I was vaguely aware that some things were changing with Authy, but this is ā¦ unacceptable to me.
I understand that a phone is the right starting point for an OTP app, but this is absolutely ridiculous in terms of continuity planning. Lose your phone, lose access until you get it replaced?
Theyāve helpfully listed some alternatives:
Authenticator.cc is just a browser extension. StepTwo is good for those who are all Apple. Secrets.app is also pure Apple. KeePassXC isnāt even 2FA, but it IS cross platform and supports encryption of your password database. This doesnāt replace Authy, but it is interesting. 1Passwordās site makes my head hurt, I think thatās a bad sign.
So thatās five options and five nopes.
Criteria:
I think what we want in an OTP app is this:
Works on multiple mobile devices simultaneously.
Offers desktop app for Linux/Mac/Windows.
Works with Google Voice numbers.
And based on some quick Googling and parsing of Reddit threads ā¦ nothing else does what Authy did.
LastPass might have decent features, but itās payware at the level needed and not FOSS, so thatās a nope. andOTP was once pretty good, but itās now orphanware.
One of the most hopeful thing thus far is 2FAS - works on Android and iPhone, and thereās a browser extension. This is going to require some testing - I hope itās not like the Threema leash, where you cell phone has to be on and network accessible. That would pretty much defeat the whole purpose of having a desktop backup.
Google Authenticator is similar to 2FAS - apps for both types of phones and a browser extension. I avoid Google as much as possible, but this might be one of those āhold your nose and use itā scenarios.
And as a late entry, FreeOTP is FOSS and seems to work everywhere.
Conclusion:
I started this thinking Iād be writing about an obvious solution to replace Authy. Instead I find Iām going to have to evaluate 2FAS, FreeOTP, and Google Authenticator. I like doing evals in general, but I had other things on my mind besides spending a day on this.
Like Gist, which perished within RIM, or Keybase, which is suffering a lingering death at the hands of Zoom, Authy is passing into the void. However I think what Iām seeing here is that both 2FAS and FreeOTP are NOT married to a specific mobile device. And if this all works smoothly, thatās actually going to be an upgrade over Authy in terms of continuity planning, albeit with the added complexity of doing backups.
I wonder which one is considered best by those who already have GrapheneOS ā¦