this post was submitted on 09 Jan 2024
145 points (95.0% liked)

Technology

58303 readers
14 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
all 37 comments
sorted by: hot top controversial new old
[–] [email protected] 49 points 10 months ago (2 children)

If you’d rather switch apps altogether, it’s worth noting that Authy doesn’t come with an export feature.

That's what makes Aegis better IMO. People use it because they like it, not because they're locked in.

[–] [email protected] 13 points 10 months ago (2 children)

So how do I go about switching away from Authy? Go to every site I have 2FA enabled and remove/readd with the new app?

[–] [email protected] 22 points 10 months ago (1 children)
[–] [email protected] 7 points 10 months ago

Blerggghgfghhh >:[

Thanks

[–] [email protected] 12 points 10 months ago

You can follow the steps here to use a previous version of the desktop app to extract the keys: https://gist.github.com/gboudreau/94bb0c11a6209c82418d01a59d958c93

The javascript didn't seem to send the extracted data anywhere, but I did disconnect from the internet while running the script.

[–] [email protected] 7 points 10 months ago (1 children)

What would possess anybody to use a 2FA service that locks you in?

[–] [email protected] 20 points 10 months ago (1 children)
[–] [email protected] 18 points 10 months ago* (last edited 10 months ago)

It's not like they advertise "No exporting" as a feature after all.

And generally speaking when people are grabbing an authenticator app it's because you're either trying to sign up for a service, or you've been given some kind of unwelcome push to upgrade your account security. Not an environment that's conducive to extensive research.

[–] flumph 24 points 10 months ago (4 children)

Spent an hour last night moving to 2FAS. Authy doesn't make it easy -- unlike their competitors, they don't offer an export feature.

[–] [email protected] 19 points 10 months ago* (last edited 10 months ago) (4 children)

2FAS

It launched an NFT based donation program: https://2fas.com/donate/

and it is not available on F-Droid.

I'd go with Aegis for an App on Android, or a Bitwarden/KeepassXC password manager which can both handle 2fa tokens too.

[–] Deebster 17 points 10 months ago (2 children)

I don't like the thought of having my passwords and 2FA live in the same place - that seems to miss the point a bit.

[–] [email protected] 10 points 10 months ago (1 children)
[–] Deebster 5 points 10 months ago

Ha, fair - and my desktop too, since I currently use the Authy desktop app. However, that's two different sets of credentials an attacker needs to steal/bypass, and two chances to stop them in time.

[–] [email protected] 2 points 10 months ago* (last edited 10 months ago)

You can have 2 different keys DB on keepassXC with different passwords, you can even try to save them in separate remote locations. The key points are data interoperability over different devices and its portability over different services, because the worst thing that can happen is that your favourite app, from where you cannot use or move your credentials elsewhere (like the Steam Guard app for instance), one day might stop working suddenly leaving you unable to access your accounts.

[–] [email protected] 5 points 10 months ago

If you use Linux then OTPClient works great with Aegis since it can open Aegis export files directly. I've set up Aegis to make an export whenever I change something, I sync the exports automatically to my PC, and I open them with OTPClient there.

OTPClient can ask for the export password each time you open it and will close itself automatically if it's not used for a while.

You can also use it to export the 2FA codes further in various formats, show the QR code for any of them, and all kinds of useful features like that.

[–] [email protected] 4 points 10 months ago

Aegis is great.

[–] [email protected] 1 points 10 months ago* (last edited 10 months ago) (1 children)
[–] [email protected] 1 points 10 months ago

You can download it straight from their GitHub, or presumably using Obtainium

yeah but F-Droid also insures the authenticity and reproducibility of the binary builds

[–] [email protected] 10 points 10 months ago

First thing I check before I commit to something: export feature.

[–] [email protected] 3 points 10 months ago

Yeah, this is going to be a pain in the ass. At least I have until summer.

[–] [email protected] 1 points 10 months ago (1 children)
[–] flumph 2 points 10 months ago

Literally went to every site in Authy and removed 2FA and then re-added it with the new app.

[–] [email protected] 22 points 10 months ago (1 children)

It's an electron application so it's possible to connect a debugger and extract the keys from there if you wish to export them.

A quick search found this and I did similar myself a few years ago when something forced me to usr authy.

[–] [email protected] 1 points 10 months ago
[–] [email protected] 14 points 10 months ago (1 children)

Twilio, Authy’s parent company, is also moving Authy’s customer support hub to the help center on Twilio’s website after January 15th, 2024.

Twilio says it made the decision to sunset its desktop app to “streamline our focus and provide more value on existing product solutions for which we see increasing demand.” The company laid off 5 percent of workers in December 2023, and it just announced on Monday that it has replaced its CEO.

[–] [email protected] 21 points 10 months ago

Yeah these are absolutely things healthy companies that aren't in danger of going out of business do.

[–] [email protected] 12 points 10 months ago

Sigh...

Authy desktop was extremely useful when my phone broke during an international trip, and getting a new one obviously took some time due to well.. being abroad.

[–] [email protected] 11 points 10 months ago (1 children)

I wish more developers would click that little checkbox in AppStore connect and allow their iPhone / iPad apps to run on the Mac. It’s pretty damn handy.

[–] [email protected] 6 points 10 months ago

This is the best summary I could come up with:


An updated support page spotted by Bleeping Computer says Authy’s app on Windows, macOS, and Linux will go away in August 2024.

However, Authy is one of the only 2FA apps available for desktop, making it an ideal choice when you want to sign into an account on your computer without having to get out your phone.

If you have a Mac with M1 or M2 silicon, Authy says you’ll still be able to download the iOS version of the app on your device.

Otherwise, Authy recommends switching to the mobile version instead, which you can automatically sync with the app on your computer.

If you’d rather switch apps altogether, it’s worth noting that Authy doesn’t come with an export feature.

Twilio says it made the decision to sunset its desktop app to “streamline our focus and provide more value on existing product solutions for which we see increasing demand.” The company laid off 5 percent of workers in December 2023, and it just announced on Monday that it has replaced its CEO.


The original article contains 260 words, the summary contains 173 words. Saved 33%. I'm a bot and I'm open source!

[–] [email protected] 6 points 10 months ago (1 children)

Ente Auth is better anyway

[–] [email protected] 2 points 10 months ago* (last edited 10 months ago) (1 children)

Does it have a desktop app and mobile app?

Edit: must be a typo I can't find this app

[–] [email protected] 1 points 10 months ago

I believe this is the one they're referring to

[–] [email protected] 4 points 10 months ago

I have been meaning to get off of them on mobile for my MFA tokens for awhile now, but haven't been able to bring myself to go through the effort. I really need to, I have been expecting any day now that Authy was going to go subscription or go away completely once Twilio got into the equation.

[–] [email protected] 3 points 10 months ago

I've had no lucky with my 7 digit exports and can't find anywhere to reset them, but it seems these services only use authy for totp.

For my 6 digit ones I was able to export them all and move apps with this guide

https://gist.github.com/gboudreau/94bb0c11a6209c82418d01a59d958c93

There's also a YouTube video here:

https://m.youtube.com/watch?v=n7ruB_uFcj4

One issue I had was authy kept trying to auto update from the old version any time I was in the setup process and it would cease to function, forcing me to restart it, and then it was updated.

All I did was go to the appdata folder in windows where it was installed and I found different folders for the specific version and I just opened a terminal there and ran it with the argument defined in the guide and it worked fine.

[–] [email protected] 1 points 10 months ago

Good! One proprietary Electron app less on this world.

Seriously, for generating one-time codes do we really need whole web engine underneath, a network connection and whole company based on it? Those things should not weight more than a couple of kilobytes plus a vector icon.