Our digital lives in 2024 are increasingly complex. Effective security is essential to ensure nothing nefarious occurs. Manual password entry creates the risk of ‘shoulder surfing’ or other surreptitious methods used to discover your security information.
Using two-factor authentication (2FA) or multi-factor authentication tools (MFA), such as Google Authenticator or Microsoft Authenticator mobile apps, substantially improves your protection. It is an additional security layer from a mobile device that verifies the user authentication process. In the UK, it is required for financial accounts and some online transactions.
2FA codes use numerical time-based codes displayed on a mobile app. These codes get replaced every 30 seconds and must be entered, as shown, on the primary device. In combination with a traditional username and password combo, they confirm access to your unlocked smartphone at that moment. The codes cannot be discovered and subsequently used to access accounts. They protect your online life using a safer methodology than using passwords alone.
Two of the most popular 2FA mobile apps are Google Authenticator and Microsoft Authenticator. This article considers their usefulness, security level, features, and other factors.
Microsoft Authenticator
Overview and Key Features:
At a basic level, Microsoft Authenticator (iOS/Android) supports time-based codes just like the Google Authenticator app. However, it does not stop there. This app includes biometric fingerprint scans to gain access to your security codes. Push notifications and one-time passcode support are also available. Access to modern Microsoft Windows OS versions is supported via password-less sign-ins. The app also securely stores sensitive data like payment information, addresses, passwords, and a verified ID system supported by some websites. Additionally, all security information is securely backed up online on both Microsoft Cloud and Apple iCloud services.
Pros:
- Feature-rich, yet clean mobile interface.
- Supports adding Windows Personal, Work, and School accounts as well as other account types.
- Stores authentication codes, payment card info, passwords, addresses, and IDs.
- Secure authenticator app access via fingerprint scan or Face ID for an additional layer of security.
- Streamlined site logins via auto-fill feature.
- Number-matching prompt support verification; to be shown on one device and entered on another.
- Storing data in the cloud allows for safe backup and easy recovery in case of phone loss or theft.
Cons:
- Slightly more complicated on-screen interface because of a broader range of features.
- Requires access to a Microsoft account to make use of all features.
- Some users mistakenly think the app is only for Microsoft access; it can be used for other websites and software, too.
Google Authenticator
Overview and Key Features:
Unlike Microsoft’s offering, Google Authenticator (iOS/Android) maintains a simpler, no-fuss approach to two-factor authentication. This has contributed to its wide adoption. New addition requests are achieved either by scanning a QR code or entering a setup key. The account originator provides these, be it a banking institution, app, etc. Once set up, the counter-based or time-based code is shown. This changes every 30 seconds.
The app lacks the multitude of security features present in the Microsoft Authenticator app, such as Face ID or fingerprint app unlocking. However, the much-needed ability to transfer accounts was recently introduced.
Pros:
- Uncluttered user interface resulting in easier adoption for first-time users.
- Zero data collection during use.
- Number-matching prompt support across multiple devices.
- Migrate accounts using a QR code via the Import/Export feature between mobile devices.
Cons:
- No app-level security to hide time-based codes until after app unlocking.
- No backup and restore feature.
- Lacks one-time password (OTP) support.
- No auto-fill capability.
- Lacks features such as passwords, addresses, verified IDs, and payment card storage (despite a Google account being able to store payment information).
Head-to-Head Comparison
Authentication Methods:
Microsoft Authenticator provides time-based one-time codes and supports push notifications to authorise sign-in requests. For supported devices, codes auto-fill when using biometric authentication (Face ID or fingerprint scan). Biometrics also secures access to their authenticator app.
By contrast, the Google Authenticator sticks to its core function. Time-based codes via a 30-second refresh and counter-based codes are offered by default. A newer push notification feature supports number-matching prompts between devices.
Security Features:
Microsoft Authenticator is no sloth with security features. Along with time-based codes, it stores passwords for future logins. Additional ones are accessible from Google Chrome, or password managers such as Dashlane and 1Password in Google Android or another OS. Storing addresses, payment information, and verified IDs, help to speed up access for online shopping and other activities.
The app makes use of the Azure Active Directory system and OneDrive for advanced corporate system support. Essentially, the app aims to be an all-in-one tool rather than a one-trick pony.
Google Authenticator, on the other hand, remains steadfast in supporting a time-based 6-digit code to assist with logins. There is no autofill support to make that smoother.
User Experience:
Microsoft Authenticator uses a familiar bottom toolbar to select between Authenticator, Passwords, Payments, Addresses, and Verified IDs. The primary interface is kept simple, but changes reflect the selected feature. It requires extra time to learn.
The interface for the Google Authenticator is elegant. Not so much because of the UI design, but as a direct consequence of the limited feature set.
Additional Features:
Microsoft Authenticator’s support for password management is convenient. Several other password manager apps limit free accounts to one device at a time. Potentially, this could result in maintaining one less paid subscription. For websites and supported devices, stored payment and address information eases checkout woes. The Verified ID feature is a welcome addition, where supported, for new sign-ups. It also syncs with the Microsoft Edge browser, which is handy.
Google Authenticator recently added a transfer account feature, making device changeovers easier. They also added support for number-matching prompts, making on-the-go authentications faster.
Ideal Use Cases
Microsoft Authenticator:
The Microsoft Authenticator is especially useful when using a Microsoft OS or online Microsoft sites/services. The auto-fill capabilities and streamlined authentication processes are a pleasure to use.
Offering a broader suite of security features, it is the Swiss Army knife of authentication apps. While individuals can simply use the 2FA time-based codes and nothing else, it is capable of so much more. This MFA app is a far better option, in a corporate setting, with a somewhat steeper learning curve.
Google Authenticator:
The Google Authenticator app is fast, simple, and uncomplicated. This app will get the job done if you are looking for a basic and free authenticator solution for improved security.
It works seamlessly across many websites, not just ones within the Google eco-system.
Conclusion
For basic time-based codes and numerical prompts, Google Authenticator works fine. It lacks app-level security for temporarily unlocked devices. It will not store passwords, addresses, payment cards, or other niceties. Yet, to quote a classic UK TV advert, ‘It does what it says on the tin’.
However, individuals or companies requiring a robust MFA security solution would do better to look toward the Microsoft Authenticator. It is more secure, feature-rich, and designed to work within the Microsoft ecosystem.
Lastly, with integrators, it is important to consider your unique security requirements. You may discover that Google’s authenticator app is sufficient for your needs or that the Microsoft app is too complicated. Why not download both apps, install them, and give them a whirl? Microbyte would love to hear about your experiences.