Safehog
Critical 30 min 6 platforms Last reviewed 2026-06-01

How to enable a real authenticator app for 2FA

Why this matters

A password alone is one point of failure. Two-factor authentication adds a second: even if an attacker steals your password, they still need your phone to log in.

SMS codes are better than no 2FA, but they’re vulnerable to SIM-swap attacks — where an attacker convinces your carrier to transfer your number to their SIM. An authenticator app generates codes on your device without involving your phone number, so SIM swapping doesn’t help the attacker.

How to do it

  1. Install Ente Auth on your phone. Why Ente Auth: free, open-source, end-to-end encrypted backup, works everywhere. Alternatives: Aegis (Android, offline-only), Apple’s built-in Passwords app (iOS/macOS only, no cross-platform).
  2. Go to the security settings of your email account first (Gmail, iCloud, Outlook) and enable 2FA. Choose “authenticator app” (not SMS).
  3. Scan the QR code with Ente Auth. Save the backup codes the site provides — store them in your password manager.
  4. Repeat for: banking apps, iCloud/Google account, social media, any account that holds payment info or personal data.
  5. Where SMS 2FA is the only option available, enable it anyway — it’s still better than nothing.

What you don’t need

You don’t need Google Authenticator. Its codes aren’t backed up to your account, so losing your phone means losing all your codes. Ente Auth or Aegis back up securely.

Verify it worked

Log out and back in to one account — confirm it asks for the 6-digit code.

Sources

Frequently asked questions

Why isn't SMS 2FA enough?

SIM swapping — where an attacker convinces your carrier to transfer your number — is increasingly common and takes your SMS codes with it. An authenticator app stays on your device and can't be SIM-swapped.

Which accounts should I protect first?

Email first (it resets everything else), then banking, then iCloud/Google account, then social media.

What if I lose my phone?

Save your backup codes when you set up 2FA — every service provides them. Store them in your password manager or printed in a safe place.

Want a personalized plan that fits your devices, habits, and concerns?

Start the 90-second assessment