Google Authenticator takes the hassle out of protecting your online accounts with multi-factor authentication (MFA). It's free, and if you have a Google account, setting up and transferring codes is easy. Things get a little more complicated if you don't want to use a Google account or if you're switching from another authenticator tool to Google Authenticator. The app also collects much more data than other authenticator apps. We more highly recommend Aegis or Stratum, both Editors' Choice winners that let you export your tokens to other apps and don't store your data or require an account to work.

Getting Started With Google Authenticator

Google Authenticator is available for Android and iOS devices. I tested the app using a Samsung Galaxy A71 and an iPhone 16. Unlike Stratum, which offers a version for Wear OS, Google Authenticator is only available on your mobile devices.

Signup Requirements

You can sign into your Google account and store codes that automatically sync across all your devices. If the codes aren't syncing, ensure you're signed in to the same account on all your devices. You can manage multiple accounts in the app by tapping the account icon in the top left corner of your screen, then choosing the account you want to associate with your new codes. Google Authenticator is also usable without an account, which is good.

(Credit: Google/PCMag)

If you want to transfer your Google Authenticator codes to a new phone or tablet, navigate to Transfer codes > Export codes, select the tokens you want to transfer, then scan the generated QR code with the app on your new device. Unfortunately, like Authy and Microsoft Authenticator, Google Authenticator's exporting and importing policies don't allow for easy switching between competing apps. To transfer your codes from another app to Google Authenticator, you must disable and re-enable MFA on each platform or website, then scan each QR code with Google Authenticator. Aegis Authenticator makes switching to a new authenticator app easy by allowing you to export and import codes from other platforms and apps.

Data Collection Practices

Authenticator apps are simple token generators, so theoretically, they shouldn't require much data from you. Google Authenticator collects more information than the other apps I've reviewed. It siphons personal info from at least six data categories on your device, including your phone's contact list, photos, phone number, and physical address.

Here at PCMag, we urge readers to hand over as little personal information as possible online. To avoid data-hungry apps, scroll to the Privacy section of the app's page on Apple's App Store or Google's Play Store and read the information the app's developer collects when you install and use it.

Hands On With Google Authenticator

Screenshots of the tokens and dashboard are disabled by default on Android devices. The Google Authenticator app has a simple, easy-to-navigate interface. You can arrange your codes manually by tapping and holding each entry to move it around the screen. You can remove an account from the app by long-pressing on the entry and swiping to the right. You can lock and unlock the app using biometrics, such as your face or a fingerprint.

(Credit: Google/PCMag)

All tokens will be visible on the screen in Google Authenticator when you open the app, so I recommend enabling your Privacy Screen in the Settings menu. This setting will require your device's passcode or a biometric scan each time you open the app. Aegis Authenticator also lets you set up a password or biometric login to unlock your codes.

Scan a QR code or enter the code manually to register the app for MFA on your preferred website. I could register social media accounts using the Google Authenticator app without problems.

Backing Up Account Info

Google Authenticator backs up your account tokens to Google Drive, but it doesn't offer any other backup options. This isn't terribly unusual, as Authy only allows backups to its own cloud storage. 2FAS offers greater choice, but only if you're using iCloud or Google Drive.