#Bitwarden Authenticator app! Finally an open-source alternative to #Authy. The app looks very nice and modern on Android. Can't wait for sync support.
I remember the day I switched to Authy because it would not vendor-lockin me for #TOTP codes. Alas, today is the day where I ditched it because Authy - without warning - stopped supporting the desktop app, even hurrying the deadline by 5 months! That was 70% of the total notification window as far as I could tell.
Requiring a mobile device for #2FA#MFA is not quite the same for me, and it can get lost (or stolen) way too easily for my taste.
I assume that #Twillio realise that the only reason I use #Authy is because it'll sync across my mobile and laptop.
By ditching the desktop app they make themselves irrelevent.
Also, with a product roadmap like "fuck it, give them a month", I'll also never use a Twillio product again. What a complete dick move
Well, crap, #Authy is shutting down its desktop #2FA app. I use its mobile one; should I start looking for an alternative just to be safe...? It's obviously not a major revenue stream for Twilio, so...
🚨🚨Authy, the two-factor authentication (2FA) service, says its desktop apps for macOS, Windows, and Linux will reach end-of-life on March 19, 2024
A partir del 19 de marzo de 2024, Authy dejará de dar soporte para las aplicaciones de escritorio (Authy Desktop) para Windows, macOS y Linux, dejando únicamente disponibles las de IOS y Android.
As #twilio is sunsetting their #authy desktop apps, I am wondering if there are any open source #2fa apps out there that support both desktop and mobile, maybe even Apple Watch...? Twilio still supports the mobile apps, but I don't want to get caught unprepared if they ever drop those, too.
If you use #Authy for 2-factor authentication, please be aware that since March 19th (I might be off for a couple days though) the desktop apps will be discontinued. So basically they force you to use mobile apps or nothing. I don't know about you, but for me it's totally unacceptable behavior. I tried the desktop app and didn't like it (because it's basically a web version wrapped in an executable), but I know people who use them namely because they have a desktop app. If I were you, I would migrate to something else just because it's not how good business is done.
Support article about it on their website: https://support.authy.com/hc/articles/17592416719003 (thanks @twynn for the link!)
"You may have previously seen an August 19, 2024, end of life (EOL) date for Twilio Desktop Authy apps. This date has been moved up to March 19, 2024."
Thats... helpful? Announce an EOL date for software and then once people have planned for that, abandon the date and bring it forward. Granted #Twilio#Authy was a terrible and unreliable bit of software, but still. Bringing the EOL forward 6 months leaving just one month to deal with the change is crap.
What TOTP / 2FA apps are people using, post #authysunset ? I need something that has at least some functionality across mobile and desktop, and isn't built into a password manager - I don't want either my phone or my password manager to be a single point of failure.
Now that #Authy has announced it's shutting down its desktop apps, the only alternative I've seen is Ente. Is anyone using something else?
I still like their product as it allows sync between devices and it's intuitive to use. Also credit where credit is due: They mention alternatives on their own support page.
Authy is a a #2fa / #MFA authentication app, though one that is not recommended in the #privacy space primarily because it does not offer easy export of codes (making it difficult to switch apps) and is closed source.
However, many people used it because it was one of the only apps not integrated into a password manager that allowed easy syncing across different devices.
I am urging any Authy users/holdouts to switch to an #opensource alternative that allows exporting 2FA secrets.
Observations about Authy discontinuing its desktop apps:
Less attack surface. The patching attack surface of desktop is different from mobile - desktop may be updated on a different schedule from mobile depending on platform, use case, budget, etc. The complexity attack surface of the desktop is also different from mobile (by default, simpler).
Stronger secret protection? It is not clear to me whether Authy uses strong mobile secure elements (Google Titan, Samsung Knox, Apple T1/T2, etc.) to protect secrets on mobile, or uses TPM to do so on desktop. Even if Authy isn't leveraging them directly, access to Authy can be put behind screen lock or app lock or FDE, which inherits the device's use of those secure elements (when properly managed).
Better 2FA independence. If you already have your first factor (password manager) in the desktop basket; putting the second factor in that same basket desktop may not have been good for some threat models in the first place.
Regressive reduced redundancy. Many demographics cannot afford a secondary/backup mobile device, and eliminating desktop as a fallback may be worse for them than having all their TOTP in a single mobile basket (backups aside, which themselves are part of the threat-model choices).
Backup vs export. Not being able to export TOTP seeds to a destination entirely outside of Authy's control may be a bug or a feature, depending on your model. It's a pain for the user - and for an attacker.
Side note: a workaround - running Authy as an Android app on a Chromebook - was already discontinued a year or two ago.
So ... trade-offs. And as always, #YTMMV (Your Threat Model May Vary).
Ma c'è un problema, se per qualche motivo non potete più generare codice OTP per la verifica in due passaggi non riuscirete più ad entrare e non potremo aiutarvi.
Quindi fate sempre il backup criptato di tutti i dati e usate un #OTP multipiattaforma da installare su più dispositivi come #Authy.
Se ne usate altri consigliateli nei commenti, grazie 🙏