Authy: Difference between revisions

Line 14:

==Consumer impact summary==

~~{{Ph~~-C-~~CIS}}~~

*Data export not allowed<ref name="data-export"></ref>

*Data breach exposed user information<ref name="data-breach"></ref>

*Moved up the EOL for their desktop app; [[Microsoft Windows]] and Linux were left unsupported whereas M-Series Mac users could download the [[IOS]] app.

===User freedom===

====Inability to export tokens====

Authy does not allow the user to export their 2FA tokens to another service in order to "maintain security for our users".<ref>{{Cite web |title=Export or Import Tokens in the Authy app Not Supported Objective |url=https://help.twilio.com/articles/19753420684059 |url-status=live |archive-url=https://web.archive.org/web/20260217105416/https://help.twilio.com/articles/19753420684059 |archive-date=2026-02-17 |access-date=2026-03-06 |website=Twilio}}</ref> This makes it harder for users to switch to another 2FA application, in return forces them to delete all their 2FA tokens and manually add set them up again in a new app.

Authy does not allow the user to export their 2FA tokens to another service in order to "maintain security for our users".<ref name="data-export">{{Cite web |title=Export or Import Tokens in the Authy app Not Supported Objective |url=https://help.twilio.com/articles/19753420684059 |url-status=live |archive-url=https://web.archive.org/web/20260217105416/https://help.twilio.com/articles/19753420684059 |archive-date=2026-02-17 |access-date=2026-03-06 |website=Twilio}}</ref> This makes it harder for users to switch to another 2FA application, in return forces them to delete all their 2FA tokens and manually add set them up again in a new app.

===User privacy===

The user account is linked to a mobile phone number. Additionally, there was a data breach in 2024 in which a CSV file, reportedly containing 33 million phone numbers, was leaked.<ref>{{Cite web |first=Pieter |last=Arntz |date=4 Jul 2024 |title=Authy phone numbers accessed by cybercriminals, warns Twilio |url=https://www.malwarebytes.com/blog/news/2024/07/authy-phone-numbers-accessed-by-cybercriminals-warns-twilio |url-status=live |website=Malwarebytes |archive-url=https://web.archive.org/web/20260621130725/https://www.malwarebytes.com/blog/news/2024/07/authy-phone-numbers-accessed-by-cybercriminals-warns-twilio |archive-date=21 Jun 2026}}</ref>

The user account is linked to a mobile phone number. Additionally, there was a data breach in 2024 in which a CSV file, reportedly containing 33 million phone numbers, was leaked.<ref name="data-breach">{{Cite web |first=Pieter |last=Arntz |date=4 Jul 2024 |title=Authy phone numbers accessed by cybercriminals, warns Twilio |url=https://www.malwarebytes.com/blog/news/2024/07/authy-phone-numbers-accessed-by-cybercriminals-warns-twilio |url-status=live |website=Malwarebytes |archive-url=https://web.archive.org/web/20260621130725/https://www.malwarebytes.com/blog/news/2024/07/authy-phone-numbers-accessed-by-cybercriminals-warns-twilio |archive-date=21 Jun 2026}}</ref>

==Incidents==

@@ Line 14: / Line 14: @@
 ==Consumer impact summary==
-{{Ph-C-CIS}}
+*Data export not allowed<ref name="data-export"></ref>
+*Data breach exposed user information<ref name="data-breach"></ref>
+*Moved up the EOL for their desktop app; [[Microsoft Windows]] and Linux were left unsupported whereas M-Series Mac users could download the [[IOS]] app.
 ===User freedom===
 ====Inability to export tokens====
-Authy does not allow the user to export their 2FA tokens to another service in order to "maintain security for our users".<ref>{{Cite web |title=Export or Import Tokens in the Authy app Not Supported Objective |url=https://help.twilio.com/articles/19753420684059 |url-status=live |archive-url=https://web.archive.org/web/20260217105416/https://help.twilio.com/articles/19753420684059 |archive-date=2026-02-17 |access-date=2026-03-06 |website=Twilio}}</ref> This makes it harder for users to switch to another 2FA application, in return forces them to delete all their 2FA tokens and manually add set them up again in a new app.
+Authy does not allow the user to export their 2FA tokens to another service in order to "maintain security for our users".<ref name="data-export">{{Cite web |title=Export or Import Tokens in the Authy app Not Supported Objective |url=https://help.twilio.com/articles/19753420684059 |url-status=live |archive-url=https://web.archive.org/web/20260217105416/https://help.twilio.com/articles/19753420684059 |archive-date=2026-02-17 |access-date=2026-03-06 |website=Twilio}}</ref> This makes it harder for users to switch to another 2FA application, in return forces them to delete all their 2FA tokens and manually add set them up again in a new app.
 ===User privacy===
-The user account is linked to a mobile phone number. Additionally, there was a data breach in 2024 in which a CSV file, reportedly containing 33 million phone numbers, was leaked.<ref>{{Cite web |first=Pieter |last=Arntz |date=4 Jul 2024  |title=Authy phone numbers accessed by cybercriminals, warns Twilio |url=https://www.malwarebytes.com/blog/news/2024/07/authy-phone-numbers-accessed-by-cybercriminals-warns-twilio |url-status=live |website=Malwarebytes |archive-url=https://web.archive.org/web/20260621130725/https://www.malwarebytes.com/blog/news/2024/07/authy-phone-numbers-accessed-by-cybercriminals-warns-twilio |archive-date=21 Jun 2026}}</ref>
+The user account is linked to a mobile phone number. Additionally, there was a data breach in 2024 in which a CSV file, reportedly containing 33 million phone numbers, was leaked.<ref name="data-breach">{{Cite web |first=Pieter |last=Arntz |date=4 Jul 2024  |title=Authy phone numbers accessed by cybercriminals, warns Twilio |url=https://www.malwarebytes.com/blog/news/2024/07/authy-phone-numbers-accessed-by-cybercriminals-warns-twilio |url-status=live |website=Malwarebytes |archive-url=https://web.archive.org/web/20260621130725/https://www.malwarebytes.com/blog/news/2024/07/authy-phone-numbers-accessed-by-cybercriminals-warns-twilio |archive-date=21 Jun 2026}}</ref>
 ==Incidents==