New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Authy Desktop will be EOL on March 19, 2024
listerine90
Member
in General
Why should I care?
You are using Authy.
Why should I migrate now?
If you are an Authy user and are planning to move to a different 2fa app, you now only have a month to export your data using this unofficial method
It gets pretty difficult once you reach the end point as there are not any known methods of extracting secrets on the Authy android app.
You will have to manually reset your 2fa which might be potentially much more secure, but can get very tedious if you are managing multiple 2fa accounts.
Comments
Are there any similar alternative desktop apps to use once Authy is EOL?
KeepassXC is a desktop opensource password manager and supports TOTP, compatible with Keepass2Android which is also opensource.
Thanks. I am going to try another solution: using Android X86 to install Authy app with root access, to be able to import the data from Authy to Aegis.
I was using chrome extension before and now desktop.
From HN:
”If you migrate to another app and then delete your authy account, you risk having 2FA removed for some integrated accounts if they're set up to directly use the Authy backend. Twitch in some cases was pointed out.”
This is a warning for those people that have the 7 digits authy TOTP.
6 digits TOTP are safe from this predicament, but always do double checks by analysing the contents of the extracted data.
By the way, if anyone knows (@listerine90 maybe), is this them just focusing on other platforms or is this a first step in down prioritizing the whole Authy thing eventuelly becoming inactive?
I don’t care for the Desktop app personally, but I care about my 2fa app being maintained & working..
Their app store changelog is just sadness
Edit: If you’re running Apple Silicon, it seems that you’ll still be able to install (according to HN, the iPad version) on your computer.
It's a possibility that they're focusing on being mobile now. Considering how technical it is to export your 2fa's with authy desktop alone with just the mobile, I definitely no longer recommend them now.
According to them the only way to switch to a different 2fa is to re-enable them
But we know that this is BS, Authy obviously does not want to lose their customers by giving them an option to switch easily. Closed source + lack of control on your data is simply a recipe for disaster, at least in my perspective.
I learned this fact when google authenticator was only an offline mode (v5). It was almost impossible to extract and backup my data, and look what happened, phone got reset my entire 2fa was gone in an instant. The only way to recover my account was to email each of my account's support hub and or use my recovery keys (majority was recovered).
With authy's case, I definitely do not want to store 10+ accounts with them with the reasons aforementioned above.
Edit: Sorry for the long rant, I just wanted to cram as many points in a single comment as possible.
@listerine90 I managed to "recover" Authy on a new device with no issues. Don't remember how, but it was very simple. It probably was through some sort of recovery key or simply SMS.
Honestly, I respect the concerns but I believe that Authy isn't really (if I understand the situation right) the primary threat to my accounts and the stability of the services that I access online.
I'm confident that the biggest risk to me is myself.