Microsoft Authenticator
PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.
Microsoft Authenticator makes it easy to protect and log into your online accounts using multi-factor authentication (MFA). It's free, and you don't need a Microsoft account to use it, though logging in unlocks the app's password manager. It's a good online privacy tool, especially for Microsoft users. That said, 2FAS is an Editors' Choice winner for authenticator apps because the software is open source and offers browser extensions for desktop users, while Aegis Authenticator is an Editors' Choice for Android devices because it collects very little data and includes helpful customization options.
Getting Started With Microsoft Authenticator
Microsoft Authenticator is available for Android and iOS devices. It does not support desktops. Open-source competitor 2FAS offers browser extensions, which you can use on desktops, too. There's also no Microsoft Authenticator app for Android's Wear OS or Apple's watchOS. Of the apps I've reviewed, Authy is the only one with an app for watchOS, while Stratum supports Wear OS.
You don't have to create or sign into a Microsoft account to generate or store MFA codes in the app, which is great. Authentication only requires token generation, which is not a particularly complicated process, so I like it when these apps don't require an email address, phone number, or other personal information to use the app's basic functions. That said, to use the app's identity and password management functions, you'll need to create or sign into your Microsoft account, which makes sense.
Microsoft Authenticator's simple blue-and-white layout is pretty easy to navigate. I like that the app blocks screenshots by default on Android, though you can turn that off via the Settings menu if you prefer. While in the Authenticator section of the app, tap the three horizontal lines in the top left corner of the screen to open a menu. You can hide your codes from the default dashboard view there. This can prevent over-the-shoulder spies from stealing your codes. On iOS, visit the Settings menu to turn on the App Lock setting, which will require your phone's passcode or a FaceID scan to open the app.
Data Collection Policies
Some authentication apps collect much more data than their stated functionality should require. The Android and iOS versions of the Microsoft Authenticator apps collect location and diagnostic data, which isn't unusual. In contrast, Google's Authenticator app collects data from your phone's Contact list and may even collect data from the photos and videos on your device.
After installing the app, you have to tap through several introductory screens. One of these screens is a notice stating that Microsoft respects your privacy. While, as mentioned above, the company collects diagnostic data, it doesn't collect personal data in the background without your consent. You must tap to accept the privacy notice, so I suggest reading the privacy policy while you're there. I did and noted that Microsoft specifies that customers willingly give up data by opting in for features or entering personal information in forms, which is different from non-consensual data collection. If you want to opt out of specific types of data collection pertaining to advertising, I recommend doing so via Microsoft's privacy settings page. In its privacy policy, Microsoft also states that the company uses your data to train AI, which is not ideal.
Hands On With Microsoft Authenticator
For this review, I tested the app using an Android device. Adding accounts to the Microsoft Authenticator app is as easy as giving the app access to your camera and then scanning a QR code or typing in a verification code. To verify your identity while logging into an account, enter the six-digit code on the authenticator app dashboard. In testing, attaching Microsoft Authenticator to my social media account was easy, and I logged in without problems. If you want to remove an account from the app, tap the account on the dashboard, then tap the gear in the top right corner of the screen. From there, tap the button to remove the account.
Use the Microsoft Authenticator app to verify your Microsoft account sign-in sessions by attaching the app to your account and choosing it as your passwordless entry method. Microsoft has instructions for setting up this feature for your personal or work accounts. There are also instructions for setting up the authenticator app to work with other online platforms, such as Amazon, Facebook, and Google.
If you choose to sign into your Microsoft account within the app, it will auto-populate your address and password vaults using your account data. You can import passwords stored in Apple Keychain or browsers like Google Chrome or Firefox. Microsoft Authenticator also imports password lists from popular password managers such as 1Password, Bitwarden, Dashlane, LastPass, and NordPass. The importing instructions ask you to delete the old export file from your device after importing your passwords, which is sound advice.
To start using Microsoft Authenticator as a password manager, you'll need to enable auto-filling in your device's Settings menu. The app provides easy instructions for this. I successfully created new credentials during the testing period and stored them in the vault.
The app's Address section stores information about yourself, such as your name, physical address, and phone number. To enable auto-filling on websites, go to the Settings menu and toggle on Set as autofill provider.
If auto-filling isn't working on your browser, you could turn Autofill in More Apps and Site Settings. A warning: Turning on this setting allows Microsoft Authenticator to access the Accessibility tools on your device while the app runs in the background. This makes the app a lot more invasive and decreases your battery life. It's not an ideal workaround, but luckily, I didn't need to use it during the recent testing period. Microsoft Authenticator successfully filled in my address and name information on the forms I tested it with.
The Android version of the app allows you to store payment card information in your password manager vault. Both apps have the Verified IDs section, where you can confirm your identity using a Microsoft Entra Verified ID if your employer uses that system.
Backing Up Account Information
Microsoft Authenticator can create cloud backups of your MFA tokens, which you'll need if you get a new phone or lose your old one. You can back up your data to iCloud or your Microsoft account. Tapping the Details button in the Backup menu reveals when you last backed up your data and what device was used for the transfer, which is helpful.
Verdict: Microsoft Authenticator Gets the Job Done
Microsoft Authenticator works well for generating MFA tokens and protecting your online accounts. It's also easy to set up and use, making it a good choice for online authentication. However, 2FAS and Aegis Authenticator are our Editors' Choice winners in the category. 2FAS is open source and works on Android and iOS with a browser extension for desktop use, while Aegis only works with Android devices but collects minimal data and offers Wear OS support.
Solve the daily Crossword
