The main difference between Google Authenticator and Yubico Authenticator lies in how both applications handle the secret keys used to generate time-based OTP codes. Google Authenticator application keeps the secret keys on your phone, generating the codes every time you open the application. Yubico Authenticator, on the other hand, reads the secret keys from the Yubikey inserted into your device or via NFC and only then displays the codes in the application.
My online security is important for me, so I decided to buy two Yubikey 5C NFC, using one as a backup.
In my mind, the Yubikey 5C NFC is the best hardware key currently available. If you are interested, you can check the latest price of the Yubikey 5C NFC on the Yubico website.
Comparison of Yubico and Google Authenticator
|Name||Yubico Authenticator||Google Authenticator|
|Software Cost||Free – but requires a YubiKey 5 Series|
to generate OTP codes – $40 to $60.
|Standard/Algorithm||TOTP: Time-based One-Time Password.|
HOTP: Event-based One-Time Password.
|TOTP: Time-based One-Time Password.|
HOTP: Event-based One-Time Password.
|Cross-platform coverage||Android, iOS, Windows, macOS||Android, iOS|
|Portability||Yes – portable credentials across devices.||No – secret codes must be transferred manually|
to new device.
|Backup option||No – secrets are stored on the Yubikey. |
Spare key required to work as a backup.
Both applications are very similar in appearance and how we used them. Still, the look is not everything.
You will soon realize the advantage the Yubico Authenticator has over similar applications like Google Authenticator.
How do I backup my Google Authenticator codes?
Until May 7, 2020, and after years of complaints by the users, Google eventually decided to update the application and bring one of the most anticipated and requested features; the Google Authenticator Transfer Accounts option.
This option will allow you to transfer the secrets used to generate 2SV codes across devices that have Google Authenticator installed.
You may also like: Can I use Google Authenticator on Multiple Devices?
You can read the official release note on the Google Security Blog: Introducing portability of Google Authenticator 2SV codes across Android devices.
The lack of the option to transfer your Google Authenticator secret keys to the new device was the main reason why I have always searched for an alternative.
I`m a massive fan of offline solutions. Whether this is a Password Manager or Authenticator app, I have always tried to use applications that were storing all my sensitive data locally on my phone or computer.
But on this occasion, I did not have a choice. I used Authy only because it provided me with a cloud backup option if I lost or damaged my phone and had to restore the 2SV codes on another device.
Unfortunately, you were out of luck if you`ve lost or damaged your phone with Google Authenticator on it and did not have the secret key or Backup Codes to regain access to your accounts.
Luckily this is all behind us. Now we can use the Google Authenticator Transfer Accounts option to transfer our Secret Keys to another device quickly and easily.
Can you backup Yubico Authenticator codes?
When it comes to Yubico Authenticator, things are a bit different. There is no need to back up your Yubico Authenticator secret keys as there are no codes on your phone or computer in the first place.
Confused? Let me explain.
As I mentioned earlier, Yubico Authenticator generates the 2SV codes only after connecting the Yubikey to the device either via USB port or by tapping the NFC. Only then the codes are loaded into the app.
I`m sure you have already spotted the advantage here.
We no longer have to worry about having the Authenticator application on another device as a backup if our phone was lost or damaged.
We can insert or tap the NFC with our Yubikey on any device with the Yubico Authenticator application installed, and there you have it, all codes magically appear.
However, there is a small problem with having all your OTP codes attached to your key chain on a small device.
What happens if you lose or someone steals your YubiKey?
Don`t panic if your Yubikey was lost or stolen. The good news is that no one can read the secret keys stored on your Yubikey. By design, Yubikey is a write-only device.
On the other hand, if you haven’t secured your Yubikey by password, anyone can view the OTP codes by merely installing the Yubico Authenticator application on the phone or computer and plugging in or touching the NFC.
However, there is very little chance that anyone will be able to link you to any of the accounts listed in the Yubico Authenticator. On top of that, the OTP codes are useless without your password and log in.
Yes, you will still have to regain access to your accounts without having the OTP codes. But hopefully, you have thought about that when setting up 2FA in the first place, and you can regain access to your account by using one of the recovery options provided by the service.
That`s why it is highly advisable to have a spare Yubikey, which you can use in an emergency. But the same principle applies to Google Authenticator; the only difference is that you need to have a spare phone for Google Authenticator.
The other option is to use the QR codes or Secret Keys, which you have hopefully saved to set up the Google Authenticator or your spare Yubikey again.
Either way, after regaining access to your accounts, you should visit them and reset your 2FA options. You should also consider setting the password for your Yubikey, which will prevent whoever finds the device from viewing your codes. You can do this in the Yubico Authenticator settings.
Is Yubico better than Google Authenticator?
In my opinion, yes. There are a few annoying things, like settings up a password to stop whoever finds the lost device from viewing your OTP codes. But the same thing applies to your phone with Google Authenticator on it. I have always used App Lock with a pin before I could access the Google Authenticator app.
When it comes to Yubico Authenticator, I like that, unlike Google Authenticator, you can install Yubico Authenticator on your Windows PC, Mac, or even Linux, not to mention Android and iOS.
Having the application on your PC makes the login procedure much more straightforward. You are no longer bound to your phone. To view the code, you have to insert your Yubikey into the USB port.
Double click the code you would like to see, and by touching the Yubikey, the code is revealed to you and even conveniently copied to the clipboard.
On your phone, you can either insert the key into the USB-C port if you have a compatible device or use NFC to reveal your codes.
Although both Yubico Authenticator and Google Authenticator applications are free to use and download, the former requires you to spend between $40 to $60 on a physical device, without which Yubico Authenticator is useless.
But of course, we have to remember that Yubikey offers so much more than just storage for our OTP codes. Being compatible with most common security protocols, you can use your Yubikey with a range of services to elevate your security by using it as two-factor and passwordless authentication.
As you can see, the capability of creating your OTP codes is just a fraction of what Yubikey has to offer.
But if you want to use one just for generating OTP codes in Yubico Authenticator, you may have to prepare yourself not only to spend money on one but two devices so the second one can act as a backup. In that case, I would strongly consider sticking with a Google Authenticator app instead.
As you can see, there is no simple answer to whether the Yubico Authenticator is better than Google Authenticator. We cannot judge the Yubico Authenticator without discussing Yubikey, which is required for the application to work.
If you have some cash to burn and don`t care about other options that Yubikey offers, then yes, go for it, and you won’t look back.
On the other hand, Google Authenticator was one of the first applications of this type. So we all know how simple it is and how it works. And just recently, Google gives us the only feature missing to make this already great little app even better, the option to transfer your accounts.
Which Yubikey to buy?
I decided to buy two Yubikey 5C NFC for convenience and the number of features it offers. But there are several devices available, and you must determine by yourself which one to pick. If you are not sure, you can use the Yubikey quiz, which will help you select the right key for your needs. Just remember to budget a bit more for a second one so you can use it as a backup.