In the wake of near-constant data breaches, here’s a tip: Use encryption everywhere you can. The easiest way is to enable multi-factor authentication (MFA) for your online accounts with an authenticator app. The goal is to make it so that logging in requires not just a password (something you know) but a one-time passcode from the app on your phone (something you physically have). All the apps on this list do this, but some offer additional features, such as password management or desktop extensions. Our Editors’ Choice winners in this category are 2FAS, Aegis, and Stratum, because they’re easy to set up and don’t require much personal data. But they aren’t the only ones we recommend, so read on for more of the best authenticator apps we’ve tested and how to choose the right one for you.
Deeper Dive: Our Top Tested Picks
EDITORS’ NOTE
March 19, 2026: With this update, we added Authy as our latest best authenticator app for watchOS. Our remaining picks have been vetted for currency and availability. Since our last update, we’ve retested all the authenticator apps in this category.
Best for Minimal Data Collection
2FAS
- No account signup required
- Includes extensions for popular browsers
- Limited data collection
- Helpful video tutorials
- Lacks support for wearable devices
- Limited exporting capability
2FAS is free, collects minimal data, works across all your devices, has a helpful browser extension, and, unlike some competitors, doesn’t require you to create an account or log in to use all its features. 2FAS is an open-source project run by a group that focuses on improving online safety, which is a plus.
Platforms: 2FAS is available for Android and iOS devices. There are also browser extensions for Brave, Chrome, Edge, Firefox, Opera, and Safari. I tested the 2FAS app on an Android device using Google Chrome. Notably, 2FAS doesn’t offer apps for watchOS or wearOS.
Signup Requirements: You don’t need to hand over an email address, phone number, or any other personal information to use the app, and 2FAS doesn’t require you to create an account.
Data Collection: Both the Android and iOS versions of 2FAS appear to collect only minimal data, with Diagnostic data collection reported for the iOS app but none for the Android version.
Token Exporting and Importing: You can import your old tokens from competing apps, including Aegis, Google Authenticator, and Stratum. 2FAS doesn’t generate generic token lists that can be easily imported to other apps, but some apps, like Aegis Authenticator, accept 2FAS export files.
Privacy Protectors: 2FAS is one of the best authenticator apps we’ve tested, earning it an Editors’ Choice award for the category. That means we think just about anyone will appreciate how easy it is to use 2FAS to add MFA to all their online accounts.
- No data collection reported
- Thoughtful interface customization options
- Helpful exporting and importing choices
- Easy backups
- Only works on Android
- Lacks wearable support
Aegis Authenticator doesn’t collect any data, and we found it easy to import and export our tokens to and from other authentication apps. The only real drawback is that the app only runs on Android devices.
Platforms: Aegis is only for Android devices. No desktop, iOS, or wearable versions are available.
Signup Requirements: The app does not offer options to create or sign up for an account, which is ideal. Generating tokens isn’t a data-hungry process, so apps in this category that don’t require email addresses, phone numbers, or other information are preferred.
Data Collection: According to the Google Play listing for Aegis Authenticator, the app does not collect any data. The app’s privacy policy is just three sentences long and states that it only requires camera access to scan QR codes, which appears to be accurate.
Token Exporting and Importing: Aegis can import token lists saved by other apps as plain text files. It can process special files from 17 competing apps, including 2FAS, Authy, Battle.net Authenticator, and Steam. You can also import tokens directly from another app if it’s installed and you’re willing to grant Aegis Authenticator root access. You can also export your token list to use it in another app.
Android-Only Customers: Anyone who uses an Android device will find Aegis Authenticator helpful. We were particularly impressed by its customization options, designed to secure your tokens and speed up your workflow.
Learn More
Aegis Authenticator Review
- No account signup required
- Supports logins using Microsoft Verified ID
- Exporting and importing are not permitted from other apps
- Lacks support for wearables
We like Microsoft Authenticator because it makes it easy to protect and log into your online accounts using your phone. It’s free, and you don’t need a Microsoft account to use its authentication functions.
We like Microsoft Authenticator because it makes it easy to protect and log into your online accounts using your phone. It’s free, and you don’t need a Microsoft account to use its authentication functions.
Platforms: Microsoft Authenticator is available for Android and iOS devices. It does not support desktops. There’s also no Microsoft Authenticator app for Android Wear OS or Apple’s watchOS.
Signup Requirements: You don’t need to create or sign in to a Microsoft account to generate or store MFA codes in the app, which is great. Authentication only requires token generation, which is not particularly complicated.
Data Collection: Some authentication apps collect far more data than their stated functionality requires. The Android and iOS versions of the Microsoft Authenticator apps collect location and diagnostic data, which isn’t unusual.
Token Exporting and Importing: If you’re switching from another authenticator app to Microsoft Authenticator, the process isn’t easy. You can’t import your login token list from other apps, unlike other apps. Instead, you’ll need to remove the old 2FA tokens from your accounts and manually add each one again in your new Microsoft Authenticator vault.
Minimalists: A streamlined home screen with an intuitive layout makes Microsoft Authenticator very beginner-friendly. The app also hides your codes by default, which is an excellent security feature.
Learn More
Microsoft Authenticator Review
- Account creation is not required
- Passcode and biometric app unlocking
- Can manage codes for multiple accounts
- Easy to use
- Collects a lot of data
- Limited importing options
- Lacks support for wearable devices
Google Authenticator is free, and if you have a Google account, setting up and transferring codes is easy. Generating codes was painless in testing, and we appreciate the app’s intuitive interface.
Platforms: Google Authenticator is available for Android and iOS devices. The app does not offer support for wearable devices.
Signup Requirements: You can use Google Authenticator without an account, which is ideal. If you sign in to your Google account, though, you can sync your codes across other devices that are signed in to the account.
Data Collection: Google Authenticator collects more information than the other apps I’ve reviewed. It siphons personal info from at least six data categories on your device, including your phone’s contact list, photos, phone number, and physical address.
Token Exporting and Importing: Unfortunately, Google Authenticator’s exporting and importing policies don’t allow for easy switching between competing apps. If you want to transfer your codes to the Google Authenticator app on a different phone or tablet, navigate to Transfer codes > Export codes, select the tokens you want to transfer, then scan the generated QR code with the app on your new device.
Google Loyalists: Google Authenticator is the easiest to use when you’re logged into your Google account. We were also surprised by how much data the simple token-generation app collects from your device, so, again, this is an app for people who really trust Google.
Learn More
Google Authenticator Review
- Attractive apps for Android and iOS
- WatchOS compatible
- Requires account creation and phone number
- No easy exporting or importing options
- Limited dashboard customization options
Authy has been a powerhouse in the authenticator market for many years, even before its acquisition by Twilio in 2015. Its user interface looks great, and during the latest round of testing, the app performed well.
Platforms: Authy is available on Android and iOS, and it’s the only app on this list that works with watchOS.
Signup Requirements: Authy needs a phone number to work on your mobile device, which isn’t ideal. You can register the app with the same account across multiple devices, though Authy doesn’t offer multi-device registration by default for security reasons. You’ll need to enable it in the Settings menu.
Data Collection: Some authenticator apps collect more data than others, especially given their highly specific functionality. According to the Google Play Store, the Authy app for Android may collect your email address, location data, and phone number.
Token Exporting and Importing: Authy does not allow you to import tokens from competing authenticator apps. This makes switching from a different authenticator app to Authy pretty time-consuming, especially if you have a lot of accounts.
App Monogamists: If you’re a loyal customer, pick Authy. It’s not a great app for commitment-phobes, as it can’t export your tokens or import new ones, and it takes up to 30 days for your account to be deleted after you submit a request.
- No data collection reported
- Customizable UI
- Offline availability
- Easy to export and import tokens
- WearOS compatibility
- Only works with Android devices
Stratum is an open-source multi-factor authentication app backed by an active GitHub community. People with many different accounts to keep track of will appreciate the token categorization settings, and the app’s interface is easy to customize.
Platforms: Stratum only works on Android devices, including Wear OS devices. It’s the only authenticator app I’ve reviewed that supports Wear OS.
Signup Requirements: Authenticator apps are simple OTP code generators that should not require much, if any, data from you or your device. Stratum does not provide options to create or sign up for an account in the app.
Data Collection: According to the Google Play listing for Stratum, the app does not collect any data. On the app’s GitHub project, the developers state that the app requires camera permissions to scan QR codes.
Token Exporting and Importing: You can create copies of your Stratum token lists and import them into competing apps. The app prompts you to create a password to protect your backup files and to specify a local location for your backups. There’s an option in the Settings menu to set up an automatic backup schedule so you’ll always have a local copy of your tokens.
Authenticator App Enthusiasts: Stratum makes it easy to import and export your account tokens, back them up to local or cloud storage, or access them with a different app. That way, if you lose your phone or someone steals it, you can recover those tokens and log into all of your accounts.
Learn More
Stratum Review
Get Our Best Stories!
Stay Safe With the Latest Security News and Updates
By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy
Policy.
Thanks for signing up!
Your subscription has been confirmed. Keep an eye on your inbox!
Buying Guide: The Best Authenticator Apps for 2026
What Does an Authenticator App Do?
Authenticator apps are a multi-factor authentication method you can use to encrypt your online login credentials.
Simply put, MFA verifies that you’re the one logging into your online accounts. It secures your accounts with something physical that’s always with you, such as your mobile device or a hardware authenticator key. It’s harder for a hacker to access those things than it is for them to get your username and password combination from the dark web. Additional verification can include a code generated by an app on your phone or proving your identity via biometrics, such as a face or fingerprint scan.
All of the authenticator apps on this list generate time-based, one-time passcodes (TOTP or OTP), which are usually six digits that refresh every 30 seconds. Once you set up MFA, just enter the code from your authenticator app on the secure login page. “Time-based” means the code is valid only for a short time (usually under 1 minute), making it hard for anyone to steal it and log into your accounts.
I spoke to the former US Army whistleblower, Chelsea Manning, in 2024, when she was a security consultant at Nym, a VPN provider. She told me that when people encrypt their online data, it becomes a little harder to steal.
“The more layers of encryption, and the better and the stronger your encryption methods are, the more secure data in transit can be,” said Manning.
For more, see our article on what MFA is and how to set it up.
What Should I Look for in an Authenticator App?
Data Collection Practices
Authenticator apps don’t have any access to your accounts. After the initial code transfer, they don’t communicate with the download site; they just generate codes. You don’t even need phone service or an internet connection for them to work, which is why we take particular umbrage with authenticator apps that engage in excessive data collection. Data collection veers into “excessive” territory when an app collects data from device categories unrelated to its primary function.
(Credit: Google/PCMag)
In the example above, Google Authenticator may collect data from your Contact List and photos. This too much data for an app with a simple purpose.
Backups of Account Info
When choosing an authenticator app, consider whether it saves encrypted backups of your account information in case you lose your phone. All the apps on this list support backups.
Exports and Imports
Consider apps that let you take your MFA token list with you when you switch to a new authenticator app. Aegis and Stratum Authenticator both allow customers to export their tokens and import token lists from competing authenticator apps. 2FAS and Google Authenticator allow you to import your old tokens, but if the apps generate export lists, they’re app-specific and not easily importable into other apps.
No SMS Codes
One common MFA method is a time-based one-time passcode sent to you by text message, but it’s not as secure as an authenticator app or a security key. Thanks to a vulnerability in SMS messaging, crooks can reroute text messages and intercept your codes. We recommend using authenticator apps that do not use SMS codes during setup to authenticate you or your device. Most authenticator apps don’t.
What’s the Safest Third-Party Authenticator App?
The safety of these apps stems from the developers’ underlying principles and protocols rather than any implementation by the individual software makers. In other words, your online safety comes down to your personal decision-making when engaging with apps, browser extensions, or other software. Sometimes it’s worth doing some research before trusting the company behind the app that protects your accounts.
Recommended by Our Editors
For example, an internet search reveals that 2FAS is an open-source authenticator created by a group focused on internet safety. With that knowledge, you may be more inclined to trust that product over an app created by a profit-driven entity such as Google or Microsoft.
Is There Anything Safer Than an Authenticator App?
It’s always better to use some kind of MFA than none, and authenticator apps are free, easy to use, and widely available. However, the top option for safety is a dedicated hardware key MFA device. Our top recommendation is the Yubico Security Key C NFC.
(Credit: Kim Key)
MFA security keys generate codes that can be transmitted via NFC or plugged into a USB port. Unlike smartphones, they are single-purpose, security-hardened devices that can help secure your Apple, Google, or Microsoft accounts.
Why are they more secure? Though not a common threat, a malware-infested app running on your phone could intercept the authentication codes produced by a phone’s authenticator app. Plus, if you lose your phone, all of your codes go with it. Security keys have neither batteries nor moving parts and are extremely durable—but they’re not as convenient as your phone.
Finally, remember never to install an unknown, unrecommended authenticator app, even if it looks good. Malicious impersonators have appeared on app stores. Stick with the best authenticator apps recommended here from well-known companies.
