Hands-On Tech 240: Two-Factor & Multifactor Authentication
Host: Micah Sargent
Air Date: November 2, 2025
Episode Overview
This episode of Hands-On Tech, hosted by Micah Sargent, answers a listener question about the best ways to utilize two-factor and multi-factor authentication (2FA/MFA), recommends top authenticator apps, evaluates their strengths and weaknesses, addresses security concerns over bank-specific authentication apps, and provides practical advice for safer digital logins. The episode also tackles a bonus tech question about managing favorites within Apple Photos shared libraries.
Major Discussion Points and Insights
1. What is Two-Factor & Multifactor Authentication?
(Started at 01:56)
- Micah introduces the essentials of 2FA/MFA: extra steps beyond passwords to secure accounts, often involving codes or prompts from separate devices/apps.
2. Popular Authenticator Apps – Pros and Cons
(From 02:30)
a. Google Authenticator
- Widely used, easy to set up.
- Allows syncing across devices if signed in with a Google account.
- Key Caution: Encryption for syncing is not enabled by default—users should “check the settings to make sure that you have encryption turned on fully and completely” (04:45).
- Keep backup codes accessible in case of device loss.
b. Microsoft Authenticator
- Another solid and recognizable option.
- Works well across platforms, especially for those already in Microsoft’s ecosystem.
- Permanent support can sometimes feel uncertain, but the app is well-resourced and maintained.
c. Authy
- Offers proprietary integrations and alternative experiences (e.g., unique prompts, variable-length codes).
- Micah's take: “What that also means though is you aren’t able to do an easy export of your authentication codes... so in the end it’s just not one I recommend because you don’t know if you’re going to have an issue being able to access what you’re after across devices, across platforms.” (07:30)
d. Duo Mobile
- Created by Cisco, includes export options and streamlined login prompts.
- Good integrations but less well-known among general users.
e. Aegis
- Open-source, available on Android.
- Recommended by the chat, praised for transparency and flexibility for those who want free or non-corporate solutions.
3. Micah’s Preferred Method: Password Manager Integration
(Key discussion: 15:00 – 18:30)
-
Micah's Rule-of-thumb: Balances security and convenience by housing 2FA codes within his password manager (like 1Password or Bitwarden).
“It’s incredibly convenient for me and it means that I have portability when it comes to two factor code generation and that’s incredibly important...” (15:28)
-
Offers easy onboarding to new devices, reduces risk of code loss, and remains more secure than SMS-based authentication.
-
Warning: For stricter security, using a standalone authentication app alongside a password manager is recommended.
4. Dealing With Proprietary Bank Authentication Apps
(19:00 – 22:30)
-
Listener Question: Is it safe to rely on a bank’s own two-factor app (like Bank of America’s Flagscape Authenticator) when you can’t use Google or 2FA apps?
- Most banking authenticators use the industry-standard, time-based one-time password (TOTP).
- Proprietary apps often offer tighter device integration and extra security (e.g., device fingerprinting, special PINs, deeper fraud monitoring).
- Regulatory oversight for banks usually means “these applications are perhaps even more secure than a third-party app that you’re using.” (21:39)
- Downsides: harder to move codes/backups, less frequent app updates, potentially less scrutiny from outside researchers.
-
Best Practice: Always prefer app-based authentication over SMS, especially to avoid SIM swap risks.
5. Listener Quick Q&A: Apple Photos Shared Library Favorites
(24:30 – 30:00)
- Andy asks: How can multiple users maintain individual favorites in an Apple Photos shared library?
- Micah: “No, you can’t,” regarding separating favorites natively.
- Workaround: Create individual albums (“Andy’s favorites,” “partner’s favorites”) and manually add photos there instead of using the heart.
- Suggests automation using Shortcuts or iPhone Back Tap to streamline the process.
Notable Quotes & Moments
-
On sticking with trusted brands:
"Knowing that it’s made by Google, it’s made by Microsoft, that those companies are taking care to make sure that these apps are secure.” – Micah Sargent (04:05)
-
On inconvenience and device migration:
“If you lose [backup codes] and then you suddenly don’t have access to your codes, that’s a big deal.” – Micah Sargent (05:15)
-
Why not Authy:
“...you aren’t able to do an easy export of your authentication codes... it’s just not one I recommend because you don’t know if you’re going to have an issue being able to access what you’re after across devices, across platforms.” – Micah Sargent (07:30)
-
Convenience vs Purism:
“I am choosing convenience and maintaining security, more security than I would have otherwise by having one app that is both my password manager and my two factor Authentication code generator.” – Micah Sargent (15:17)
-
On bank apps’ security:
"...these applications are perhaps even more secure than a third party app that you’re using..." – Micah Sargent (21:39)
-
On Apple Photos workaround:
“The only way that I can see to solve this problem... is to, in your shared library, create two albums, Andy’s favorites, Andy’s wife’s favorites... and then instead of hitting the heart icon, you would just choose to add those photos that you find to be your favorites into those albums.” – Micah Sargent (26:55)
Timestamps for Key Segments
- [01:56] – Episode introduction and main question
- [02:30 - 12:00] – Deep dive into popular authenticator apps (pros/cons)
- [15:00 - 18:30] – Micah’s recommendation: Use your password manager for 2FA codes
- [19:00 - 22:30] – Bank proprietary authentication apps: safety & tradeoffs
- [24:30 - 30:00] – Apple Photos shared library favorites Q&A and workaround
Conclusion and Recommendations
Micah’s Advice for 2FA/MFA:
- For convenience: Use an integrated password manager with code generation (e.g., 1Password, Bitwarden).
- For maximum separation/security: Use a standalone app, preferably Google or Microsoft Authenticator.
- Avoid Authy and other proprietary systems that lock down your data or hinder exports.
- When forced to use a bank’s proprietary app, it’s generally secure and preferable to SMS codes.
- Always keep backup codes and be careful during device migrations.
For Apple Photos shared library users:
If you need separate favorites, create individual favorite albums instead of using the built-in heart.
Host Reminder:
Listeners are encouraged to send questions for future episodes.
You can reach Micah at HOT at TWiT TV.