Best Xbox Cloud Gaming Controllers and Accessories in 2024
6 Best Authenticator Apps For 2024
Authenticator apps are increasing in adoption as they add another layer of security to user identity verification. A study found 90% of organizations reported identity-related breaches last year, and authenticator apps are designed to help reduce this number.
Authenticator apps help individuals and organizations double-check user identity by using two-factor or multi-factor authentication to verify and authenticate user identities before granting access to them.
In this article, we will review the best authenticator apps in 2024 and explore their features, pricing and pros and cons to help you decide the right authenticator app for your business.
1 DashlaneEmployees per Company Size
Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+)
Micro (0-49 Employees), Small (50-249 Employees), Medium (250-999 Employees), Large (1,000-4,999 Employees), Enterprise (5,000+ Employees) Micro, Small, Medium, Large, Enterprise
Features
Automated Provisioning
2 ManageEngine ADSelfService PlusEmployees per Company Size
Micro (0-49), Small (50-249), Medium (250-999), Large (1,000-4,999), Enterprise (5,000+)
Any Company Size Any Company Size
Features
Multi-factor Authentication, Password Management, Reporting and Analytics, and more
Best authentication apps comparisonThe table below shows the key features of these apps, their pricing and how they compare to each other.
Software Biometric authentication Backup and recovery Authentication type Pricing Google Authenticator Yes Yes Time-based and counter-based codes. Free Microsoft Authenticator Yes Yes Time-based codes, push notifications, biometrics. Free Twilio Authy Yes Yes 2FA/MFA, OTP, soft tokens, push notification. Starts at $0.05/ successful verification Cisco Duo Yes Yes 2FA/MFA, FIDO2 for anti-phishing. Starts at $3/user/month Yubico Authenticator Yes Yes 2FA/MFA, FIDO2 UF, touch/tap-and-go authentication using NFC or USB. App is free; YubiKey starts at $29. FreeOTP Yes No (but available on FreeOTP+). 2FA/MFA, push notification, hardware tokens, token-less authentication. Free Google Authenticator: Best for secure offline authentication
Image: Google Authenticator
Google Authenticator is a multi-factor authentication app that generates unique, time-sensitive codes to enhance account security. The app works by generating time-based one-time passcodes that users enter in addition to their passwords when logging into their accounts. These passcodes are secure as they are generated locally (on the device) and not transmitted over the internet.
In 2023, Google Authenticator was updated to include backup capabilities through cloud syncing. However, users have reported issues with this feature.
Figure A: Google Authenticator dashboards. Why we chose Google Authenticator Google Authenticator made it to our list due to its offline authentication support through locally generated time-based passcodes.
PricingApplication is free.
Features
Image: Microsoft Authenticator
Microsoft Authenticator is another popular name in the authentication space. It is available to Microsoft, iOS and Android users and provides MFA through time-based codes, push notifications and biometrics. For enhanced security, you have the option to set up a PIN or use biometric verification to access the codes generated on your phone. The app also supports a password management feature that enables users to do things like accept verified IDs from organizations and save payment card details and addresses.
With Microsoft Authenticator, you can back up account credentials to the cloud, making it easier to restore them when you switch to a new device.
Figure B: Microsoft Authenticator cloud backup. Why we chose Microsoft Authenticator This authenticator was chosen for its flexibility displayed through its multiple authentication features such as PIN code, push notifications and biometric authentication for a seamless log-in experience.
PricingThe application is free.
Features
Image: Twilio Authy
Twilio Authy not only generates TOTP but also offers three other types of authentication: OTP, soft tokens and push authentication. It provides biometric authentication and multi-device functionality, enabling users to sync their 2FA tokens across new devices. This ensures easy access to accounts, regardless of which device is being used. Additionally, it allows users to deauthorize bad, stolen or retired devices for added security. Other notable features include an encrypted cloud backup and recovery, enhanced token protection with backup passwords, master passwords and PIN protection.
The app is available in both mobile and desktop versions.
Figure C: Twilio Authy 2FA. Why we chose Twilio Authy This tool was selected for its versatility across devices and platforms for authentication and security, simplifying access to online accounts regardless of the device or platform used.
PricingAuthy offers flexible, pay‑as‑you‑go pricing for multi‑channel user verification. Every successful verification is charged at $0.05. For a high-volume plan, contact the vendor for a quote.
Features
Image: Cisco Duo
Duo by Cisco is an easy-to-use cloud-based authenticator with a handy onboarding feature that enables new users to set up their accounts based on their security needs or priorities. It offers 2FA and MFA authentication and FIDO2 options for phishing-resistant authentication.
The desktop version (Duo Desktop) checks the health and security of endpoint devices with each authentication before providing access to protected applications and resources. Using the principles of zero trust, it provides IT teams with remote access to applications as well as adaptive access. The mobile version (Duo Mobile app) features a combination of location-based identity verification with push verification. This enables users to get a reading of their location before a log-in confirmation.
Figure D: DUO Desktop device health check. Why we chose Duo Duo made it to our list because of its robust security features available in both the mobile and desktop versions.
PricingIn addition to its free plan for up to 10 users (best for individuals or a small team), Duo offers a 30-day free trial and three paid subscriptions for medium to large enterprises:
Image: Yubico
Yubico Authenticator enables users to generate 2FA codes on both mobile and desktop devices. This authenticator app is compatible with major platforms including Windows, macOS, Linux, iOS and Android and can be easily set up by generating unique credentials via QR codes.
For individual users and enterprises with advanced authentication needs, Yubico Authenticator can be paired with YubiKey, a hardware security key that can generate one-time passwords using the OATH-HOTP and OATH-TOTP protocols. This key also allows users to store their credentials on a hardware security device and cuts off the need to rely on your phone to open an app. The ability to pair a physical key with the Yubico authenticator is what makes the app exceptional. The Yubikey also offers a seamless touch or tap-and-go authentication using Near Field Communication and supports FIDO2/WebAuthn and FIDO U2F for user access protection.
Figure E: Yubico Authenticator dashboards. Why we chose Yubico We chose Yubico for its rich hardware authentication features such as Yubico Security Key and touch authenticator using NFC or USB.
PricingThe Yubico authenticator app is free.; however, using the YubiKey comes at a cost, ranging from $29 – $95 depending on preferences of keys/protocols.
Features
Image: FreeOTP
FreeOTP is an open-source, enterprise-grade authentication solution whose repositories are constantly updated to enhance security. It provides various methods of authentication, including SMS, email, hardware tokens, mobile push notifications and tokenless authentication like QR code scanning. This authenticator integrates with several apps, services and protocols, making it suitable for different environments. In addition, it offers adaptive authentication that allows organizations to customize authentication policies tailored to meet their security needs based on user behavior and risk factors.
Figure F: FreeOTP app interface. Why we chose FreeOTP FreeOTP was chosen for its open-source nature that allows organizations to fine-tune it for specific use cases.
PricingThis is a free-for-all tool.
FeaturesIn choosing an authentication app, organizations must take into consideration their size, existing structure, budget and specific security needs. For example, an organization with fewer than 500 employees would underutilize the YubiEnterprise Subscription because of its physical keys. If you need an authenticator app that offers different types of authentication and works on multiple devices simultaneously, you can opt for Authy. If your priority is an open-source authentication app for easy customization, you should consider FreeOTP. If you want to tilt toward a hardware authenticator or physical keys, then the Yubico Security Key is your best bet. Keep in mind that each of the reviewed authenticators delivers quality services, but each tool's utility will depend on your authentication needs.
MethodologyFor this review, I considered some key features of these solutions, focusing on their security details, accessibility and performance. Having obtained ample information from the vendors' websites, I also checked for user feedback for the paid solutions. For firsthand experience, I reinstalled Google Authenticator and used it to power 2FA for my Twitter and Facebook accounts and also Microsoft Authenticator for my Outlook account. While it was quite easy to navigate the Google Authenticator with its simple interface and TOTP, security was tighter with Microsoft Authenticator as I needed to use biometrics to see the codes generated for each account log-in attempt and I also had to enter the code on the account seeking access.
Editor's note: Some details about Yubico Authenticator, including pricing details, have been updated.
Gawat! 9 Aplikasi Berbahaya Penyebab Akun Facebook Diretas, Buruan Hapus
Rabu, 25 Agustus 2021 – 08:36 WIB
Ilustrasi aplikasi android berbahaya di Google Play Store. Foto: Phone Arena
jpnn.Com - Peretasan akun Facebook akhir-akhir ini makin ramai. Kejahatan siber tersebut tentunya sangat merugikan pemilik akun bersangkutan.
Banyak cara yang dilakukan peretas untuk bisa mengambil alih akun Facebook korbannya.
Salah satu yang dideteksi oleh peneliti keamanan siber dari Zimperium Labs ialah para penjahat itu menyusupkan malware di aplikasi yang dipasang di Google Play Store.
Menurut peneliti Zimperium Labs, setidaknya ada sembilan aplikasi di Google Play Store yang disusupi malware jenis trojan bernama "FlyTrap".
Malware tersebut menyamar sebagai aplikasi yang menawarkan kode kupon gratis untuk Netflix dan Google Ads, serta program pertandingan sepak bola.
Program berbahaya itu sangat berpotensi meretas akun Facebook dan mencuri data-data pribadi korban seperti lokasi, alamat e-mail, alamat IP, serta cookie apa pun yang terkait dengan akun tersebut.
Metodenya, lanjut Zimperium Labs, ketika pengguna membuka aplikasi berbahaya itu, mereka akan diminta untuk masuk ke akun Facebook sebelum memperoleh kode kupon gratis.
Setelah login, aplikasi berbahaya itu akan memunculkan notifikasi yang mengatakan bahwa kode sudah kedaluwarsa. Saat itulah, korban mulai dimanipulasi oleh peretas.
Peretasan akun Facebook akhir-akhir ini makin ramai dan tentunya sangat merugikan, Zimperium Labs mendeteksi para peretas melakukan itu dengan menyusupkan malware di aplikasi yang tersedia di Play Store
Silakan baca konten menarik lainnya dari JPNN.Com di Google News
Google Authenticator
Google Authenticator is a particularly popular smartphone application that can be used as a token for many two factor authentication (2FA) systems by generating a time-based one time password (referred to as TOTP). With Google Authenticator, the combination of your user name and password along with the single-use code generated by the application allows you to securely authenticate yourself in a way that would be difficult for an attacker to replicate.
That sounds great, but what if you don't have a smartphone? That's the situation that [Lady Ada] recently found herself in, and rather than going the easy route and buying a hardware 2FA token that's compatible with Google Authenticator, she decided to build one herself based on the ESP8266. With the hardware and source documented on her site, the makings of an open source Google Authenticator hardware token are available for anyone who's interested.
Generated codes can also be viewed via serial. For the hardware, all you need is the ESP8266 and a display. Naturally [Lady Ada] uses her own particular spin on both devices which you can purchase if you want to create an identical device, but the concept will work the same on the generic hardware you've probably already got in the parts bin. Software wise, the code is written in CircuitPython, a derivative of MicroPython, which aims to make microcontroller development easier. If you haven't tried MicroPython before, grab an ESP and give this a roll.
Conceptually, TOTP is relatively simple. You just need to know what time it is, and run an SHA1 hash. The time part is simple enough, as the ESP8266 can connect to the network and get the current time from NTP. The calculation of the TOTP is handled by the Python code once you've provided it with the "secret" pulled from the Google Authenticator application. It's worth noting here that this means your 2FA secrets will be held in clear-text on the ESP8266's flash, so try not to use this to secure any nuclear launch systems or anything, OK? Then again, if you ever lose it the beauty of 2-factor is you can invalidate the secret and generate a new one.
We've covered the ins and outs of 2FA applications before here at Hackaday if you'd like to know more about the concept, in addition to previous efforts to develop a hardware token for Google Authenticator.
Comments
Post a Comment