How to use an authenticator app for workplace security

If you want to secure your online accounts, it’s best to add an additional layer of security as well as a strong password. Two-factor authentication (2FA) is one of the best ways to protect online accounts. Authenticator apps are secure and easy-to-use tools to help your business protect its critical information.

How do authenticator apps work?

An authenticator app generates temporary codes, known as one-time passwords (OTPs), which you can use to verify your identity and log into an online account. The codes are random numbers generated every 30 seconds. Because the codes are located on your personal device and they change very frequently, it’s much harder for a hacker to intercept your codes.

An authenticator app is also a more secure option to generate OTPs than receiving them by SMS or email. Hackers can use a SIM-swapping attack or try social engineering to access your OTPs if they’re sent via SMS or email. Using an authenticator makes this more difficult. Authenticator apps are a more secure method of enabling 2FA because your codes are stored locally (on your device) and not online. A secret key shared between the server of your online account and your authenticator app generates codes using the same algorithm: the keys are stored safely and never shared online.

How to use an authenticator app

2FA lets you verify your identity with your personal device instead of remembering another password. You can prove your identity by entering a code generated by the authenticator app on your device. This is how it works:

1. Initial setup: When you switch on 2FA for an online account, you’ll be given a QR code or a secret key. You can then scan the QR code or enter the key into your authenticator app.
2. Generating codes: Once set up, the authenticator app will generate a new 6-digit code every 30 seconds.
3. Logging in: When you next log into your online account, you’ll enter your username and password as usual. The website will then ask you to enter the 6-digit code generated by your authenticator app.
4. Identity verification: Open your authenticator app, find the code for the correct account, and then enter it. If the code matches, you’ve verified your identity and you can access your account.

2FA is a great way to log in safely to your accounts, but not every authenticator app prioritizes your security. That’s why we’ve built Proton Authenticator: it’s a secure and convenient way to secure your accounts.

Should you enforce 2FA within your business?

Realistically, your business can’t afford not to enforce 2FA and additional security measures. According to the Internet Crime Complaint Center, $25,983,946 was lost to sim swap attacks(neues Fenster) in 2024 alone. More than $364,855,818 was lost in data breaches in the same year. Criminals now target smaller businesses because they know that those businesses are unlikely to have the security infrastructure and resources that larger businesses do.

Combating the rising tide of cybercrime is in your best interest. If your business is compromised by a security breach, this can result in reputational damage, financial losses, and even criminal charges depending on the nature of the breach.

The data your business stores must be protected with strong security measures. We’ve written about creating an incident response plan in the past — but one of the fastest and easiest ways to immediately improve the security of all of your business accounts is enforcing 2FA. Proton Pass for Business, a secure business password manager(neues Fenster), allows you to do just that. From your Admin panel, you can enforce a 2FA policy, requiring all business accounts stored in Proton Pass to activate 2FA.

How to choose an authenticator app

Once it’s time to choose an authenticator app to add to your security ecosystem, consider the following:

• Secure and varied authentication methods: In order to help team members log into their authenticator app securely, choosing an option that supports biometrics like fingerprint, Face ID, or a PIN is helpful.
• Ability to back up codes: Depending on your business needs, you can opt for storing codes locally on employee devices or backing them up to the cloud. This flexibility can be helpful for employees using mobile authenticator apps.
• Syncing codes across multiple devices: If you want to enable team members to access their codes from multiple devices as opposed to a single device, not all authenticator apps allow this.
• Easy import and export: Big Tech authenticators are less likely to let you export your codes so that you stay in their ecosystem. This lack of control over your codes is unnecessary, and you should be able to easily import or export codes as you choose.
• Cross-device availability: A good authenticator app should work on mobile and desktop. Most people work using a combination of devices, and there’s no reason to limit your team members’ access to their codes.
• Offline access: Generating codes doesn’t require a WiFi connection, so your authenticator app should work both online and offline for maximum reliability.
• Transparent and open source: Because an authenticator app is a piece of security software, you should be able to verify that it does what it says it does. An open source app gives you peace of mind that any security expert can confirm that the app is secure.

Best practices for implementing 2FA

Once you decide to implement 2FA, it’s time to start creating habits of best practice within your business. We recommend focusing on these three key areas:

Education

To get the most out of 2FA, workers need to understand its value and how it can make their lives easier and protect vital information. Training sessions, regular communication of best practices for using 2FA, and overseeing adoption rates throughout your business will help you ensure that as many people within your company use 2FA as possible.

Flexibility

Everyone works differently, and 2FA needs to serve everyone’s needs in order to be effective. Make sure that team members have control over their own authenticator app. They should be able to manage their own codes in their preferred way. Whether it’s keeping them on one work device or sharing them across multiple devices, team members should always have access. Flexibility is essential.

Integration

Because it makes logging into multiple accounts easier, 2FA is an excellent tool to pair with other authentication and authorization services. For instance, pairing 2FA with Single sign-on (SSO) streamlines logging in even further by reducing the amount of credentials your team members need. Integrating 2FA introduces many opportunities to reduce friction and increase productivity within any business.

Choose Proton Authenticator for your business

Proton Authenticator protects your 2FA codes with the same end-to-end encryption that protects our whole ecosystem. It’s simple, safe 2FA that’s available on any device and totally open source. It’s a free authenticator app that doesn’t require a Proton Account to use, so your business can easily implement it into your existing architecture. No matter how much tech experience your team members have, Proton Authenticator is an ideal tool for protecting every online account. It’s built with your privacy in mind, and flexible enough to be configured for your business needs.

Implementing an authenticator app is easy with the right tool: Download Proton Authenticator today to see just how easy 2FA can be.