Authy authenticator apps for desktop are being discontinued in August 2024

ho no I like Authy for desktop, sad news,,

 

Authy for desktop sucked anyway, because it didn't allow me to scan QR codes and I couldn't sync it with my mobile app. However, I do think it's silly for such a huge company not to offer a desktop 2FA app.

 

Just got an email from Twilio today that they have moved up the date they are ending support for Authy Desktop to March 19, 2024.

I really like having the authenticator on my laptop, and I consider it a security risk to have it on the cell phone I carry with me all the time.

Any ideas about an authenticator which has a Windows version that I might switch to? Hopefully one that works with websites that use Google Authenticator and one which can be accessed from more than one device. Also one to which it would be easy to migrate from Authy.

So far, one candidate I've found is ente Authenticator. Has anyone used it? There are instructions about how to migrate from Authy at https://github.com/ua741/authy-export/releases/tag/v0.0.4, but I can't figure out how to follow them.

 

I share similar viewpoint and am too in despair over the news.

Authy is on my cell, on my W 10 and on my linux as well - hence it worked perfectly. Now need to switch, but to what address?

 

I'm pretty satisfied with MS Authenticator across all my devices regardless of OS.

 

Was able to follow instructions at https://github.com/ua741/authy-export/releases/tag/v0.0.4 to export Authy data, once I figured out that "./" referred to current working directory. I actually like ente Authenticator better than Authy—on my computer (viewing codes on website) all code appear on one page, and it's easy to click on the code, which copies it, then paste it into the field on the page where I am signing in; unlike Authy, ente is open-source and keeps user data end-to-end-encrypted.

 

Isn't ente Authenticator mobile only? So how is this a replacement for Authy Desktop? You could try to switch to WinAuth or Protecc if you're looking for a desktop 2FA app. They should work on most sites that support Google Authenticator, see second and third link.

https://github.com/ente-io/auth
https://apps.microsoft.com/detail/9PJX91M06TZS?hl=en-US&gl=US
https://winauth.github.io/winauth/index.html

 

Yes and no. You can only manage it in a mobile phone. That is, to add a new website for which to display authentication codes or to change any settings, you have to be using a mobile phone. But you can get the codes for services you have already added by going to this website (https://auth.ente.io/auth) and logging in.

So it is not a complete replacement for Authy Desktop, but it meets my needs for now. And it sounds like they are in the process of developing a full-functioning desktop version.

I do appreciate hearing about the authenticators your cited. It sounds like they work only in Windows. Can they be used for the same account from more than one Windows computer?

 

OK I see, and I forgot that you needed the sync function so that your 2FA codes can be synced across all your devices. I don't believe that WinAuth and Protecc can do this since they are desktop only.

But I totally forgot to mention that just about all password managers offer 2FA syncing on all devices, it's probably not going to be free though. You could use Roboform or 1Password, for example. You could also use ProtonPass, but it only works as an extension, so it has no desktop app.

https://help.roboform.com/hc/en-us/...-a-2FA-authenticator-for-other-sites-and-apps
https://support.1password.com/one-time-passwords/
https://proton.me/pass

 

BTW, I also found this free 2FA authenticator, but it's not really known, so probably not a good idea to use it. And it's also detected as malware on VirusTotal (probably a false positive). And I now see that I can't launch the desktop app on Win 10, I get some error about a missing DLL file. But the website does look quite professional though.

https://www.free-authenticator.com
https://www.verifyr.com

 

Thanks, Rasheed.

ente is working fine for now. If I did switch, would probably go to Bitwarden. For access to authenticator, one must buy premium service, only $10/year for one person. Bitwarden is well-established company, trusted and not likely to disappear or drop a service (as Twilio did with Authy Desktop).

 

Yes, I forgot about Bitwarden. Although some people do warn about using your password manager as 2FA authenticator, because they store both your passwords and 2FA secret keys. So if your account somehow does get breached, you're toast. Now that I think of it, I wonder if your password manager account can be secured with a hardware security key (YubiKey, Google Titan, FEITIAN ePass), since this is virtually unhackable.

 

I don't use Bitwarden as my p/w manager. I prefer keeping everything on my computer and backups. If I used Bitwarden, it would just be as an authenticator. I didn't make that clear.

 

OK I see, I forgot that you could use password managers strictly as a 2FA authenticator. I would like to use a tool like Proton Pass, it looks very cool and handy, problem is you first need to sign up for an account, while I rather store everything locally, not in the cloud. Of course if you need to sync to other devices, you have no choice but to use the cloud.

 

In contrast to passwords, TOTP tokens to account isn't one-to-one relationship. Most services allow up to 5 separate tokens per account. It is good to generate at least two of them per each important account and keep them in separate devices or print one of them on a paper.

I don't want to justify Authy move and broken sync, it is more an information and tip, because I myself was initially with that password-like attitude when I first started using TOTPs

 

I was somewhat discontent with the move, I did have a notion the service they offered was top-notch, but now I have moved to
2fas.com

We shall see if I was right.

 

authy did not work here for my smartphone, 2FAS did - thats why i never used any from twilio. for work i use MS Authentificator - sadly its mandatory, not optional.

 

I would like to offer a suggestion and solution I have used for years now. Take your TOTP authentications "offline" by storing your TOTP site credentials on Yubi sticks. You can place them on numerous sticks serving as backups. e.g. - sitting on my desktop currently and if I need a TOTP code to access a website I simply use a Yubi, which could in fact be connected continuously while my OS is mounted. It takes a second and there is no ONLINE pass of code from Authy to me, plus no third party (Authy or others) ever see my credentials making it PRIVATE. Security wise that means a significant attack surface is neutralized. Its much easier to use once setup and much faster.

Security -- My Yubi's are protected with 20+ character passwords keeping my TOTP codes secure as can be. For simplicity, my EXACT computer and my Yubi sticks have a stored "handshake" so simply connecting the Yubi opens the TOTP arsenal in about 1 second. Absent being on my LUKS encrypted computer I could only use the TOTP feature of the Yubi by entering the needed 20+ digit password. I do have a similar "handshake" stored on Android as well and its a snap.

So -- faster, offline, more secure, private. No brainer!!!!

 

Unfortunately a YubiKey can store only a limited number of TOTP secrets:

https://support.yubico.com/hc/en-us...-many-accounts-can-I-register-my-YubiKey-with

The actual number apparently depends on the firmware version (which cannot be upgraded).

Mine can only store 32 items, so I only (can) store the most important ones on them.

 

XIII --- That is not an issue for me, but I understand your post. I am able to get around that by migrating most of my website logins to true FIDO using the main security feature of Yubi's.

 

Authy always maintaned that their app (at least mobile ones - I wasn't interested in any desktop TOTP app) was E2E encryptes, so even they can't see nor decrypt information used for token synchronization. I don't remember exactly, but they only served images for domains, so they could suspect which domains you are protecting by TOTP.

 

I’d love to use passkeys (iCloud Keychain, 1Password, and/or YubiKey) everywhere, but many sites do not support that (yet?).

 

The Yubi method eliminates the NEED for trusting a third party to guard your credentials. When I made the move the main thing was the incredible speed from a direct connection vs internet fetching of the credentials.

Using a password manager and storing only TOTP's for each site doesn't work? I never tried that and I use BitWarden for hundreds of items. I like to keep my TOTP and passwords in a separate place. If I needed it I would consider using BitWarden (or any other decent manager) and storing a TOTP for each site I access. Then I could call it up when needed and proceed. In my "tin-foil" life maybe two BW accounts, but again no need for me.