Microsoft Authenticator makes it easy to protect and log in to your online accounts with multi-factor authentication (MFA). It's free, and you don't need a Microsoft account to use it. Even though the company retired the app's password management features, Microsoft Authenticator remains a good online privacy tool, especially for Microsoft users. That said, 2FAS is our Editors' Choice winner for authenticator apps because it's open source and offers browser extensions for desktop users.

Getting Started With Microsoft Authenticator

Microsoft Authenticator is available for Android and iOS devices. It does not support desktops. Open-source competitor 2FAS offers browser extensions, which you can use on desktops, too. There's also no Microsoft Authenticator app for Android Wear OS or Apple watchOS. Of the apps I've reviewed, Authy is the only one with an app for watchOS, while Stratum supports Wear OS.

(Credit: Microsoft/PCMag)

You don't have to create or sign into a Microsoft account to generate or store MFA codes in the app, which is great. Authentication only requires token generation, which is not particularly complicated, so I like it when these apps don't require an email address, phone number, or other personal information to use the app's basic functions.

When I last reviewed the app, Microsoft had just removed access to auto-filling capabilities (which are now part of Microsoft's new, AI-enriched Edge browser), and customers could access their password vaults to export their credentials. In the latest update, the app's interface no longer references its password management past, and customers can only choose from a list of authentication tokens or Verified IDs.

If you're switching from another authenticator app to Microsoft Authenticator, the process isn't easy. You can't import your login token list from other apps, unlike other apps. Instead, you'll need to remove the old 2FA tokens from your accounts and manually add each one again in your new Microsoft Authenticator vault. Aegis and Stratum allow customers to import token lists and export their existing tokens to a different app.

Data Collection Policies

Some authentication apps collect far more data than their stated functionality requires. The Android and iOS versions of the Microsoft Authenticator apps collect location and diagnostic data, which isn't unusual. In contrast, Google's Authenticator app collects data from your phone's Contact list and may even collect personal data on your device.

(Credit: Microsoft/PCMag)

After installing the app, you have to tap through several introductory screens. One of these screens is a notice stating that Microsoft respects your privacy. As mentioned above, the company collects diagnostic data, but it doesn't collect personal data in the background without your consent. You must tap to accept the privacy notice, so I suggest reading the privacy policy while you're there. I did, and noted that Microsoft specifies that customers willingly give up data by opting in to features or by entering personal information in forms, which is different from non-consensual data collection. If you want to opt out of specific types of advertising data collection, I recommend doing so via Microsoft's privacy settings page. Microsoft's privacy policy also states that it uses your data to train AI, which is not ideal.

(Credit: Microsoft/PCMag)

Hands On With Microsoft Authenticator

I tested the app using an Android device. Unlike Aegis Authenticator and Stratum, Microsoft Authenticator doesn't offer many options for customizing the look of your token vault, but you can rearrange the order on the dashboard from the settings menu. Overall, Microsoft Authenticator's simple blue-and-white layout is pretty easy to navigate. Microsoft hides your authentication codes on the dashboard by default, which is excellent. I also like that the app blocks screenshots by default on Android, though you can turn that off via the Settings menu if you prefer. On Android and iOS, you can visit the Settings menu to enable App Lock, which requires your phone's passcode or Face ID to open the app.

(Credit: Microsoft/PCMag)

Adding accounts to the Microsoft Authenticator app is as easy as granting the app access to your camera, then scanning a QR code or entering a verification code. To verify your identity when logging in to an account, enter the six-digit code from the authenticator app dashboard. In testing, attaching Microsoft Authenticator to my social media accounts was easy, and I logged in without problems. If you want to remove an account from the app, tap the account on the dashboard, then tap the gear icon in the top-right corner of the screen. From there, tap the button to remove your account.

The Android and iOS apps have the Verified IDs section, where you can confirm your identity using a Microsoft Entra Verified ID if your employer uses that system.

Backing Up Account Information

Microsoft Authenticator can create cloud backups of your MFA tokens, which you'll need if you get a new phone or lose your old one. You can back up your data to iCloud or your Microsoft account. Tapping the Details button in the Backup menu reveals when you last backed up your data and what device was used for the transfer, which is helpful. Unfortunately, you can't export your Microsoft Authenticator tokens to another authenticator app.