Overview#Authenticator App is an Authenticator which implements an additional Authentication Factor for authentication as typically used within Multi-Factor Authentication.
Authenticator App Often is on a Mobile Device
Pros and cons of Authenticator App Code#
- SIM swapping won’t hijack your MFA codes if you’re using an Authenticator App. The codes depend on the app itself, not on your SIM card.
- Authenticator App does not require a connection to the Mobile Network
- Authenticator App is capable of having more features such as displaying countdown timers and barcodes.
Some Authenticator Apps use services using the Time-based One-time Password Algorithm (TOTP) and/or HMAC-based One-Time Password Algorithm HMAC which only depends on a time factor and does not require a seed.
The QR-code remains valid and usable; nothing will make it stop working. This actually makes it very dangerous to leak the QR-code. If an attacker sees it, even years after you use it the first time, they can set up their own TOTP (Authenticator) Application to use your QR-code, and it will generate the same tokens yours does, which can potentially help the attacker hijack whatever account the TOTP code is protecting. If you are protecting something sensitive, you should generate a new code (this can usually be done by turning 2FA off, and then on again). Then, even if anybody got the old QR-code, it won't do them any good.