#authy — Public Fediverse posts

@jtb : an increasing number of people I know do no longer use desktops (that is, at home). An iPhone and an iPad, or an Android phone (and optionally a Chromebook), suffice for most people.

Commercial password managers will try to lock you in as a customer, while using open source (such as KeePass compatible) apps leads to other risks (such as stopped maintenance or malicious take over).

Most people I know even refuse to use password managers because of their complexity - while they enormously underestimate their risks by using one or a few weak passwords written on paper or stored in excel sheets.

Some of them feel betrayed after being advised to use TOTP 2FA - which is not phishing resistant, effectively *is* a password manager, too often without backups (of the shared secrets) being made, leading to account lockout after losing their phones (or app malfunction). And I'm not even considering privacy invasive and insecure TOTP apps such as Authy.

Nobody warned them of risks associated with TOTP, as nobody warns them for the risks that come with passkeys. People are, IMO, righfully not interested in the crap the industry is trying to enforce on them.

@rmondello @brandonbutler

#Passkeys #AccountLockout #Authentication #TOTP #Authy

@jtb : an increasing number of people I know do no longer use desktops (that is, at home). An iPhone and an iPad, or an Android phone (and optionally a Chromebook), suffice for most people.

Commercial password managers will try to lock you in as a customer, while using open source (such as KeePass compatible) apps leads to other risks (such as stopped maintenance or malicious take over).

Most people I know even refuse to use password managers because of their complexity - while they enormously underestimate their risks by using one or a few weak passwords written on paper or stored in excel sheets.

Some of them feel betrayed after being advised to use TOTP 2FA - which is not phishing resistant, effectively *is* a password manager, too often without backups (of the shared secrets) being made, leading to account lockout after losing their phones (or app malfunction). And I'm not even considering privacy invasive and insecure TOTP apps such as Authy.

Nobody warned them of risks associated with TOTP, as nobody warns them for the risks that come with passkeys. People are, IMO, righfully not interested in the crap the industry is trying to enforce on them.

@rmondello @brandonbutler

#Passkeys #AccountLockout #Authentication #TOTP #Authy

@jtb : an increasing number of people I know do no longer use desktops (that is, at home). An iPhone and an iPad, or an Android phone (and optionally a Chromebook), suffice for most people.

Commercial password managers will try to lock you in as a customer, while using open source (such as KeePass compatible) apps leads to other risks (such as stopped maintenance or malicious take over).

Most people I know even refuse to use password managers because of their complexity - while they enormously underestimate their risks by using one or a few weak passwords written on paper or stored in excel sheets.

Some of them feel betrayed after being advised to use TOTP 2FA - which is not phishing resistant, effectively *is* a password manager, too often without backups (of the shared secrets) being made, leading to account lockout after losing their phones (or app malfunction). And I'm not even considering privacy invasive and insecure TOTP apps such as Authy.

Nobody warned them of risks associated with TOTP, as nobody warns them for the risks that come with passkeys. People are, IMO, righfully not interested in the crap the industry is trying to enforce on them.

@rmondello @brandonbutler

#Passkeys #AccountLockout #Authentication #TOTP #Authy

@jtb : an increasing number of people I know do no longer use desktops (that is, at home). An iPhone and an iPad, or an Android phone (and optionally a Chromebook), suffice for most people.

Commercial password managers will try to lock you in as a customer, while using open source (such as KeePass compatible) apps leads to other risks (such as stopped maintenance or malicious take over).

Most people I know even refuse to use password managers because of their complexity - while they enormously underestimate their risks by using one or a few weak passwords written on paper or stored in excel sheets.

Some of them feel betrayed after being advised to use TOTP 2FA - which is not phishing resistant, effectively *is* a password manager, too often without backups (of the shared secrets) being made, leading to account lockout after losing their phones (or app malfunction). And I'm not even considering privacy invasive and insecure TOTP apps such as Authy.

Nobody warned them of risks associated with TOTP, as nobody warns them for the risks that come with passkeys. People are, IMO, righfully not interested in the crap the industry is trying to enforce on them.

@rmondello @brandonbutler

#Passkeys #AccountLockout #Authentication #TOTP #Authy

Mein neues Handy ist ein #fairphone 6
Noch nie so ein teures Handy gekauft.
Aber wenn es doppelt so lange hält, amortisiert es sich vielleicht?
#Degoogling ist dann der nächste Schritt, aber im Moment geht's einfach noch nicht ohne ...
Ich versuche es mit "plus1".
Aber erstmal muss ich alle Apps neu einrichten/anmelden/umziehen.
Leider zickt ausgerechnet #Authy herum. Auf dem alten Gerät geht es nich, auf dem neuen sind alle Konten gesperrt und das Passwort (aus dem PW Manager) geht nicht...

Ente completes CERN sponsored audit

This includes (especially so) Ente Auth.

I wanted to bring some awareness to this because when I think of MFA I typically think of TOTP Authenticators. Like my friend Eric Hameleers (alienbob), I bent the knee way back and adopted the proprietary, closed source product Authy by Twilio.

Why? Because there were considerations to raise, such as, "What if I drop my phone in the fricken' toilet?", or, "I want my authenticator to support installs on multiple platforms and sync" - Actually, both of those considerations are really the same thing. The mess about this really was that Google Authenticator and others didn't sync, existed on a single device, and I had no need or desire to enjoy passwordless authentication offered by Microsoft for some resources.

Authy provided multi-devices w/sync, on #Android, #Linux, and #Windows, okay I guess, and my phone(s). And then Ente Auth came out, they were working on the desktop version and close to a release, it sync'ed with multiple devices and second best of all, it was the first truly cross-platform (Okay I never tried running it on a BSD) authenticator - it could sync between a Linux box and a Windows desktop and an Android - that's everything in my Universe, and actually, who cares about Windows anyway?

Just about that time, as I started considering the move, Twilio informed everyone that Authy support on Desktop was going Bye Bye!

So the choice at that point was Easy Peasy - migrate nowwwww!!! And so I fired up my rarely used wYnd0z3 box and got an alert - "This desktop version will be retired soon, you need to update to the lastest version as soon as possible"... in so many words.

Hmmm... Yeah, I dunno. I think I'mma do some online searches, this sounds fishy to me. And oh boy did it stink to high heaven. I'm glad I checked that out and found a little blurb (over on Reddit, IIRC) that covered the steps required to export everything, a script, a hacked up patch, and voila! done - got it!

There was one caveat there, for those who ventured into those same murky waters that I had - DO NOT APPLY THE TWILIO UPDATE!!!* For those who did, they found out quickly that the a patch no longer worked, they could not perform the export, and this was by design since the export had to be performed on a desktop version of Authy, effectively subjugating the non-daring with the typical enshittification that we've always known as #Vendor_Lockin.

By the time Eric apparently got around to making the move to #Ente_Auth from #Authy, the laborious process was entirely manual - one site at a time, which you can READ ABOUT HERE.

You really gotta watch these sneaky proprietary types of folks.

So anyway, fast forward a bit to where we are now, and although I mentioned my second fav reason to select Ente Auth, I didn't disclose my fav - which should be obvious: It's #FOSS. And not just that, but #Self_Hosted FOSS, if you prefer to keep things close to your breast.

Anyway, that's the backstory and the long way around my announcement here that you an read up on the Audit of all Ente products here:

https://ente.io/blog/cern-audit/

So, IMNSHO, There's really no reason to choose another authenticator, really, truly, there just isn't.

I hope that helps. Enjoy!

#tallship #redundancy #TOTP

⛵

.

How to Add Two-Factor Authentication (2FA) to WordPress in About 2 Minutes https://lowendbox.com/blog/how-to-add-two-factor-authentication-2fa-to-wordpress-in-about-2-minutes/ #twofactorauthentication #googleauthenticator #Tutorials #wordpress #Security #authy #2FA

How to Add Two-Factor Authentication (2FA) to WordPress in About 2 Minutes https://lowendbox.com/blog/how-to-add-two-factor-authentication-2fa-to-wordpress-in-about-2-minutes/ #twofactorauthentication #googleauthenticator #Tutorials #wordpress #Security #authy #2FA

@willsilvah Dica pra você. Use #enteauth
Utilizo a tempos depois que #Authy descontinuou client desktop.
Sim, ele tem client para desktop.

Als #authy den Export nicht mehr unterstützte, war es natürlich mühsam, die Daten alle umzuziehen.

Ich hatte mir eine Liste gemacht und dann nach und nach alle Dienste auf #enteAuth umgezogen (#2FAS wäre die zweite Option gewesen).

Genau so werde ich das nun mit allen meinen benutzten US-Diensten machen: in einer Liste alle Abhängigkeiten sammeln und dann nach und nach umziehen.

#esIstAnDerZeit #unplugTrump

Thanks everyone for all the recommendations! The reason I wanted to stop using Authy was because they were breached last year and they're also closed-source.

If someone is thinking of moving away from Authy the following seem to be the most-liked on Fedi, going by the replies: Ente, Aegis, FreeOTP+ and 2FAS. All of them are free and open source.

I chose Ente because it also works cross-platform. #Authy #AuthenticatorApp

I want to move away from Authy. Dear Fedi, safest authenticator app? Go. #AskFedi #Authy #AuthenticatorApp

Edit: I ended up going with Ente 🦆 https://ente.io/auth/

I've been trying to use more #OpenSource software in the new year, in the past two weeks I’ve made the switch for the following apps: (I’m on #macOS )

1. #1Password → #Bitwarden ( @bitwarden )
2. #Authy → #Ente Auth
3. #Ivory → Ice Cubes ( @IceCubesApp )
4. #AppCleaner → #Pearcleaner
5. The Unarchiver → #Keka
6. #Bartender → #Dozer
7. Caffeine → #KeepingYouAwake

There's a lot more to go, but I’m trying to go slow and enjoy the #FOSS journey.

Ok, I'm going to fully admit I'm not entirely sure how to use #YubicoAuthenticator amongst multiple #YubiKeys vs, say, #Authy or #GoogleAuthenticator after a year+ of off/on looking to try it out.

Do I need to store the #TOTP seeds on every #YubiKey I own? And they all take up a slot? If so, I'm glad for most high value ones, I've been saving encrypted copies of the initial secret key in my password manager. Is that the way it works, all stored in the keys, and not some DB on each device?

goodness gracious #authy is such a trash #2fa provider. i can forgive the data breaches (not really) but depreciating and BRICKING the desktop app is unforgivable. the obviously know that because the make porting out code secrets IMPOSSIBLE. you have to manually reset EVERY account. i guess you get what you pay for…. i hope @ente auth is different in that aspect. its already been way easier to use and far more aesthetically pleasing! #ente #enteauth

If I want to migrate away from #Authy, which iOS App would I use these days?

I only need an iOS app. It should sync via iCloud without the need for other external accounts or servers. If I could export the data for the case I want to migrate again, that would be perfect.

No Chrome plugin, no desktop app. Nothing that saves my passwords together with ny #2FA codes. That would be absurd.

Is 2FAS okay? It seems like it's pretty much the best choice currently.

#TwoFactor #Security #iOS #AskFedi

A week in security (July 1 – July 7) https://www.malwarebytes.com/blog/news/2024/07/a-week-in-security-july-1-july-7 #cobaltstrike #TaylorSwift #Prudential #eviltwin #Twilio #Authy #News

I'm also moving my 2FA from #Authy somewhere else. I found #2FAS which is open-source and immediately feels nicer to use than Authy's UI. The fact that Authy won't let me export my accounts ("for security" they say) is icing on the cake after their recent security breach. Good riddance.

https://2fas.com

I decided to move my 2FA tokens out of #Authy and into #2FAS. Out of spite and curiosity to see how the process would be. I did them manually (disable on each site and re-enable), which is time consuming and lets you jump through a lot of hoops... That last thing is good I guess, for security reasons.

But 3/10 would not recommend the process, but definitely worth checking out what apps are out there for MFA. I settled on https://2fas.com since it has a desktop browser plugin.

Just received from #Twillo regarding #Authy Desktop 🫤

"Starting March 19, 2024, Twilio Desktop Authy apps will reach their end of life (EOL). Beyond this date, you can access most of the desktop features and functionality in the mobile Authy apps."

The sad #Authy desktop app is finally being put out of its misery. It was astonishingly slow and bloated for something that generated a few numbers every 30 seconds.

I switched to #2fas (https://2fas.com) a while ago and can't recommend it enough, even though it doesn't have a desktop version.

I veckans poddavsnitt pratar vi om hur tvåfaktorsautentiseringsappen ”2FAS” kan ersätta Authy lagom till när Authy pensionerar Windows- och Mac OS-stödet.

https://www.youtube.com/watch?v=6jwr_msuqrU

#BliSäker #2FA #2FAS #Authy #RFC6238 #TOTP

Switched to #2FAS now #Authy is winding down desktop support. Never liked not being able to properly backup my TOTP codes anyway.

My #twilio #authy #authenticator #authentification providing #otp #onetimepassword for #twostepverification #2sv does not work on #nixos . Can you recommend any alternatives that work for e.g. Amazon , Bitwarden, google and so on? Thanks.

🇵🇱 Nowy wpis na blogu! / 🇬🇧 New blog post!

DWService – remote desktop via browser [ENG 🇬🇧]

#2fa #agent #anydesk #authy #cli #client #dwservice #remotedesktop #server #teamviewer #totp #vnc #xwayland

Autor: @[email protected]

https://blog.tomaszdunia.pl/dwservice-eng/

🇵🇱 Nowy wpis na blogu! / 🇬🇧 New blog post!

DWService – zdalny pulpit przez przeglądarkę

#2fa #agent #anydesk #authy #cli #dwservice #klient #remotedesktop #serwer #teamviewer #totp #vnc #waylandenable #xwayland #zdalnypulpit

Autor: @[email protected]

https://blog.tomaszdunia.pl/dwservice/

My fave tech in 2022
Distro: #Fedora #Linux 37
Powerline: #Devolo
Mesh: Netgear #Orbi
LED tech: Philips #Hue
Pass manager: #Bitwarden
Messenger: #Signal
Budgeting: #YNAB
Console: #SteamDeck
Game: #VampireSurvivors
Social Media: #Mastodon & #Pixelfed
DNS: #NextDNS
2FA: #Authy
Mail client: #K9Mail
Email host: #MXroute
Cloud sync app: #Insync
Desk toy: #Divoom Ditoo
Earphones: #Sony WF-1000XM3
Printer: #Brother DCP-L2530DW
Media Player: Nvidia #ShieldTV
TV: Sony #XH95 85"
Ecig: #Vaporesso Gen200

@[email protected] Wouldn't that be great? Who knows, maybe they'll make it happen. I am a big #FOSS proponent but proprietary software isn't inherently evil in my humble opinion. For instance, #Steam is great! So are #Vivaldi, #GOG, #inSync, #Plex, #Authy, etc. I am Ricardo, not Richard. 😉 :thinking_rms: In the end I'm for choice, whatever floats your boat.