Comment by Soliah
12 years ago
I've been using Authy[1] without any problems on iOS7. Great thing is that it can also be used for other services that use OTP (AWS, Cloudflare, Facebook etc).
12 years ago
I've been using Authy[1] without any problems on iOS7. Great thing is that it can also be used for other services that use OTP (AWS, Cloudflare, Facebook etc).
Count me as another vote for Authy. One more amazing feature: Your tokens stick to your Authy account instead of your physical device. If you need to restore your phone or delete the app, you don't need to disable two-factor on all your accounts and then set it up again.
Just reinstall Authy, reauthorize with your Authy account, and you're done! Helped me countless times, from when I had to rebuild my iOS install because of a backup problem to when I got a replacement device due to a hardware issue.
Doesn't giving the device keys to a third party, while also authenticating using a password with that third party, sort of defeat the whole purpose of two-factor authentication?
Yes.
Unfortunately, their marketing is highly convincing. Most people (even most engineers) won't realize the tradeoff here: Authy replaces "two factor authorization" with "two password authorization". It should be clear which is more secure.
The "two factors" with GA are a knowledge factor (something you know - your password) and a possession factor (something you have - your phone number for SMS or phone for GA app).
See also https://en.wikipedia.org/wiki/Multi-factor_authentication
4 replies →