You use Authenticator to generate one-time passwords (also called verification codes) to sign in to your accounts that use multi-factor authentication.

Check with your account provider if multi-factor authentication is supported and how to enable it for your account.

Authenticator supports time-based and counter-based one-time passwords. See About one-time passwords.

To start Authenticator, touch and hold the Sophos icon and then tap Authenticator.


  • For time-based passwords, Authenticator shows the currently valid one-time password together with an animated icon that depicts the remaining time until the code becomes invalid and the next code is calculated.
  • For counter-based passwords, tap Tap for code to create the first code, or Next to create the next code. To prevent you from accidentally generating multiple codes in a row, there is a latency of a few seconds after each generation before you can generate the next code.
  • To copy the current one-time password for an account to the clipboard, tap it.
  • To edit the account details, tap Edit, select the account item and then tap Modify. For security reasons, you cannot display or edit the secret key.
  • To delete an account, tap Edit, select the account item and then tap the Delete Delete icon.
Warning When you delete an Authenticator entry, you will lose the ability to generate one-time passwords for that account. This doesn’t turn off multi-factor authentication. Deleting the Authenticator entry may prevent you from signing into your account.

Before you delete an entry, ensure that you either have an alternative mechanism for generating one-time passwords, or an alternative mechanism to sign in to your account without multi-factor authentication.