Bumping the EOL up 5 months with less than a month of notice before EOL seems like a very unprofessional move. I wonder why they announced the far-off EOL in the first place, and why they had to bump it.
Between layoffs and unprofitably, they’re likely trying to roll off any non revenue producing work or costs as fast as possible.
Passkeys are also seeing fairly rapid uptake, negating the need for TOTP (and eventually SMS OTP). Also doesn’t bode well for their revenue depending on how much of Twilio volume are these messages (although I'd expect marketing and political SMS to be more material).
agreed, the "desktop" version has always sucked, but if you install the iPad version on macOS it works pretty well. Still buggy, but not nearly as bad as the regular app
Sadly using ARC or chromium in any way means no keychain :( but just swapped to 2fas which uses icloud for backup and sync so ... still really clean and dont have to deal with authy fiasco anymore
Since the announcement I migrated to 2FAS and it's OK (I don't quite like the mobile UI as much but whatever).
The only thing I miss is cloud storage in a dedicated service, aka not Google Drive or any of the services I already use TOTP for, because otherwise I have a circular dependency issue, connecting to Google requires 2FAS, restoring 2FAS requires connecting to Google. Is there any alternative that provide a more "Authy like" experience?
I didn't find any. and after some thought, I decided I didn't want to be reliant on a 3rd party server again. For me, Google is an important enough account that I have multiple MFA methods like a TOPT, YubiKey, and my Android phone (not SMS).
I ran into the same issue. And also the bus factor for on vacations. If you’re on vacation and your phone gets lost/broken/stolen, good luck getting up and running again without a cloud 2FA service.
Well yeah it's "just" sync for backups... Being able to get back online after a "disaster" (phone broken or lost on holidays for example), is pretty high on my list of requirements for a 2FA app...
I thought I had 5 months to figure out a migration; turns out I have two weeks?? annoying especially because Authy does not offer any export service, the "migration" involves going to every service and switching out my 2FA provider (most of them don't support more than one at a time).
I hadn't heard of 2FAS. It does multiple device sync for you? And is free? But I guess also not available on desktop, only phone, so no benefit to me over Authy except perhaps I don't think they are about to disappear entirely.
Bizarre to me that there is no way to export your existing account information. For anyone else looking to export TOTP tokens from Authy... since it is an Electron app, this user created a nice script:
Am I just weird that I don't trust their "recovery process"? My own process has always included having it installed on all my computers in case one of my devices goes missing or is destroyed.
Getting rid of Desktop seems like it's going to increase the amount of recovery processes because of phones getting lost, destroyed, stolen, etc for no real gain beyond not having to support it anymore.
Or am I just expected to have a spare phone that I install Authy on and leave in a drawer? My accounts are too valuable and critical to be locked out of them for 48+ hours or forever. I have security keys on everything that supports them but seems very short-sighted to leave this big of a gap in their ecosystem with no planned replacement.
Yes, this is precisely why I use Authy -- for multi-device support with Just Works sync. I've got it on cellphone, work laptop, personal laptop. So even if two of these devices get lost or damaged, I still have the one.
I don't believe myself capable of keeping all these "recovery codes" for every service. I don't believe most people are. A 2FA ecology that depends on everyone having their "recovery codes" to avoid a situation where a lost/bricked/stolen device means they are locked out of like ALL their services... is an ecology where most people are at some point going to be locked out of all their services.
It's pretty incomprehensible to me that this is the ecology that's been built?
I don't know of any other thing with multi-device support -- that includes laptops not just phones, I only have one phone! -- that's as seamless a UX for non-techies as Authy. there are some non-free ones, that still aren't really as good usability wise. DIY setup on your own cloud storage does not even come close.
36 comments
[ 4.0 ms ] story [ 93.3 ms ] threadBumping the EOL up 5 months with less than a month of notice before EOL seems like a very unprofessional move. I wonder why they announced the far-off EOL in the first place, and why they had to bump it.
Passkeys are also seeing fairly rapid uptake, negating the need for TOTP (and eventually SMS OTP). Also doesn’t bode well for their revenue depending on how much of Twilio volume are these messages (although I'd expect marketing and political SMS to be more material).
The only thing I miss is cloud storage in a dedicated service, aka not Google Drive or any of the services I already use TOTP for, because otherwise I have a circular dependency issue, connecting to Google requires 2FAS, restoring 2FAS requires connecting to Google. Is there any alternative that provide a more "Authy like" experience?
https://github.com/token2/authy-migration
Then add each one to whatever service you're migrating to
Now to get a few legacy ones out of microsoft authenticator somehow lol
I hadn't heard of 2FAS. It does multiple device sync for you? And is free? But I guess also not available on desktop, only phone, so no benefit to me over Authy except perhaps I don't think they are about to disappear entirely.
https://gist.github.com/gboudreau/94bb0c11a6209c82418d01a59d...
I successfully used it to get them moved over to Bitwarden.
Getting rid of Desktop seems like it's going to increase the amount of recovery processes because of phones getting lost, destroyed, stolen, etc for no real gain beyond not having to support it anymore.
Or am I just expected to have a spare phone that I install Authy on and leave in a drawer? My accounts are too valuable and critical to be locked out of them for 48+ hours or forever. I have security keys on everything that supports them but seems very short-sighted to leave this big of a gap in their ecosystem with no planned replacement.
More than likely though I'll just move all my TOTPs to 1password.
I don't believe myself capable of keeping all these "recovery codes" for every service. I don't believe most people are. A 2FA ecology that depends on everyone having their "recovery codes" to avoid a situation where a lost/bricked/stolen device means they are locked out of like ALL their services... is an ecology where most people are at some point going to be locked out of all their services.
It's pretty incomprehensible to me that this is the ecology that's been built?
I don't know of any other thing with multi-device support -- that includes laptops not just phones, I only have one phone! -- that's as seamless a UX for non-techies as Authy. there are some non-free ones, that still aren't really as good usability wise. DIY setup on your own cloud storage does not even come close.
More discussion over here two weeks ago: https://news.ycombinator.com/item?id=39360439