Bitcoin Forum

One thing I have known about google is that the company has many ways of exposing people to scammer, like the Google search engines that display ads like normal links of a site which can be for scammers, making people to think the ads are the site of legit sites but not, I have been using duckduckgo long ago when I knew google do not care about my privacy. In fact, I stop anything that is related to google, but a friend of mine get in touch with me few days ago and we discussed about google authenticator, he told me that google are truly exposing people to scams but google authenticator is different, that I can still trust to use it, that no internet connection or saving any data on cloud. I tried it out and I found it to be true. But I am thinking I can still not be getting something right.

Is google authenticator good? Or still one of the google products that exposes people to scammers and making users to lack privacy?

To be honest, I am using Google Authenticator before but I switched to Authy owned by Twilio.
It is also the same with Google Authenticator, it's still a 2-step verification application.
But Authy and Google Authenticator are both non-open sourced projects, these are only the downsides of them for me.

Another alternative for the two is Aegis Authenticator, which is OPEN-SOURCED 2-step verification app.

Do all these 3 applications work same? I mean, if any site proposes to use 2FA and prompts you to use Google Authentificator, can you use other 2 instead?

I am an user of Google Authenticator.
I suppose if you are a person who are not happy with Google as company, you can always opt out.

I personally do not have plans to stop using it, however i also have set up alternatives ways of double athentication.

You can always try to use a separate hardware wallet or a yubikey or even give a try to Authy.

I believe close source can be the threat of tomorrow, I did not know that google authenticator is close source, I wouldn't have gone for it if I knew. I know about authy as well but it encrypts people's data online which is the reason I do not like it, the data are encrypted but I prefer authenticators that I can absolutely use offline without any online usage. I will try to use Aegis or andOTP, I think both are open source.

That would be shot on the foot, Google authenticator doesn't require Internet connection to work, neither it connects to Internet.

Yes both are open source and recommended, although I can only personally vouch for andOTP which I am using.
A closed source application like Google authenticator would not be used especially by bitcoin users who are privacy oriented and believe in decentralized networks.
I have used Google authenticator, Authg, andOTP is sequence, the current one has everything I need from an authentication app.

Google Auth works better now since you can easily back up your settings to your email account, it wasn't like this year's ago but now things have changed, about the trust part yes I trust Google Auth but it's not open source, maybe I will look into a open source 2FA Auth

There is nothing wrong with using Google if you know how to use it without compromising privacy. Duckduckgo is a good with privacy but has one of the pathetic search algorithms.


I do not use authenticator as in for every website but I do not see any issue in using it. I generally prefer OTP mobile verification as I feel it is much safer than using an authenticator. Now, you can say that there can be issues with mobile verification but I have a number exclusive for mobile verification which I am using on a non-smart device.

Aegis is the go-to app nowadays when it comes to 2FA authentification. I am planning to switch phones in a few months as my current one is starting to slow down, and Aegis will be one of the apps on the new one.

Aegis is open-source and allows you to encrypt the stored codes. If someone were to hack you and gain access to your backup, he wouldn't be able to do much with it. With Google Authenticator, the backups are transferred in plain text.   

2FA code authentication is a must right now, supposing someone seen your password they will have to deal with 2FA to have access into your account, 2FA is highly recommended

I'm using Aegis. Google's app is bullshit - you barely get to have features in it. Since there is an open-source alternative available for free, why bother using their proprietary software instead?

You can move your Google Authenticator stuff to Aegis as well, and it's not that hard to do so. But having control over the app and code seems more logical.

Thats right. But of course this is totally not safe at all as there are cases that some got bypass the 2fa. Literally scary actually that 2fa can be bypass by black hat hackers.

But to be honest, 2fa helps some users to protect their asset its just an added layer to your security but of course always take caution when visiting some site that might have malicious one.

I did not even know there are many other open source authenticator apps like this, I have only known few, the best I have known before are two which I do recommend people to use, they are both Aegis and andOTP which offer better privacy in term of being open source and making use of password upon opening, unlike google authenticator that is not like that, anyone that get access to someone's device can get access to Google authenticator directly unlike the ones that also have password or pin included in addition.

Authy is not a good choice either. It is closed source, it tracks your activity, and it can lock you out of your accounts and demand KYC. It should be avoided. See my post here for more details: https://bitcointalk.org/index.php?topic=5320903.msg56489018#msg56489018

Yes and yes. The method for turning the shared secret (the QR code you scan when you first set up 2FA on a new site) in to the 6 digit code is universal across all 2FA apps. Any app will work.

I would also give my vouch for Aegis. It is the best 2FA app available at present.

I agree that Aegis is the best 2FA app. @mk4 recommended it 2 years ago with a topic that presents basics of Aegis.

• Aegis Authenticator, a decent alternative to Google Authenticator and Authy (https://bitcointalk.org/index.php?topic=5192978)

Thanks for the mention!

Yea, Aegis is where it's at. Open source, local backups, slick UI, and then some. I really don't see any reason left to use Google Authenticator.

I'm curious about Aegis...

So far, I use Google Authenticator and Twilio, No problems so far but if aegis is the best out of these three then I will move to aegis. thank you for the recommendation.

having this discussion , i will take the advantage of asking .

Recently i lose my phone and the authenticator apps is installed on that gadget , Now my problem is that the gambling site i Love to play uses that Authenticator and since i have already lost the phone ,

i cannot log in and play to that site, now what do i need to recover or online back?

and there are many cases now that those denied activating their 2fa from the start comes victim of hacking at some time.

So best to use authenticator or related security.

I always use authenticator whenever I open accounts.. I prefer OTP mobile verification as it feels safe than using an authenticator. I was hacked a few times already it gives me anxiety whenever I open my account that is why I am always putting 2 way authentication in my device to ease it.

I have been using Google authenticator for a couple years now and I have no problems with using it. And it safe for me to use it too even in my social media apps, I feel safe using them.

Thanks for the answer, I will take a closer look on Aegis, Authy and andOTP. Never liked Google app, really.