Comment by inhumantsar
2 years ago
Authy is both a SaaS and a consumer-facing authenticator app.
When companies integrate Authy into their system, they can use it for SMS OTP (also deliverable by phone call + TTS iirc) as well as regular TOTP, Authy's proprietary TOTP, and others.
Your phone number would only be at risk if you used a service which used Authy for SMS 2FA
The consumer app also wants your phone number... It prompts you to "backup" your codes, so that they're not gone if you reinstall the app or switch devices
you probably gave them your phone number at some point if youve got authy on multiple devices.
/Edit: just checked on a clean install. It prompts for a phone number instantly and won't let you scan codes without creating an account. Not sure when that happened, as I haven't really used it in years.
Figures. I stand corrected then.
We used Authy for 2FA at my last company and migrated off it to use a complete auth platform. The amount of user (consumer and business) hostile shit we found in the process was astounding.
Twilio was nice to work with way back when it was the only decent API-driven POTS connection service out there. They've steadily gotten worse over the years and acquisitions though. Wouldn't recommend them to my worst enemy these days.
You know, one thing I learned from my patients... they all hate the phone company. It's interesting; even the stock holders of the phone company hate the phone company!
1 reply →
What do you recommend now
1 reply →
What's Authy's proprietary TOTP protocol? Is it just in fact HOTP, like Duo?
https://news.ycombinator.com/item?id=20936222