Retiring Authy
I knew there were some changes coming, but this is unacceptable.
I was vaguely aware that some things were changing with Authy, but this is β¦ unacceptable to me.
I understand that a phone is the right starting point for an OTP app, but this is absolutely ridiculous in terms of continuity planning. Lose your phone, lose access until you get it replaced?
Theyβve helpfully listed some alternatives:
Authenticator.cc is just a browser extension. StepTwo is good for those who are all Apple. Secrets.app is also pure Apple. KeePassXC isnβt even 2FA, but it IS cross platform and supports encryption of your password database. This doesnβt replace Authy, but it is interesting. 1Passwordβs site makes my head hurt, I think thatβs a bad sign.
So thatβs five options and five nopes.
Criteria:
I think what we want in an OTP app is this:
Works on multiple mobile devices simultaneously.
Offers desktop app for Linux/Mac/Windows.
Works with Google Voice numbers.
And based on some quick Googling and parsing of Reddit threads β¦ nothing else does what Authy did.
LastPass might have decent features, but itβs payware at the level needed and not FOSS, so thatβs a nope. andOTP was once pretty good, but itβs now orphanware.
One of the most hopeful thing thus far is 2FAS - works on Android and iPhone, and thereβs a browser extension. This is going to require some testing - I hope itβs not like the Threema leash, where you cell phone has to be on and network accessible. That would pretty much defeat the whole purpose of having a desktop backup.
Google Authenticator is similar to 2FAS - apps for both types of phones and a browser extension. I avoid Google as much as possible, but this might be one of those βhold your nose and use itβ scenarios.
And as a late entry, FreeOTP is FOSS and seems to work everywhere.
Conclusion:
I started this thinking Iβd be writing about an obvious solution to replace Authy. Instead I find Iβm going to have to evaluate 2FAS, FreeOTP, and Google Authenticator. I like doing evals in general, but I had other things on my mind besides spending a day on this.
Like Gist, which perished within RIM, or Keybase, which is suffering a lingering death at the hands of Zoom, Authy is passing into the void. However I think what Iβm seeing here is that both 2FAS and FreeOTP are NOT married to a specific mobile device. And if this all works smoothly, thatβs actually going to be an upgrade over Authy in terms of continuity planning, albeit with the added complexity of doing backups.
I wonder which one is considered best by those who already have GrapheneOS β¦