Generally, folks that use Bitwarden authenticator do so for two reasons: Remember, security often involves a tradeoff between protection and convenience, so the best solution is up to you. Understandably, some users are skeptical about using Bitwarden for token authentication. The team still refuses to accept this is a problem today.Īuthy was a good service when it launched like a decade ago, but honestly it's in need of a big upgrade, and I'm thinking now that Bitwarden or 1Password's OTP options, while not the most ideal in terms of lumping your passwords and OTPs in the same vault, may actually be a better option for most.Learn how to use Bitwarden authenticator. It's big enough that Coinbase removed Authy as the default option and later forced users to move to Google Authenticator/Yubikey. Google Authenticator (TOTP) tokens are locked behind a zero knowledge password, but Authy tokens are not. I've been emailing them about this since the Macbook Pros with TouchID came out.Īnother issue is native Authy Tokens are automatically downloaded once you confirm via SMS. The Desktop App sorts alphabetically but the mobile app is a mess. I follow up with them every 2 years, but it's just a cruel joke now. I emailed them to add some sorting options in 2013. They took nearly 3 years to add Face Unlock support in Android despite the APIs being out since Android 9 DP, and 2 years to add dark mode, and they still don't support following system theme in Android. They took 2+ years to add Android TouchID support. This app has been around for years and honestly since I've been using Authy in 2013 I don't think much has changed. OP: Twilio might be a good company, but Authy's software support has been trash. Authy may not be perfect, but I can guarantee you it's a hell of a lot better than the standard Google Authenticator app where if you lose your phone, you're SOL. So no, if Authy goes down, you have recourse. They even teach you that if you lose your 2FA backup codes and 2FA device you can use an existing logged in device to change 2FA settings and get new backup codes. The final part you also neglected was if you're already signed into those services with trusted devices, you generally don't need to re-authenticate with 2FA again. Authy works on multiple platforms, so if my phone gets stolen, I lock it and switch to using it on my PC/Mac/iPad. it's likely most people only have ONE Android phone, which means it is even less convenient. You seem to be a shill for andOTP which ONLY works on Android, so of course. Moreover, even if you use Authy or ANY 2FA app, it's still wise to save a copy of the QR code or OTP seed somewhere else as a backup. Yes maybe the cloud service is dead, but so what? You can still use those existing installations to access your accounts and switch to new TOTP tokens. And guess what? Authy works on EVERY platform (iOS, Android, Windows, Mac, Linux) meaning that all the devices you have it installed on will still work. If Authy stopped operating tomorrow, your installed apps today work. You seem to be extremely focused on Authy alone when this applies to every cloud backup service, password manager, etc in the world.Īnd no, you don't lose everything simultaneously. This is the case with almost everything else in the world. You need to realise that authy is a single point of failure that can result in you losing access to everything simultaneously. We really need to come up with a people friendly system and stop blaming users for being stupid for reusing passwords. This includes a lot of IT collegues as wel. How are normal people supposed to manage all their accounts? Well, I have asked around, and the answer? They simply user the same password over and over again and no 2FA when it is not encforced on them. I add my 2FA's in Authy (or any other app), but where do I keep the QR-codes? Hardware like Yubi, how do I insert a Yubi key in my phone? Backup them in another cloud service? Where do I keep that password. Where should I store them? Hardcopy, I can loose that and someone can access those nevermind trying to typ 64 character long keys that "REALLY MUST BE CHANGED EVERY 6 WEEKS!!!11". I have 100+ passwords, including very important heavy encryption keys. I'm starting to roll into a very heavy catch22 with passwords, 2fa and backups. Well, doesn't that account for all services, also like Lastpass? I don't have any control where they store their backups and it is not open source.
0 Comments
Leave a Reply. |