In our Passkey article last month, we said we would cover Microsoft Authenticator. Microsoft has been warning users that the “authenticator app” would be shutting down passwords (effective 8/1/25) and that users of the app would be prompted to set up passkeys. We are going to cover authenticator apps in this month’s article.
What exactly is an authenticator app? If you use your phone or tablet to log in to any type of personal account, you may be interested in using an authenticator app. Authenticator apps are simply security tools designed to help protect your online accounts. It is important to protect your data and to use strong and reliable methods of authentication. We are all familiar with suggestions to use strong passwords. Using a password manager app is one security option available. They offer encrypted storage, autofill and password generation features. Another security tool that offers two factor authentication in addition to strong passwords, is the authenticator app.
Authenticator apps are downloaded on to your phone or tablet to provide easy “identity verification” methods by generating number codes you enter along with your credentials necessary to access your account. They provide an extra layer of protection in case an attacker obtains your password. These apps use (2FA) two-factor authentication to gain access to a website or application. Users must successfully present two or more distinct types of evidence (or factors) to prove they are the owner of an account. These apps work on a TOTP verification model. Time-based one-time password (TOTP) is a randomly generated and constantly refreshing code, instead of an SMS (short message service) text. The authenticator app contains the key material that allows the generation of these codes. If a hacker steals your login credentials, they still need the unique code from your authenticator app to access your account.
Microsoft Authenticator came out in 2016 and has been downloaded millions of times. It is a free app that helps you sign in to all your accounts without using a password. Instead, you use a fingerprint, face recognition or a PIN. You have to set up the application and receive a time sensitive six- or eight-digit code that you must enter when logging into your accounts. It is useful for quick sign-ins and is faster than email or text codes. Authentication apps offer an extra layer of security and are critical in securing your online accounts
Google and Microsoft both have their own authenticator apps and are free to use. Other authenticator apps include LastPass, Twilio Authy, Cisco Duo, Yubico, & FreeOTP. Apple does not have a dedicated authenticator app like Google or Microsoft, but it does offer two-factor authentication features with the use of passkeys integrated within its settings for securing Apple accounts.
The Bottom Line: Using an authentication app is not foolproof. You could still be tricked into entering your one-time password on a fake log-in page. Several applications still do not support authenticator apps and require the use of passwords. Next month we will cover flaws discovered within password managers. Always choose strong and unique login credentials. Criminals continue to get their hands on data and peddle the information on the dark web. The scale of cyberattacks are evolving in ways that are becoming much harder to contain, track and remediate. 82 percent of data breaches last year involved information stored in the cloud. Stolen credentials continue to be a leading cause of data breaches.
A final reminder that Windows 10 support ends on 10/14/25. If you have any questions, please give us a call. All iPhones, iPads and Macs need to be updated. A dangerous security flaw involving maliciously crafted images causing memory corruption was recently patched. Go to settings, select General and click software update.
Two Techs – your locally owned computer support company. Find us on the web at www.twotechs.com or email us at: support@twotechs.com or call 352-200-2365. USF, MIS, MCP, A+, Network+ & CISSP (References used; Techtarget, Microsoft, Lifewire, ZDNet, Forbes, CNet)