Authy: Difference between revisions
Added missing citation, briefly expanded on the details of the event. |
m →Consumer impact summary: Changed ref calls to shorter format. |
||
| (7 intermediate revisions by one other user not shown) | |||
| Line 14: | Line 14: | ||
==Consumer impact summary== | ==Consumer impact summary== | ||
*Data export not allowed<ref name="data-export" /> | |||
*Data breach exposed user information<ref name="data-breach" /> | |||
*Moved up the EOL for their desktop app; [[Microsoft Windows]] and Linux were left unsupported, whereas M-Series Mac users could download the [[IOS]] app.<ref name="eol" /><ref name="desktop-unsupported" /> | |||
===User freedom=== | ===User freedom=== | ||
====Inability to export tokens==== | ====Inability to export tokens==== | ||
Authy does not allow the user to export their 2FA tokens to another service in order to "maintain security for our users".<ref>{{Cite web |title=Export or Import Tokens in the Authy app Not Supported Objective |url=https://help.twilio.com/articles/19753420684059 |url-status=live |archive-url=https://web.archive.org/web/20260217105416/https://help.twilio.com/articles/19753420684059 |archive-date=2026-02-17 |access-date=2026-03-06 |website=Twilio}}</ref> This makes it harder for users to switch to another 2FA application, in return forces them to delete all their 2FA tokens and manually add set them up again in a new app. | Authy does not allow the user to export their 2FA tokens to another service in order to "maintain security for our users".<ref name="data-export">{{Cite web |title=Export or Import Tokens in the Authy app Not Supported Objective |url=https://help.twilio.com/articles/19753420684059 |url-status=live |archive-url=https://web.archive.org/web/20260217105416/https://help.twilio.com/articles/19753420684059 |archive-date=2026-02-17 |access-date=2026-03-06 |website=Twilio}}</ref> This makes it harder for users to switch to another 2FA application, in return forces them to delete all their 2FA tokens and manually add set them up again in a new app. | ||
===User privacy=== | ===User privacy=== | ||
* User accounts are linked to phone numbers | |||
* In 2022, threat actors reportedly gained access to 93 Authy accounts after a Twilio data breach<ref>{{Cite web |first=Pierluigi |last=Paganini |title=Twilio breach let attackers access Authy two-factor accounts of 93 users |date=29 Aug 2022 |url=https://securityaffairs.com/134984/data-breach/twilio-hack-authy-2fa.html |url-status=live |website=securityaffairs.com |archive-date=22 Jun 2026 |archive-url=https://web.archive.org/web/20260622092741/https://securityaffairs.com/134984/data-breach/twilio-hack-authy-2fa.html}}</ref> | |||
* A data breach in 2024 in which a CSV file, reportedly containing 33 million phone numbers, was leaked.<ref name="data-breach">{{Cite web |first=Pieter |last=Arntz |date=4 Jul 2024 |title=Authy phone numbers accessed by cybercriminals, warns Twilio |url=https://www.malwarebytes.com/blog/news/2024/07/authy-phone-numbers-accessed-by-cybercriminals-warns-twilio |url-status=live |website=Malwarebytes |archive-url=https://web.archive.org/web/20260621130725/https://www.malwarebytes.com/blog/news/2024/07/authy-phone-numbers-accessed-by-cybercriminals-warns-twilio |archive-date=21 Jun 2026}}</ref> | |||
==Incidents== | ==Incidents== | ||
| Line 30: | Line 34: | ||
===Removing desktop app (''August 2024'')=== | ===Removing desktop app (''August 2024'')=== | ||
[[File:Authy Desktop App EOL.jpg|150px|thumb|right|Pop-up message on March 19, 2024]] | [[File:Authy Desktop App EOL.jpg|150px|thumb|right|Pop-up message on March 19, 2024]] | ||
On March 19, 2024, Authy would no longer support their desktop app.<ref>{{Cite web |date=2024-01-01 |title=User guide: End of Life (EOL) for Twilio Authy Desktop app Overview |url=https://help.twilio.com/articles/22771146070299-User-guide-End-of-Life-EOL-for-Twilio-Authy-Desktop-app |url-status=live |archive-url=https://web.archive.org/web/20260208222002/https://help.twilio.com/articles/22771146070299-User-guide-End-of-Life-EOL-for-Twilio-Authy-Desktop-app |archive-date=2026-02-08 |work=Twilio}}</ref> Previously, the EOL date | On March 19, 2024, Authy would no longer support their desktop app.<ref name="eol">{{Cite web |date=2024-01-01 |title=User guide: End of Life (EOL) for Twilio Authy Desktop app Overview |url=https://help.twilio.com/articles/22771146070299-User-guide-End-of-Life-EOL-for-Twilio-Authy-Desktop-app |url-status=live |archive-url=https://web.archive.org/web/20260208222002/https://help.twilio.com/articles/22771146070299-User-guide-End-of-Life-EOL-for-Twilio-Authy-Desktop-app |archive-date=2026-02-08 |work=Twilio}}</ref> Previously, the EOL date had been August 19, 2024, however it was moved to March in order to: <blockquote>"Streamline our focus and provide more value on existing product solutions for which we see increasing demand."</blockquote><ref>{{Cite web |last=Karthik |first=Ashwin |date=2024-01-08 |title=Authy authenticator apps for desktop are being discontinued in March 2024 |url=https://www.ghacks.net/2024/01/08/authy-authenticator-apps-for-desktop-are-being-discontinued-in-august-2024/ |url-status=live |archive-url=https://web.archive.org/web/20250724152419/https://www.ghacks.net/2024/01/08/authy-authenticator-apps-for-desktop-are-being-discontinued-in-august-2024/ |archive-date=2025-07-24 |work=ghacks.net}}</ref> It was noted by TheVerge that M1 and M2 Macs can download the iOS version of the app, though Windows and Linux computers are left unsupported.<ref name="desktop-unsupported">{{Cite web |last=Roth |first=Emma |date=2024-01-08 |title=Authy is shutting down its desktop app |url=https://www.theverge.com/2024/1/8/24030477/authy-desktop-app-shutting-down |url-status=live |archive-url=https://ghostarchive.org/archive/pwX53 |archive-date=2026-03-09 |work=TheVerge}}</ref> | ||
==See also== | ==See also== | ||