Our data is on the internet. Now more than ever, that sentence rings true as we use social media and other online services more than ever before. Sadly, where there's data, there are people trying to exploit it, which is why data breaches and hacks are becoming more common.

Passwords are a weak point in security, as most are shared across different platforms and are made up of common phrases. Thankfully, two-factor authentication (2FA) adds a second step to logging in that involves either a physical key or a password sent to the user, making it harder for people to break into your account, even with your password.

It can be difficult to know how to get started with 2FA. There are multiple methods of authentication with varying levels of support and security, and the process can make it easier for you to lose access to your accounts if you lose or break your phone.

We won't go into detail about why you should use two-factor authentication here. However, we explain why app-based 2FA is the way to go and how you can set up the Authy app on your devices to manage 2FA codes.

Why you should use app-based 2FA

There are a few types of two-factor authentication, ranging from "slightly more secure than just a password" to "no one except you will get access." You probably use some services that send SMS texts with one-time access codes. That's better than no 2FA at all, but given the frequency of SIM swapping (where someone calls your carrier pretending to be you for access to your number), it's far from perfect.

On the other end of the spectrum are products like the Yubikey and Google Titan Key, which are physical devices that must be connected to your PC, phone, or tablet (either over USB, Bluetooth, or NFC) for a login to work. While these are incredibly secure (as long as you don't lose them), many popular services don't support them at all.

YubiKey NFC fob used for security.
Source: YubiKey

A middle ground between these two methods is app-based authentication. Once you install an authentication app on your device, you use it to scan a QR code provided by an online service (such as Google and Facebook). After that, every login to that service requires entering the code that appears in the app. This is safer than SMS 2FA because the codes are generated locally on your device rather than sent over a text or other method that could be tampered with.

While several authentication apps work well, we focus on using Authy here. Unlike Google Authenticator and similar apps, Authy backs up your 2FA codes to the cloud (in a secure way), which means your codes aren't lost forever if your phone breaks. And the codes can be synced across multiple devices.

How to get started with Authy

Authy is easy to set up. First, download the app on your platform of choice—Authy is available on iOS, Android, macOS, Windows, and Linux. You may want to install it on a phone or tablet first since scanning QR codes with a camera is the easiest way to enable 2FA on most online accounts. We should also note that there are some parts of the app where we can't take screenshots due to the security policy, but the instructions within the app are self-explanatory.

To start with, Authy asks you to create an account using a phone number. If you're thinking, "Wait, how is this better than SMS codes if it's tied to my phone number anyway?" Don't worry. Authy also asks you to create a backup password, which you'll enter on every device you want to use with Authy. Your codes are encrypted in the cloud using this password. Even if someone gains access to your phone number, they can't do anything without the backup password.

The set-up process varies depending on what kind of account you're adding to Authy, but the directions will most likely be found in the security settings menu for that account. In this instance, we'll demonstrate adding a Google account to Authy:

  1. Open the Google App.
  2. Tap your profile photo in the upper-right corner and then tap Manage your Google Account.
  3. Tap Security in the top bar, and then open the 2-step verification menu and sign in with your password.
    Screenshot_20220729-130940_Google (1)
  4. Scroll down and tap Authenticator app.
  5. Tap Set up authenticator.
    Screenshot_20220729-131304_Chrome-Beta-1
    Screenshot_20220729-131312_Chrome Beta
  6. Scan the QR code with the Authy app and confirm your password.
    Screenshot_20220729-131318_Chrome Beta (1)

Once you've scanned the QR code and confirmed your password, tap Next in the Google app and enter the code Authy provided to finish the set-up process. While some of these steps vary between services, entering a code from Authy at the end is required almost every time.

As mentioned previously, some services don't support all forms of 2FA. While many popular services support app-based 2FA, some only send SMS login codes. Twofactorauth.org is a great website that tells you which types of accounts work with what kind of 2FA methods.

Once you add a few accounts to Authy, it's a good idea to set up the app on at least one other device. That way, you don't always need to have your phone near you to enter login codes. You may also want to keep the multi-device option in settings turned off. This prevents someone from logging into Authy on new devices until you flip the switch back on, even if they somehow know your backup password.

Peace of mind

Now that Authy is set up, you can rest easy knowing that your accounts are more secure than before, and it'll take more than guessing your password to gain access to your data. Still, you should follow best practices regarding passwords, varying them between accounts and avoiding anything too obvious.

If you're struggling to add some accounts to Authy and need step-by-step instructions, you'll want to check out our guide to adding all your accounts to 2FA apps.