It’s time to stop using Authy
Multi-factor authentication is a valuable security measure. If someone guesses or steals your password, it’s another barrier to their getting into your account. Using an application that generates access codes is one of the better ways to do it. Several applications are available, most of which use the same protocol. The Open Authentication architecture sets the standard, and many applications implement it, offering advantages or disadvantages. I’ve used Authy from Twilio for some time, but it’s time to leave.
The biggest dangers of using a 2FA application are a breach in its security and the loss of its availability. Authy has been deficient on both counts. In June, Twilio suffered a data breach. The exposed information wasn’t critical, but it could aid malicious parties in getting 2FA codes by trickery. Worse, Authy’s availability on various devices and computers has been erratic.
(more…)