Authy: Difference between revisions
→User privacy: reformatted section, added content and references |
m →Consumer impact summary: Changed ref calls to shorter format. |
||
| (2 intermediate revisions by one other user not shown) | |||
| Line 14: | Line 14: | ||
==Consumer impact summary== | ==Consumer impact summary== | ||
*Data export not allowed<ref name="data-export" | *Data export not allowed<ref name="data-export" /> | ||
*Data breach exposed user information<ref name="data-breach" | *Data breach exposed user information<ref name="data-breach" /> | ||
*Moved up the EOL for their desktop app; [[Microsoft Windows]] and Linux were left unsupported, whereas M-Series Mac users could download the [[IOS]] app.<ref name="eol" | *Moved up the EOL for their desktop app; [[Microsoft Windows]] and Linux were left unsupported, whereas M-Series Mac users could download the [[IOS]] app.<ref name="eol" /><ref name="desktop-unsupported" /> | ||
===User freedom=== | ===User freedom=== | ||
| Line 34: | Line 34: | ||
===Removing desktop app (''August 2024'')=== | ===Removing desktop app (''August 2024'')=== | ||
[[File:Authy Desktop App EOL.jpg|150px|thumb|right|Pop-up message on March 19, 2024]] | [[File:Authy Desktop App EOL.jpg|150px|thumb|right|Pop-up message on March 19, 2024]] | ||
On March 19, 2024, Authy would no longer support their desktop app.<ref name="eol">{{Cite web |date=2024-01-01 |title=User guide: End of Life (EOL) for Twilio Authy Desktop app Overview |url=https://help.twilio.com/articles/22771146070299-User-guide-End-of-Life-EOL-for-Twilio-Authy-Desktop-app |url-status=live |archive-url=https://web.archive.org/web/20260208222002/https://help.twilio.com/articles/22771146070299-User-guide-End-of-Life-EOL-for-Twilio-Authy-Desktop-app |archive-date=2026-02-08 |work=Twilio}}</ref> Previously, the EOL date | On March 19, 2024, Authy would no longer support their desktop app.<ref name="eol">{{Cite web |date=2024-01-01 |title=User guide: End of Life (EOL) for Twilio Authy Desktop app Overview |url=https://help.twilio.com/articles/22771146070299-User-guide-End-of-Life-EOL-for-Twilio-Authy-Desktop-app |url-status=live |archive-url=https://web.archive.org/web/20260208222002/https://help.twilio.com/articles/22771146070299-User-guide-End-of-Life-EOL-for-Twilio-Authy-Desktop-app |archive-date=2026-02-08 |work=Twilio}}</ref> Previously, the EOL date had been August 19, 2024, however it was moved to March in order to: <blockquote>"Streamline our focus and provide more value on existing product solutions for which we see increasing demand."</blockquote><ref>{{Cite web |last=Karthik |first=Ashwin |date=2024-01-08 |title=Authy authenticator apps for desktop are being discontinued in March 2024 |url=https://www.ghacks.net/2024/01/08/authy-authenticator-apps-for-desktop-are-being-discontinued-in-august-2024/ |url-status=live |archive-url=https://web.archive.org/web/20250724152419/https://www.ghacks.net/2024/01/08/authy-authenticator-apps-for-desktop-are-being-discontinued-in-august-2024/ |archive-date=2025-07-24 |work=ghacks.net}}</ref> It was noted by TheVerge that M1 and M2 Macs can download the iOS version of the app, though Windows and Linux computers are left unsupported.<ref name="desktop-unsupported">{{Cite web |last=Roth |first=Emma |date=2024-01-08 |title=Authy is shutting down its desktop app |url=https://www.theverge.com/2024/1/8/24030477/authy-desktop-app-shutting-down |url-status=live |archive-url=https://ghostarchive.org/archive/pwX53 |archive-date=2026-03-09 |work=TheVerge}}</ref> | ||
==See also== | ==See also== | ||
Latest revision as of 03:25, 24 June 2026
❗This article is a stub. You can help by expanding it.
A moderator needs to check the page before this notice can be removed. Visit the noticeboard or the
#appeals channel in either Zulip or Discord to request removal.More info ▼
An article may be flagged as a stub when it is missing major elements needed to make it useful to a reader. You can help by adding missing sections, verifiable sources, relevant company policies and communications, etc. to make the article more complete.
Authy
| Basic Information | |
|---|---|
| Release Year | 2008 |
| Product Type | Security, Software |
| In Production | Yes |
| Official Website | https://www.authy.com/ |
Authy is a free mobile app that generates random six-digit tokens to enable two-factor authentication (2FA) for online services. Authy was acquired by Twilio in 2015.
Consumer impact summary
[edit | edit source]- Data export not allowed[1]
- Data breach exposed user information[2]
- Moved up the EOL for their desktop app; Microsoft Windows and Linux were left unsupported, whereas M-Series Mac users could download the IOS app.[3][4]
User freedom
[edit | edit source]Inability to export tokens
[edit | edit source]Authy does not allow the user to export their 2FA tokens to another service in order to "maintain security for our users".[1] This makes it harder for users to switch to another 2FA application, in return forces them to delete all their 2FA tokens and manually add set them up again in a new app.
User privacy
[edit | edit source]- User accounts are linked to phone numbers
- In 2022, threat actors reportedly gained access to 93 Authy accounts after a Twilio data breach[5]
- A data breach in 2024 in which a CSV file, reportedly containing 33 million phone numbers, was leaked.[2]
Incidents
[edit | edit source]Data breach (July 2024)
[edit | edit source]On July 1, 2024, it was disclosed by Twilio that unauthorized actors accessed customer data "due to an unauthenticated endpoint", but stressed "Authy accounts are not compromised".[6] It would be later discovered the hacker group ShinyHunters breached Authy servers and had access to 33 million phone numbers from Authy.[7]
Removing desktop app (August 2024)
[edit | edit source]
On March 19, 2024, Authy would no longer support their desktop app.[3] Previously, the EOL date had been August 19, 2024, however it was moved to March in order to:
"Streamline our focus and provide more value on existing product solutions for which we see increasing demand."
[8] It was noted by TheVerge that M1 and M2 Macs can download the iOS version of the app, though Windows and Linux computers are left unsupported.[4]
See also
[edit | edit source]References
[edit | edit source]- ↑ 1.0 1.1 "Export or Import Tokens in the Authy app Not Supported Objective". Twilio. Archived from the original on 2026-02-17. Retrieved 2026-03-06.
- ↑ 2.0 2.1 Arntz, Pieter (4 Jul 2024). "Authy phone numbers accessed by cybercriminals, warns Twilio". Malwarebytes. Archived from the original on 21 Jun 2026.
- ↑ 3.0 3.1 "User guide: End of Life (EOL) for Twilio Authy Desktop app Overview". Twilio. 2024-01-01. Archived from the original on 2026-02-08.
- ↑ 4.0 4.1 Roth, Emma (2024-01-08). "Authy is shutting down its desktop app". TheVerge. Archived from the original on 2026-03-09.
- ↑ Paganini, Pierluigi (29 Aug 2022). "Twilio breach let attackers access Authy two-factor accounts of 93 users". securityaffairs.com. Archived from the original on 22 Jun 2026.
- ↑ Authy (2024-07-01). "Security Alert: Update to the Authy Android (v25.1.0) and iOS App (v26.1.0)". Twilio. Archived from the original on 2026-03-03.
- ↑ Kovacs, Eduard (2024-07-04). "Twilio Confirms Data Breach After Hackers Leak 33M Authy User Phone Numbers". SecurityWeek. Archived from the original on 2026-02-13.
- ↑ Karthik, Ashwin (2024-01-08). "Authy authenticator apps for desktop are being discontinued in March 2024". ghacks.net. Archived from the original on 2025-07-24.