TL;DR:
Two-Factor Authentication (2FA) is now a must for serious online security.
We require it because it works. We recommend 2FAS for easy, secure, multi-device access.
Email, SMS, or storing 2FA inside your password manager? Not supported or recommended, for good reason.
Why 2FA Is Important for Every Account
Security habits need to evolve.
It’s no longer just about having a good password.
It’s about having something extra that can block access, even if that password is somehow known.
That extra layer is 2FA, and it works.
Whether you’re logging in from home, abroad, or a new device, 2FA helps confirm it’s really you.
What is 2FA?
Two-Factor Authentication means you need:
- Something you know: your password
- Something you have: a one-time code from an app on your phone
Both are needed to log in.
It’s simple and fast, and makes your account far harder to compromise.
Why we don’t allow email or SMS 2FA
Some platforms still offer email or SMS as a second step.
We don’t.
Why?
-
Emails can be delayed or intercepted
-
SMS is vulnerable to SIM-swaps
-
Both are tied to services that could go down or get hacked
We want your 2FA to be fast, reliable, and secure, every time.
Why 2FA is best done outside your password manager
Many password managers now include 2FA code generators.
It might seem handy, but it’s risky.
If someone gains access to your password manager, they also get your 2FA.
Everything is stored in one place, one breach, total access.
That’s why we say: keep your 2FA separate.
Use a dedicated app. Always.
Our top recommendation: 2FAS
We recommend using 2FAS, a smart, reliable app made for modern users.
-
Works across multiple devices on the same OS
-
Syncs codes automatically
-
Lets you import from other apps
-
Lets you export your tokens if needed
You stay in control and you’re never locked in.
Prefer open-source? Use Ente Auth
Another strong option is Ente Auth.
It’s fully open-source and works across Android, iOS, Windows and macOS.
Your codes are encrypted, synced, and recoverable, without being tied to any single platform.
How to set it up
Takes two minutes:
-
Download 2FAS or Ente Auth (or whatever app you prefer as your 2FA app)
-
Open your account settings
-
Scan the QR code
-
Save your backup codes (this is the backup if you would ever need to log in and your app is not ok/available)
You’ll only be asked for a code when needed, like when logging in from a new device.
Why we made it mandatory
We’re not alone in this.
Most serious services now require 2FA:
-
Banks
-
Hosting companies
-
Payment systems
-
VoIP and cloud tools
Why? Because 2FA reduces unwanted access.
It’s that simple.
We’re requiring it now, because it’s time.
Questions?
If you’re unsure how to get started, just reach out.
We have and extensive knowledgebase article about 2FA and you can always open a support ticket and we’ll walk you through it.
Why 2FA is important – and always will be
In today’s world, strong passwords are not enough.
2FA adds a quick, silent layer of security that can stop almost any unauthorised login.
And when you use a good app like 2FAS, you hardly notice it’s there.
It just works.
So yes, we’re requiring it now.
Because it protects you. Because it’s best practice.
And because 2FA is important.
A more extensive list of 2FA apps that you can use/may prefer.
This is just a overview list and are not recommendations and/or indications of quality etc. Do your own investigation and security checks:
1. 2FAS
Description: A polished, open-source authenticator with cloud sync via iCloud/Google Drive. It supports export/import, browser extension & multi-device use on same OS.
-
✅ Pros: Multi-device sync; seamless import/export; robust UI; browser extension
-
⚠️ Cons: No cross-platform sync (Android⇄iOS); lacks desktop app
2. Ente Auth
Description: Open-source, cross-platform tweak that offers encrypted cloud sync across all major OSes.
-
✅ Pros: Sync across iOS, Android, Windows, Mac; full backup & restore; open-source
-
⚠️ Cons: Less known ecosystem; reported issues with importing tokens; smaller user base than mainstream apps
3. Authenticator by 2Stable
Description: A feature-rich iOS app praised by TechRadar for its encryption and sync abilities.
-
✅ Pros: Biometric lock; iCloud-end‑to‑end encryption; Apple Watch support
-
⚠️ Cons: iOS-only; advanced features need subscription
4. Authy
Description: Popular, cross-platform with desktop, multi-device sync and encrypted cloud backups.
-
✅ Pros: Multi-device (incl Chrome extension); encrypted backup; PIN/fingerprint lock
-
⚠️ Cons: Requires phone number (SIM‑swap risk); cloud dependency; No export option; they dropped support for the desktop app
5. Google Authenticator
Description: The original TOTP app, simple, reliable and widely accepted.
-
✅ Pros: Lightweight; no internet; broad support; open-source roots
-
⚠️ Cons: No backup or sync; difficult device transfers
6. Microsoft Authenticator
Description: Secure 2FA with integration into Microsoft ecosystem plus push notifications.
-
✅ Pros: Biometric login; account recovery on iOS; notifications
-
⚠️ Cons: Windows-leaned; some sync limited to iOS; tied to Microsoft account
7. LastPass Authenticator
Description: Standalone or paired with LastPass vault; supports push and encrypted backup.
-
✅ Pros: Push approval; encrypted backup; wearable support
-
⚠️ Cons: Works best with LastPass; syncing extras need premium
8. FreeOTP
Description: Simple open-source app by Red Hat, based on Google Authenticator code.
-
✅ Pros: Lightweight; open-source; supports TOTP & HOTP
-
⚠️ Cons: No backup/sync; basic UI; limited to mobile devices
9. Aegis Authenticator
Description: Android-only, open-source app prioritising backup to local or chosen destinations.
-
✅ Pros: Local backup; strong encryption; import/export functions
-
⚠️ Cons: Android only; no cloud sync; no desktop support
🧭 Quick Node Breakdown
| App | Best For | Sync | Backup | Platforms |
|---|---|---|---|---|
| 2FAS | App-only users wanting sync/import/export | Same OS | Yes | iOS, Android |
| Ente Auth | Users needing full cross-platform sync | All OS | Yes | iOS, Android, Windows, Mac |
| 2Stable | Apple-focused, feature-rich toolset | iCloud | Yes | iOS, macOS, watchOS |
| Authy | Multi-device users | Yes | Encrypted cloud | Mobile, desktop |
| Google Authenticator | Simple, no-dependency use | None | None | Mobile |
| Microsoft Authenticator | Microsoft users or SSO fans | Partial | iOS cloud | Mobile |
| LastPass Authenticator | LastPass users | Encrypted cloud | Yes | Mobile |
| FreeOTP | Open-source purists | None/Local | Local | Mobile / Android |
| Aegis | Open-source purists | None/Local | Local | Mobile / Android |
✅ Final Recommendation
-
Top sync & flexibility: Ente Auth, full cross-platform support
-
Best mid-tier with sync: 2FAS, ideal if you stay on same mobile OS
-
For mainstream and simple use: Google Authenticator or Authy
