36 comments

[ 4.0 ms ] story [ 93.3 ms ] thread
I am not sure when this change was made.

Bumping the EOL up 5 months with less than a month of notice before EOL seems like a very unprofessional move. I wonder why they announced the far-off EOL in the first place, and why they had to bump it.

Between layoffs and unprofitably, they’re likely trying to roll off any non revenue producing work or costs as fast as possible.

Passkeys are also seeing fairly rapid uptake, negating the need for TOTP (and eventually SMS OTP). Also doesn’t bode well for their revenue depending on how much of Twilio volume are these messages (although I'd expect marketing and political SMS to be more material).

Maybe there's a critical flaw in it that's being actively exploited
I wonder if there was some kind of security issue, and they decided to move EoL up to beat a disclosure deadline.
It feels conspiratorial but I'm having a hard time coming up with virtually any other reason that makes any sense whatsoever.
The iOS version running on Apple Silicon is faster than the "desktop" app either way.
iOS version refuses to run on my Apple Silicon Mac because I have the security thingy disabled for debugging :\",
agreed, the "desktop" version has always sucked, but if you install the iPad version on macOS it works pretty well. Still buggy, but not nearly as bad as the regular app
The native feature built into "passwords" (still annoyingly in settings) is where I moved 'em all, works like a charm.
Agreed, I moved all my passwords and 2fa to Keychain after the LastPass hack and I couldn’t be happier. The integration with Safari is slick.
Sadly using ARC or chromium in any way means no keychain :( but just swapped to 2fas which uses icloud for backup and sync so ... still really clean and dont have to deal with authy fiasco anymore
Spent the past week slowly moving my TOTP from Authy to 1Pass, since the desktop/browser plugin continues to work.
Since the announcement I migrated to 2FAS and it's OK (I don't quite like the mobile UI as much but whatever).

The only thing I miss is cloud storage in a dedicated service, aka not Google Drive or any of the services I already use TOTP for, because otherwise I have a circular dependency issue, connecting to Google requires 2FAS, restoring 2FAS requires connecting to Google. Is there any alternative that provide a more "Authy like" experience?

I didn't find any. and after some thought, I decided I didn't want to be reliant on a 3rd party server again. For me, Google is an important enough account that I have multiple MFA methods like a TOPT, YubiKey, and my Android phone (not SMS).
That seems pretty dangerous considering the Google account locked horror stories that pop up from time to time and the quality of their support.
This is an excellent point. Back the old drawing board!
I ran into the same issue. And also the bus factor for on vacations. If you’re on vacation and your phone gets lost/broken/stolen, good luck getting up and running again without a cloud 2FA service.
How did you migrate? I didn’t see an automated way :(
Authy doesn't give you a way to export. You have to use this:

https://github.com/token2/authy-migration

Then add each one to whatever service you're migrating to

Wow thanks just dropped authy and swapped to 2fas in like 5 minutes lol

Now to get a few legacy ones out of microsoft authenticator somehow lol

I don't understand why you need google drive. Thats just to sync for backups. You can manually import and export if thats a huge concern for you
Well yeah it's "just" sync for backups... Being able to get back online after a "disaster" (phone broken or lost on holidays for example), is pretty high on my list of requirements for a 2FA app...
Well like I said you can just do it manually. export and store where ever you want.
I thought I had 5 months to figure out a migration; turns out I have two weeks?? annoying especially because Authy does not offer any export service, the "migration" involves going to every service and switching out my 2FA provider (most of them don't support more than one at a time).

I hadn't heard of 2FAS. It does multiple device sync for you? And is free? But I guess also not available on desktop, only phone, so no benefit to me over Authy except perhaps I don't think they are about to disappear entirely.

Bitwarden has TOTP support if you pay for premium ($10 a year). Been rock solid and worth the money.
Am I just weird that I don't trust their "recovery process"? My own process has always included having it installed on all my computers in case one of my devices goes missing or is destroyed.

Getting rid of Desktop seems like it's going to increase the amount of recovery processes because of phones getting lost, destroyed, stolen, etc for no real gain beyond not having to support it anymore.

Or am I just expected to have a spare phone that I install Authy on and leave in a drawer? My accounts are too valuable and critical to be locked out of them for 48+ hours or forever. I have security keys on everything that supports them but seems very short-sighted to leave this big of a gap in their ecosystem with no planned replacement.

Yeah, that was basically my only reason for having it on the desktop. Thankfully I can just install the ipad app on my macbook as a workaround.

More than likely though I'll just move all my TOTPs to 1password.

Yes, this is precisely why I use Authy -- for multi-device support with Just Works sync. I've got it on cellphone, work laptop, personal laptop. So even if two of these devices get lost or damaged, I still have the one.

I don't believe myself capable of keeping all these "recovery codes" for every service. I don't believe most people are. A 2FA ecology that depends on everyone having their "recovery codes" to avoid a situation where a lost/bricked/stolen device means they are locked out of like ALL their services... is an ecology where most people are at some point going to be locked out of all their services.

It's pretty incomprehensible to me that this is the ecology that's been built?

I don't know of any other thing with multi-device support -- that includes laptops not just phones, I only have one phone! -- that's as seamless a UX for non-techies as Authy. there are some non-free ones, that still aren't really as good usability wise. DIY setup on your own cloud storage does not even come close.

(comment deleted)