Account security is a tough issue for a lot of people. It's a constant balancing act between having a stronger system to keep out would-be invaders while also making it convenient enough that users won't reject it. After Google began offering its own 2-step verification system, several other services adopted the same mechanism and opt-in model for people that wanted more than a single password protecting their personal data. This generally left users with Google's Authenticator app, which got the job done, but it lacked features and languished on an early Holo dark design. If you're looking for something a little more modern and functional, it's time to check out Authy.
At the most basic level, Authy is a more attractive version of Google Authenticator; it can scan a QR code or accept a secret key, from which it will generate a fresh 6-digit PIN every 30 seconds. Authy's killer feature is cloud-based backup and syncing between devices. If your phone is lost, stolen, or wiped, it's as simple as installing Authy and signing back in to restore all of your tokens. With built-in support for syncing across multiple devices, you can also conveniently reach for a tablet or some other device to generate codes while your phone is on the charger.
Authy also takes security very seriously, which is pretty important for an app that helps to keep other people out of your accounts. All of your tokens are encrypted by a password locally before syncing to Authy's servers, so it's going to be a lot harder for hackers to do anything if they successfully break into the servers or intercept your transmission. Another great security feature is a simple PIN-lock on the app, which resolves one of the biggest complaints about Google Authenticator: anybody with access to an unlocked phone could open the app without any barrier. Once you've set a 4-digit PIN on your phone, it should be enough to keep all but the most devious person from breaking in and generating their own codes.
Finally, signing a device into the service has been given a bit of extra security. Before you can even enter a password to decrypt the tokens, Authy requires that the device holder is authenticated by entering a PIN received either from a phone call or text message to your phone number, or by giving it the thumbs-up from a device that has already been authorized. Of course, none of these measures are impossible to work around, but they should add up to enough of a defense to deter all but the most skilled attacker.
Naturally, Authy implements some of the convenient features we expect from an app like this, like one-tap copy to clipboard and a countdown timer until the next code is generated. One other great addition is a resizable launcher widget, which is also equipped with a copy-to-clipboard button. Don't worry about your codes sitting in the open, if you've set a device-level PIN, you'll be asked to enter it before a code is generated, and access will remain open for 60 seconds after you've stopped using the widget. One thing to be aware of with the widget is that it doesn't show a countdown timer, so it's possible to produce a code with very little time left on the clock.
Authy has been around for quite a while (since 2011-ish), but we felt it deserved some attention since the subject of account security has been popping up again lately. The company behind the app -which is also named Authy- is focused on making money by providing enterprise-grade implementations of 2-factor authentication, so the app is available to users free of charge and without any IAPs. Quite a few platforms are covered, including: Android, iOS, and all desktop operating systems (Windows, Linux, and Mac) via a Chrome app. If you've been shying away from securing several of your accounts due to the mediocre Google Authenticator app, now might be a good time to give it another thought.