Read the reviews for Google Authenticator. Here are a few good ones:
If you have saved codes don’t update.
– 23 Mar 2016
Lost all my codes in a backup/restore
– 9 May 2016
Lost all sign-in data upon upgrading.
– 7 July 2016
Losing your two-factor authentication codes is a very serious problem, whether it’s from losing your phone or an app update gone bad. See Github’s answer on what to do if you lose your 2FA code:
If you’ve lost access to your account after enabling two-factor authentication, GitHub can’t help you gain access again.
After reading these reviews, I realized a bad update could lock me out of Gmail, Github, Dropbox, AWS, and many other services. I save recovery codes in 1Password, but if I need to regain access away from my computer, I’ll be SOL.
Rather than rely on luck and recovery codes, I’m changing how I use 2FA. From now on, all 2FA codes will go in Google Authenticator and 1Password. This combination gives me the speed of Google Authenticator and the peace of mind knowing my codes are backed up in a second app.