Comment on Authy got hacked, and 33 million user phone numbers were stolen

<- View Parent
9point6@lemmy.world ⁨4⁩ ⁨months⁩ ago

Okay I see what you’re saying but it’s still a downgrade from what I thought my security was, the fact authy broke that trust doesn’t mean I want to compromise what I was expecting to the level they ended up providing me

Sure, I guess the thing I’ve not made clear enough is that I accept the compromise of security by having an SMS backup in this scenario for the convenience it provides in restoration. Someone could compromise my SMS but they’d still need my password, and in Authy’s case, they would also then need to be able to sufficiently convince Twilio that I’m me before they allow access again. I understand that the last step is obviously not possible with a non-commercial solution.

Tbh you’ve kinda come up with the solution for me though, if I keep the database in it’s own cloud storage separate from everything else I could set up SMS 2FA and a unique memorable password to get a similar experience to what I have now, albeit without the extra verification when SMS is used.

Since you’ve been helpful already, one last question if you don’t mind: do you have good recommendations for iOS, Mac & Windows clients for aegis? The official repo seems to just be an android app, and I make use of authy across all 4 platforms currently

source
Sort:hotnewtop