Time to replace the old guard: Why Google Authenticator has to go Watch Now

I've been a Google Authenticator user since the dawn of two-factor authentication (2FA) apps. Released in 2010, it's one of those apps that I use all the time for authenticating logins into various websites and services. Using it has become second nature.

But it has downsides.

Must read: You're using your favorite iPhone and iPad apps all wrong

First, it runs on only a few platforms, specifically Android, iOS, and Blackberry.

Another is that you have to set it up individually on every single device you use. Not a huge drawback for those who live with a single smartphone in their hand, but if you "device surf" a lot, this can be a drawback because you have to have your smartphone nearby.

Note: As some readers have correctly pointed out, you can set up Google Authenticator on multiple devices, but for me that's more work, and a change to one of the installations would have to be done across all devices. One reader had the nifty idea of keeping a printout of the QR codes for the sides, and going down a list and scanning them in when having to set up Google Authenticator in the future. Nifty idea for sure.

Another drawback, and this is a big one, is that if you swap phones, you have to blitz the entire app and go back and sync up all the accounts again. This is where things get really tedious, and where it begins to feel easier to just turn off 2FA and take a chance.

Another drawback of Google Authenticator that a reader pointed out is no passcode or biometric lock on the app. And this ease of access to the app seems to allow malware to steal 2FA codes directly from Google Authenticator, giving you yet another good reason to dump the app.

So, I've been on the lookout for a new service, and there are a number out there. Password managers 1Password and LastPass both have built-in authenticator apps, but the one I went for is Authy. It's quick and easy to use and set up, runs on multiple devices and platforms, allows you to make backups, and the website is a wealth of information on how to secure accounts using 2FA.

Also: Protect yourself: How to choose the right two-factor authenticator app

While I did have to go through the process of setting up 2FA on all my accounts -- I even added it to a few more while I was at it -- hopefully it's the last time I have to do this. While I have had to change my workflow a little, the upsides of having switched away from Google Authenticator far outweigh the downsides.

So, if you are still using Google Authenticator, have a look around at the alternatives on offer, and if you don't feel like having to re-setup all your 2FAs right now, keep it in mind for the next time you replace your smartphone.

Is it risky "centralizing" this data? Sure, but I don't see it any more risky as using a cloud-based password manager.

See also: