The most important thing you can do to increase your online security, alongside using a password manager, is to enable two-factor authentication. After interviewing three experts and testing seven authenticator apps, we think Authy has the best combination of compatibility, usability, security, and reliability.
When you log in to an online account with two-factor authentication enabled, the site first asks for your username and password, and then, in a second step, it typically asks for a code. Even if someone gets ahold of your username and password, they still can’t log in to your account without the code. This code, which is time-sensitive, can come to you via SMS, or it can be generated by a two-factor authentication app, such as Authy, on your phone. When you open Authy you see a grid with large icons that makes it easy to find the account you’re looking for, copy the security token, and get on with your day.
Compared with other authentication apps, Authy is also available on more platforms, including iOS, Android, Windows, Mac, and Chrome, and it features PIN and biometric protection for the app. Unlike most other two-factor authentication apps, Authy includes a secure cloud backup option, which makes it easier to use on multiple devices and makes your tokens simple to restore if you lose or replace your phone. The fact that the backup is optional lets you decide what, if any, security risks you’re willing to make in favor of usability. It’s run by Twilio, a reputable company that clearly outlines its security practices and updates Authy frequently.
Thorin Klosowski is the editor of privacy and security topics at Wirecutter. He has been writing about technology for over a decade, with an emphasis on learning by doing—which is to say, breaking things as often as possible to see how they work. For better or worse, he applies that same DIY approach to his reporting.
Get our newsletter
Our latest reviews, staff picks, and more in your inbox