What 2FA app you recommend?

  • westingham
    link
    fedilink
    41 year ago

    I’m out of the loop, why is Authy being owned by Twilio a bad thing?

    • @Harrison@infosec.pub
      link
      fedilink
      51 year ago

      It’s less that Twilio specifically owns it than problems resulting from corporate ownership. Briefly:

      1. You can’t get your data out of Authy. Actually you can, but it’s a long annoying process involving installing an out of date chrome extension and using developer tools.
      2. Privacy issues. Authy links a lot of data including location to your identity.
      3. Authy supports SMS account recovery (which is inherently insecure) and doesn’t allow users to disable it.