English

authenticator app
2FA
MFA
TOTP
Google Authenticator
Microsoft Authenticator

What is an authenticator app

Learn what an authenticator app is and how it protects your accounts. Includes a detailed explanation of how it works and a step-by-step example guide to use an authenticator app.

Yijun

Developer

12/9/20244 min read

Stop wasting weeks on user auth

Launch secure apps faster with Logto. Integrate user auth in minutes, and focus on your core product.

Get started

What is an authenticator app

An authenticator app is a security tool that generates time-based verification codes using cryptographic algorithms (like TOTP or HOTP) to add an extra layer of protection to your accounts.

Password leaks happen all the time, and relying on passwords alone is no longer safe. That's why major websites and apps now offer Two-Factor Authentication (2FA) or Multi-Factor Authentication (MFA). Authenticator apps are a popular 2FA tool that generates dynamic verification codes to protect your accounts alongside your passwords.

How does an authenticator app work?

An authenticator app works by sharing a unique secret key with the server where your account is hosted. When you first set up 2FA, the service generates this secret key and displays it as a QR code. Once you scan this code with your authenticator app, both your app and the service now possess the same secret - and only they know it.

Using this shared secret along with the current time, both sides can independently generate the same 6-digit verification code through standardized algorithms (typically TOTP - Time-based One-Time Password). When you try to log in, the service compares the code you enter from your authenticator app with the code it generated - if they match, you're granted access.

The setup process is straightforward:

The service generates a unique secret key
You scan the QR code containing this secret with your authenticator app
The app stores the secret securely on your device
From then on, both sides can generate matching verification codes when needed

Why are authenticator apps secure?

Authenticator apps offer impressive security. According to Google's research, they block 99.9% of automated attacks - that's 50% more effective than SMS verification. Let's explore why they're so secure:

Mathematical security

Imagine the challenge of breaking in:

SMS codes: Like guessing a 6-digit number (1 million possibilities)
Authenticator key: Like guessing an 80-bit number (more combinations than atoms in the universe)

Time-based protection

Code validity comparison:

SMS codes typically remain valid for 5-10 minutes, creating a significant security risk
Authenticator app codes refresh every 30 seconds, making them practically impossible to exploit

Offline generation benefits of authenticator apps

No network transmission needed
No SMS interception risk
Immune to SIM card cloning attacks

Why can't hackers crack authenticator apps?

Think of it as a vault with an ever-changing combination:

Changes every 30 seconds
Requires both "secret key" and "exact time"
Even if one code is stolen, the next remains secure

What you know (password) + What you have (authenticator app) + Time-based math = Nearly unbreakable protection

How to use an authenticator app: A step-by-step guide

Let's learn how to use an authenticator app through a practical example.

We'll demonstrate the process using Logto's authentication service.

Step 1: Download and set up your authenticator app from trusted sources

Download a trusted authenticator app:
- Google Authenticator
- Microsoft Authenticator
Install the app on your phone
Complete the initial setup (create account if required) according to the app's instructions.

Step 2: Enable authenticator app support for Logto demo app

Sign in or sign up to Logto Cloud, and create your first tenant according the the onboarding guide.
Go to Console > Multi-factor Authentication, and turn on Authenticator app OTP and Backup code authentication factors and choose "Users are always required to use MFA at sign-in" as the 2-step verification policy, then click Save changes.

MFA settings

Go to Console > Sign-in Experience > Sign-up and sign-in page, select Username as the sign-up identifier, and remove Email address from the sign-in identifier, then click Save changes,

Sign-in experience settings

Step 3: Scan QR code to link the authenticator app to your account in the demo app

Still in the Logto Console's Sign-in Experience page, click "Live preview" button in the top right of the Sign-in Preview"** section. Then you will be redirect to the demo app's sign-in page.
Click create an account button in the sign-in page, and enter your username and password to create an account, and then you will see a screen showing a QR code.

Open your authenticator app, and scan the QR code. Then you will see a screen showing a 6-digit code.
Enter the 6-digit code to confirm the binding, and then you will be redirected to a backup code page. Remember to save the backup code in a secure place.
Click Continue button, and you're successfully signed in to the demo app.

When you've successfully signed in to the demo app, click Sign out the live preview button to sign out the demo app and return to the demo app's sign-in page.
Try to sign in to the demo app with your username and password, and you'll find that you need to enter a 6-digit code to sign in.
Open your authenticator app, enter the shown 6-digit code related to logto.app, and you're successfully signed in to the demo app!

How to safely use authenticator apps?

Authenticator apps are secure, but you need to use them correctly to get the best protection:

Download from trusted sources

Get your authenticator app only from official app stores (Google Play Store, Apple App Store)
Use popular apps from trusted companies like Google, Microsoft.
Watch out for fake apps - they could steal your accounts

Keep your backup codes safe

Save your backup codes somewhere safe offline or in a password manager
Don't keep backup codes on the same device as your authenticator app
It's smart to store backup codes in more than one secure place
Check occasionally that you can still access your backup codes

Be careful during setup

When adding accounts to your authenticator app:

Scan QR codes when no one else is around
Never take screenshots of QR codes or secret keys
Don't share secret keys through messages or email
If you copy a secret key, clear your clipboard afterward

Other safety tips

Use fingerprint or face unlock in your authenticator app if you can
Back up your authenticator app regularly
Keep your phone and authenticator app updated
For important accounts, you might want to use a separate authenticator app

What if I lose my authenticator app?

Don't worry if you lose your authenticator app. When setting up 2FA, services provide backup codes - these are one-time emergency codes that you should store securely offline or in a password manager.

Popular authenticator apps offer backup features:

Google Authenticator: Cloud backup to Google Account
Microsoft Authenticator: Cloud backup and recovery

If all else fails, you can contact customer support for help.

What is an authenticator app#

How does an authenticator app work?#

Why are authenticator apps secure?#

Mathematical security#

Time-based protection#

Offline generation benefits of authenticator apps#

Why can't hackers crack authenticator apps?#

How to use an authenticator app: A step-by-step guide#

Step 1: Download and set up your authenticator app from trusted sources#

Step 2: Enable authenticator app support for Logto demo app#

Step 3: Scan QR code to link the authenticator app to your account in the demo app#

Step 4: Try to sign in to the demo app with authenticator app#

How to safely use authenticator apps?#

Download from trusted sources#

Keep your backup codes safe#

Be careful during setup#

Other safety tips#

What if I lose my authenticator app?#

What is an authenticator app#

How does an authenticator app work?#

Why are authenticator apps secure?#

Mathematical security#

Time-based protection#

Offline generation benefits of authenticator apps#

Why can't hackers crack authenticator apps?#

How to use an authenticator app: A step-by-step guide#

Step 1: Download and set up your authenticator app from trusted sources#

Step 2: Enable authenticator app support for Logto demo app#

Step 3: Scan QR code to link the authenticator app to your account in the demo app#

Step 4: Try to sign in to the demo app with authenticator app#

How to safely use authenticator apps?#

Download from trusted sources#

Keep your backup codes safe#

Be careful during setup#

Other safety tips#

What if I lose my authenticator app?#

What is an authenticator app

How does an authenticator app work?