Authenticator App
A mobile app that generates time-limited login codes (TOTP) tied to your account, offering stronger MFA than SMS because codes never travel over the phone network.
Also known as: TOTP app, 2FA app, soft token
Last reviewed: 10 June 2026
An authenticator app implements the Time-based One-Time Password (TOTP) algorithm defined in RFC 6238. During account setup, you scan a QR code that shares a secret key with the service. Every 30 seconds the app generates a fresh six-digit code derived from that secret and the current time. Because codes are generated locally and expire in 30 seconds, they cannot be intercepted by monitoring the phone network.
Authenticator apps are substantially more secure than SMS codes against SIM-swapping and carrier-level interception, though they remain vulnerable to real-time phishing if a victim types a code into a spoofed site. Popular apps include Google Authenticator, Microsoft Authenticator, and Authy. Most also support encrypted cloud backup to prevent lockout if a device is lost.
For most consumers, switching from SMS-based two-factor authentication to an authenticator app is a realistic and significant security improvement. The setup takes a few minutes per account and requires no additional hardware.