Authy: Difference between revisions

(6 intermediate revisions by one other user not shown)

Line 14:

==Consumer impact summary==

*Data export not allowed<ref name="data-export"></~~ref~~>

*Data export not allowed<ref name="data-export" />

*Data breach exposed user information<ref name="data-breach"></~~ref~~>

*Data breach exposed user information<ref name="data-breach" />

*Moved up the EOL for their desktop app; [[Microsoft Windows]] and Linux were left unsupported whereas M-Series Mac users could download the [[IOS]] app.

*Moved up the EOL for their desktop app; [[Microsoft Windows]] and Linux were left unsupported, whereas M-Series Mac users could download the [[IOS]] app.<ref name="eol" /><ref name="desktop-unsupported" />

===User freedom===

Line 23:

===User privacy===

~~The user account is~~ linked to ~~a mobile~~ phone ~~number. Additionally~~, ~~there was~~ a data breach in 2024 in which a CSV file, reportedly containing 33 million phone numbers, was leaked.<ref name="data-breach">{{Cite web |first=Pieter |last=Arntz |date=4 Jul 2024 |title=Authy phone numbers accessed by cybercriminals, warns Twilio |url=https://www.malwarebytes.com/blog/news/2024/07/authy-phone-numbers-accessed-by-cybercriminals-warns-twilio |url-status=live |website=Malwarebytes |archive-url=https://web.archive.org/web/20260621130725/https://www.malwarebytes.com/blog/news/2024/07/authy-phone-numbers-accessed-by-cybercriminals-warns-twilio |archive-date=21 Jun 2026}}</ref>

* User accounts are linked to phone numbers

* In 2022, threat actors reportedly gained access to 93 Authy accounts after a Twilio data breach<ref>{{Cite web |first=Pierluigi |last=Paganini |title=Twilio breach let attackers access Authy two-factor accounts of 93 users |date=29 Aug 2022 |url=https://securityaffairs.com/134984/data-breach/twilio-hack-authy-2fa.html |url-status=live |website=securityaffairs.com |archive-date=22 Jun 2026 |archive-url=https://web.archive.org/web/20260622092741/https://securityaffairs.com/134984/data-breach/twilio-hack-authy-2fa.html}}</ref>

* A data breach in 2024 in which a CSV file, reportedly containing 33 million phone numbers, was leaked.<ref name="data-breach">{{Cite web |first=Pieter |last=Arntz |date=4 Jul 2024 |title=Authy phone numbers accessed by cybercriminals, warns Twilio |url=https://www.malwarebytes.com/blog/news/2024/07/authy-phone-numbers-accessed-by-cybercriminals-warns-twilio |url-status=live |website=Malwarebytes |archive-url=https://web.archive.org/web/20260621130725/https://www.malwarebytes.com/blog/news/2024/07/authy-phone-numbers-accessed-by-cybercriminals-warns-twilio |archive-date=21 Jun 2026}}</ref>

==Incidents==

Line 32:

Line 34:

===Removing desktop app (''August 2024'')===

[[File:Authy Desktop App EOL.jpg|150px|thumb|right|Pop-up message on March 19, 2024]]

On March 19, 2024, Authy would no longer support their desktop app.<ref>{{Cite web |date=2024-01-01 |title=User guide: End of Life (EOL) for Twilio Authy Desktop app Overview |url=https://help.twilio.com/articles/22771146070299-User-guide-End-of-Life-EOL-for-Twilio-Authy-Desktop-app |url-status=live |archive-url=https://web.archive.org/web/20260208222002/https://help.twilio.com/articles/22771146070299-User-guide-End-of-Life-EOL-for-Twilio-Authy-Desktop-app |archive-date=2026-02-08 |work=Twilio}}</ref> Previously, the EOL date ~~was~~ August 19, 2024, however it was moved to March in order to ''"~~streamline~~ our focus and provide more value on existing product solutions for which we see increasing demand"~~''.~~<ref>{{Cite web |last=Karthik |first=Ashwin |date=2024-01-08 |title=Authy authenticator apps for desktop are being discontinued in March 2024 |url=https://www.ghacks.net/2024/01/08/authy-authenticator-apps-for-desktop-are-being-discontinued-in-august-2024/ |url-status=live |archive-url=https://web.archive.org/web/20250724152419/https://www.ghacks.net/2024/01/08/authy-authenticator-apps-for-desktop-are-being-discontinued-in-august-2024/ |archive-date=2025-07-24 |work=ghacks.net}}</ref> It was noted by TheVerge that M1 and M2 Macs can download the iOS version of the app, though Windows and Linux computers are left unsupported.<ref>{{Cite web |last=Roth |first=Emma |date=2024-01-08 |title=Authy is shutting down its desktop app |url=https://www.theverge.com/2024/1/8/24030477/authy-desktop-app-shutting-down |url-status=live |archive-url=https://ghostarchive.org/archive/pwX53 |archive-date=2026-03-09 |work=TheVerge}}</ref>

On March 19, 2024, Authy would no longer support their desktop app.<ref name="eol">{{Cite web |date=2024-01-01 |title=User guide: End of Life (EOL) for Twilio Authy Desktop app Overview |url=https://help.twilio.com/articles/22771146070299-User-guide-End-of-Life-EOL-for-Twilio-Authy-Desktop-app |url-status=live |archive-url=https://web.archive.org/web/20260208222002/https://help.twilio.com/articles/22771146070299-User-guide-End-of-Life-EOL-for-Twilio-Authy-Desktop-app |archive-date=2026-02-08 |work=Twilio}}</ref> Previously, the EOL date had been August 19, 2024, however it was moved to March in order to: <blockquote>"Streamline our focus and provide more value on existing product solutions for which we see increasing demand."</blockquote><ref>{{Cite web |last=Karthik |first=Ashwin |date=2024-01-08 |title=Authy authenticator apps for desktop are being discontinued in March 2024 |url=https://www.ghacks.net/2024/01/08/authy-authenticator-apps-for-desktop-are-being-discontinued-in-august-2024/ |url-status=live |archive-url=https://web.archive.org/web/20250724152419/https://www.ghacks.net/2024/01/08/authy-authenticator-apps-for-desktop-are-being-discontinued-in-august-2024/ |archive-date=2025-07-24 |work=ghacks.net}}</ref> It was noted by TheVerge that M1 and M2 Macs can download the iOS version of the app, though Windows and Linux computers are left unsupported.<ref name="desktop-unsupported">{{Cite web |last=Roth |first=Emma |date=2024-01-08 |title=Authy is shutting down its desktop app |url=https://www.theverge.com/2024/1/8/24030477/authy-desktop-app-shutting-down |url-status=live |archive-url=https://ghostarchive.org/archive/pwX53 |archive-date=2026-03-09 |work=TheVerge}}</ref>

==See also==

@@ Line 14: / Line 14: @@
 ==Consumer impact summary==
-*Data export not allowed<ref name="data-export"></ref>
+*Data export not allowed<ref name="data-export" />
-*Data breach exposed user information<ref name="data-breach"></ref>
+*Data breach exposed user information<ref name="data-breach" />
-*Moved up the EOL for their desktop app; [[Microsoft Windows]] and Linux were left unsupported whereas M-Series Mac users could download the [[IOS]] app.
+*Moved up the EOL for their desktop app; [[Microsoft Windows]] and Linux were left unsupported, whereas M-Series Mac users could download the [[IOS]] app.<ref name="eol" /><ref name="desktop-unsupported" />
 ===User freedom===
@@ Line 23: / Line 23: @@
 ===User privacy===
-The user account is linked to a mobile phone number. Additionally, there was a data breach in 2024 in which a CSV file, reportedly containing 33 million phone numbers, was leaked.<ref name="data-breach">{{Cite web |first=Pieter |last=Arntz |date=4 Jul 2024  |title=Authy phone numbers accessed by cybercriminals, warns Twilio |url=https://www.malwarebytes.com/blog/news/2024/07/authy-phone-numbers-accessed-by-cybercriminals-warns-twilio |url-status=live |website=Malwarebytes |archive-url=https://web.archive.org/web/20260621130725/https://www.malwarebytes.com/blog/news/2024/07/authy-phone-numbers-accessed-by-cybercriminals-warns-twilio |archive-date=21 Jun 2026}}</ref>
+* User accounts are linked to phone numbers
+* In 2022, threat actors reportedly gained access to 93 Authy accounts after a Twilio data breach<ref>{{Cite web |first=Pierluigi |last=Paganini |title=Twilio breach let attackers access Authy two-factor accounts of 93 users |date=29 Aug 2022 |url=https://securityaffairs.com/134984/data-breach/twilio-hack-authy-2fa.html |url-status=live |website=securityaffairs.com |archive-date=22 Jun 2026 |archive-url=https://web.archive.org/web/20260622092741/https://securityaffairs.com/134984/data-breach/twilio-hack-authy-2fa.html}}</ref>
+* A data breach in 2024 in which a CSV file, reportedly containing 33 million phone numbers, was leaked.<ref name="data-breach">{{Cite web |first=Pieter |last=Arntz |date=4 Jul 2024  |title=Authy phone numbers accessed by cybercriminals, warns Twilio |url=https://www.malwarebytes.com/blog/news/2024/07/authy-phone-numbers-accessed-by-cybercriminals-warns-twilio |url-status=live |website=Malwarebytes |archive-url=https://web.archive.org/web/20260621130725/https://www.malwarebytes.com/blog/news/2024/07/authy-phone-numbers-accessed-by-cybercriminals-warns-twilio |archive-date=21 Jun 2026}}</ref>
 ==Incidents==
@@ Line 32: / Line 34: @@
 ===Removing desktop app (''August 2024'')===
 [[File:Authy Desktop App EOL.jpg|150px|thumb|right|Pop-up message on March 19, 2024]]
-On March 19, 2024, Authy would no longer support their desktop app.<ref>{{Cite web |date=2024-01-01 |title=User guide: End of Life (EOL) for Twilio Authy Desktop app Overview |url=https://help.twilio.com/articles/22771146070299-User-guide-End-of-Life-EOL-for-Twilio-Authy-Desktop-app |url-status=live |archive-url=https://web.archive.org/web/20260208222002/https://help.twilio.com/articles/22771146070299-User-guide-End-of-Life-EOL-for-Twilio-Authy-Desktop-app |archive-date=2026-02-08 |work=Twilio}}</ref> Previously, the EOL date was August 19, 2024, however it was moved to March in order to ''"streamline our focus and provide more value on existing product solutions for which we see increasing demand"''.<ref>{{Cite web |last=Karthik |first=Ashwin |date=2024-01-08 |title=Authy authenticator apps for desktop are being discontinued in March 2024 |url=https://www.ghacks.net/2024/01/08/authy-authenticator-apps-for-desktop-are-being-discontinued-in-august-2024/ |url-status=live |archive-url=https://web.archive.org/web/20250724152419/https://www.ghacks.net/2024/01/08/authy-authenticator-apps-for-desktop-are-being-discontinued-in-august-2024/ |archive-date=2025-07-24 |work=ghacks.net}}</ref> It was noted by TheVerge that M1 and M2 Macs can download the iOS version of the app, though Windows and Linux computers are left unsupported.<ref>{{Cite web |last=Roth |first=Emma |date=2024-01-08 |title=Authy is shutting down its desktop app |url=https://www.theverge.com/2024/1/8/24030477/authy-desktop-app-shutting-down |url-status=live |archive-url=https://ghostarchive.org/archive/pwX53 |archive-date=2026-03-09 |work=TheVerge}}</ref>
+On March 19, 2024, Authy would no longer support their desktop app.<ref name="eol">{{Cite web |date=2024-01-01 |title=User guide: End of Life (EOL) for Twilio Authy Desktop app Overview |url=https://help.twilio.com/articles/22771146070299-User-guide-End-of-Life-EOL-for-Twilio-Authy-Desktop-app |url-status=live |archive-url=https://web.archive.org/web/20260208222002/https://help.twilio.com/articles/22771146070299-User-guide-End-of-Life-EOL-for-Twilio-Authy-Desktop-app |archive-date=2026-02-08 |work=Twilio}}</ref> Previously, the EOL date had been August 19, 2024, however it was moved to March in order to: <blockquote>"Streamline our focus and provide more value on existing product solutions for which we see increasing demand."</blockquote><ref>{{Cite web |last=Karthik |first=Ashwin |date=2024-01-08 |title=Authy authenticator apps for desktop are being discontinued in March 2024 |url=https://www.ghacks.net/2024/01/08/authy-authenticator-apps-for-desktop-are-being-discontinued-in-august-2024/ |url-status=live |archive-url=https://web.archive.org/web/20250724152419/https://www.ghacks.net/2024/01/08/authy-authenticator-apps-for-desktop-are-being-discontinued-in-august-2024/ |archive-date=2025-07-24 |work=ghacks.net}}</ref> It was noted by TheVerge that M1 and M2 Macs can download the iOS version of the app, though Windows and Linux computers are left unsupported.<ref name="desktop-unsupported">{{Cite web |last=Roth |first=Emma |date=2024-01-08 |title=Authy is shutting down its desktop app |url=https://www.theverge.com/2024/1/8/24030477/authy-desktop-app-shutting-down |url-status=live |archive-url=https://ghostarchive.org/archive/pwX53 |archive-date=2026-03-09 |work=TheVerge}}</ref>
 ==See also==