What is an authenticator app?
An authenticator app takes security a step beyond passwords and traditional sms/mail based two-factor authentication (2FA) for your EFS account. The app uses an automatically generated secret key and the current time to create a unique codes using the TOTP algorithm. It’s more secure than ordinary 2FA because it doesn’t use a message that someone could intercept in a man-in-the-middle attack.
To break into an account secured with an authenticator app, an attacker would require access the user’s secret key and the encryption algorithm. Since it’s very difficult to do so, authenticator apps are among the most secure login methods available today.
How does an authenticator app work?
The secret key generated by EFS is stored in both the app and EFS. When you log in to EFS, EFS will ask you to provide a one-time code from the authenticator app, which uses the stored key and the current time to generate the one-time code. After entering the code into the code field and submitting the form, EFS will confirm the code by validating it against the stored key in EFS and after your identity is successfully confirmed, you will be logged into EFS. Since the identical codes are generated independently, it’s very difficult for someone to steal them. Also, EFS provides replay-protection, so even if the code is not expired yet, it cannot be used again to log into EFS after you have successfully used it.
Recommended authenticator apps for use with EFS
Here is a list of our favourite authenticator apps, which we use for daily work. Our focus is on well known brands, ad-free and simplicity. Of course you can use any other authenticator app, which implements the TOTP algorithm, however please pay attention to the author, downloads and user feedback counts to be sure that the author is trustworthy and the app is safe to use.
There are also add-ons for browsers or operating systems that allow you to perform TOTP authentication without a cell phone.
Google Authenticator App
Googles Authenticator App was one of the first authenticator apps. It’s a simple and easy to use app with only a list of accounts and a search box. One major flaw (or advantage) with Google Authenticator is that, if you lose or factory reset your phone, there’s no way to transfer the app’s data to a new device if you have not exported the list beforehand, because the App is not using cloud storage for backup.
Download for iOS: https://apps.apple.com/us/app/google-authenticator/id388497605
Download for Android: https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2
Microsoft Authenticator App
This App also comes with a passwords manager, that can generate and store your passwords on the phone or sync with your MS Edge browser. You can enable cloud sync to backup your accounts in case you reset or lose your phone.
Download for iOS: https://apps.apple.com/us/app/microsoft-authenticator/id983156458
Download for Android: https://play.google.com/store/apps/details?id=com.azure.authenticator
2FA Authenticator (2FAS)
Fast Authenticator App, similar to Google Authenticator with the added bonus of Cloud backup and you can organise your accounts in folders
Download for iOS: https://apps.apple.com/us/app/2fa-authenticator-2fas/id1217793794
Download for Android: https://play.google.com/store/apps/details?id=com.twofasapp
Authy
Another user favourite is Authy, with cloud backups and multi-device features.
Download for iOS: https://apps.apple.com/us/app/twilio-authy/id494168017
Download for Android: https://play.google.com/store/apps/details?id=com.authy.authy