Comment by AceyMan
2 years ago
Authy doesn't implement SMS 2FA (how could it). A phone number is part of your user profile for registered mobile devices hosting the app.
2 years ago
Authy doesn't implement SMS 2FA (how could it). A phone number is part of your user profile for registered mobile devices hosting the app.
> Authy doesn't implement SMS 2FA (how could it).
https://www.authy.com/integrations/ssh/
"Someone in your organization doesn't have a smartphone? We got you covered. Authy SSH can send them the token via SMS or a phone call."
Even worse... Sounds like phone number is irrelevant, yet they collect it.
It's used to store and retrieve your 2fa secrets in case you lose your device
> > Even worse... Sounds like phone number is irrelevant, yet they collect it.
> It's used to store and retrieve your 2fa secrets in case you lose your device
The phone number doesn't store anything?
But if somehow knowing that phone number is a key to getting your 2FA secrets, you'd have a bigger problem.
Except it often is, and that's the problem.
3 replies →
How else are they going to track people with a hard-to-change identifier?
> How else are they going to track people with a hard-to-change identifier?
Using the device advertisee ID that the user is entitled to change.
// Sorry, for a moment I thought you were serious.
1 reply →
That is brilliant news for SIM swappers and criminals now that they can gain access to your codes directly with your phone number!
A terrific reason to avoid anything Twilio / Authy
In fairness, you cannot. It requires a backup password.