HackerTrans
TopNewTrendsCommentsPastAskShowJobs

Authy Desktop EOL moved from August 2024 to March 19 2024(support.authy.com)

28 points·by jrochkind1·2 anni fa·34 comments
support.authy.com
Authy Desktop EOL moved from August 2024 to March 19 2024

https://support.authy.com/hc/en-us/articles/17592416719003-Business-customer-guide-End-of-Life-EOL-for-use-of-Authy-API-with-Twilio-Authy-Desktop-apps

36 comments

madamelic·2 anni fa
Am I just weird that I don't trust their "recovery process"? My own process has always included having it installed on all my computers in case one of my devices goes missing or is destroyed.

Getting rid of Desktop seems like it's going to increase the amount of recovery processes because of phones getting lost, destroyed, stolen, etc for no real gain beyond not having to support it anymore.

Or am I just expected to have a spare phone that I install Authy on and leave in a drawer? My accounts are too valuable and critical to be locked out of them for 48+ hours or forever. I have security keys on everything that supports them but seems very short-sighted to leave this big of a gap in their ecosystem with no planned replacement.
jrochkind1·2 anni fa
Yes, this is precisely why I use Authy -- for multi-device support with Just Works sync. I've got it on cellphone, work laptop, personal laptop. So even if two of these devices get lost or damaged, I still have the one.

I don't believe myself capable of keeping all these "recovery codes" for every service. I don't believe most people are. A 2FA ecology that depends on everyone having their "recovery codes" to avoid a situation where a lost/bricked/stolen device means they are locked out of like ALL their services... is an ecology where most people are at some point going to be locked out of all their services.

It's pretty incomprehensible to me that this is the ecology that's been built?

I don't know of any other thing with multi-device support -- that includes laptops not just phones, I only have one phone! -- that's as seamless a UX for non-techies as Authy. there are some non-free ones, that still aren't really as good usability wise. DIY setup on your own cloud storage does not even come close.
devrand·2 anni fa
Yeah, that was basically my only reason for having it on the desktop. Thankfully I can just install the ipad app on my macbook as a workaround.

More than likely though I'll just move all my TOTPs to 1password.
jrochkind1·2 anni fa
I am not sure when this change was made.

Bumping the EOL up 5 months with less than a month of notice before EOL seems like a very unprofessional move. I wonder why they announced the far-off EOL in the first place, and why they had to bump it.
toomuchtodo·2 anni fa
Between layoffs and unprofitably, they’re likely trying to roll off any non revenue producing work or costs as fast as possible.

Passkeys are also seeing fairly rapid uptake, negating the need for TOTP (and eventually SMS OTP). Also doesn’t bode well for their revenue depending on how much of Twilio volume are these messages (although I'd expect marketing and political SMS to be more material).
kingnothing·2 anni fa
Maybe there's a critical flaw in it that's being actively exploited
Guillaume86·2 anni fa
Since the announcement I migrated to 2FAS and it's OK (I don't quite like the mobile UI as much but whatever).

The only thing I miss is cloud storage in a dedicated service, aka not Google Drive or any of the services I already use TOTP for, because otherwise I have a circular dependency issue, connecting to Google requires 2FAS, restoring 2FAS requires connecting to Google. Is there any alternative that provide a more "Authy like" experience?
jrochkind1·2 anni fa
I thought I had 5 months to figure out a migration; turns out I have two weeks?? annoying especially because Authy does not offer any export service, the "migration" involves going to every service and switching out my 2FA provider (most of them don't support more than one at a time).

I hadn't heard of 2FAS. It does multiple device sync for you? And is free? But I guess also not available on desktop, only phone, so no benefit to me over Authy except perhaps I don't think they are about to disappear entirely.
mksybr·2 anni fa
You can export from Authy, not exactly easily for non-technical users though: https://gist.github.com/gboudreau/94bb0c11a6209c82418d01a59d...
jrochkind1·2 anni fa
When the instructions begin with "Install Authy desktop app, version 2.2.3 (the more recent versions won't work)"... ok, good to know!
discardedrefuse·2 anni fa
I didn't find any. and after some thought, I decided I didn't want to be reliant on a 3rd party server again. For me, Google is an important enough account that I have multiple MFA methods like a TOPT, YubiKey, and my Android phone (not SMS).
Guillaume86·2 anni fa
That seems pretty dangerous considering the Google account locked horror stories that pop up from time to time and the quality of their support.
discardedrefuse·2 anni fa
This is an excellent point. Back the old drawing board!
jorvi·2 anni fa
I ran into the same issue. And also the bus factor for on vacations. If you’re on vacation and your phone gets lost/broken/stolen, good luck getting up and running again without a cloud 2FA service.
angryasian·2 anni fa
I don't understand why you need google drive. Thats just to sync for backups. You can manually import and export if thats a huge concern for you
Guillaume86·2 anni fa
Well yeah it's "just" sync for backups... Being able to get back online after a "disaster" (phone broken or lost on holidays for example), is pretty high on my list of requirements for a 2FA app...
angryasian·2 anni fa
Well like I said you can just do it manually. export and store where ever you want.
underyx·2 anni fa
How did you migrate? I didn’t see an automated way :(
angryasian·2 anni fa
Authy doesn't give you a way to export. You have to use this:

https://github.com/token2/authy-migration

Then add each one to whatever service you're migrating to
cchance·2 anni fa
Wow thanks just dropped authy and swapped to 2fas in like 5 minutes lol

Now to get a few legacy ones out of microsoft authenticator somehow lol
Guillaume86·2 anni fa
Yes I used this one
aftbit·2 anni fa
I wonder if there was some kind of security issue, and they decided to move EoL up to beat a disclosure deadline.
k8svet·2 anni fa
It feels conspiratorial but I'm having a hard time coming up with virtually any other reason that makes any sense whatsoever.
xd1936·2 anni fa
Bizarre to me that there is no way to export your existing account information. For anyone else looking to export TOTP tokens from Authy... since it is an Electron app, this user created a nice script:

https://gist.github.com/gboudreau/94bb0c11a6209c82418d01a59d...

I successfully used it to get them moved over to Bitwarden.
Guillaume86·2 anni fa
There's also https://github.com/token2/authy-migration which worked fine for me.
ChrisArchitect·2 anni fa
[dupe]

More discussion over here two weeks ago: https://news.ycombinator.com/item?id=39360439
[deleted]·2 anni fa
hipadev23·2 anni fa
Spent the past week slowly moving my TOTP from Authy to 1Pass, since the desktop/browser plugin continues to work.
syntaxing·2 anni fa
Bitwarden has TOTP support if you pay for premium ($10 a year). Been rock solid and worth the money.
georgel·2 anni fa
The iOS version running on Apple Silicon is faster than the "desktop" app either way.
Amorymeltzer·2 anni fa
The native feature built into "passwords" (still annoyingly in settings) is where I moved 'em all, works like a charm.
pram·2 anni fa
Agreed, I moved all my passwords and 2fa to Keychain after the LastPass hack and I couldn’t be happier. The integration with Safari is slick.
cchance·2 anni fa
Sadly using ARC or chromium in any way means no keychain :( but just swapped to 2fas which uses icloud for backup and sync so ... still really clean and dont have to deal with authy fiasco anymore
jasongill·2 anni fa
agreed, the "desktop" version has always sucked, but if you install the iPad version on macOS it works pretty well. Still buggy, but not nearly as bad as the regular app
coolsunglasses·2 anni fa
iOS version refuses to run on my Apple Silicon Mac because I have the security thingy disabled for debugging :\
[deleted]·2 anni fa