as they have physical access to the authenticator.

An example is the YubiKey 5 Series, compatible with several online protocols that allow its use in various websites and applications.

However, these devices are very expensive and if they are lost, it is gone. Goodbye to passwords and accounts as, unlike apps, physical keys do not have cloud backup capabilities.