Authy
❗This article is a stub. You can help by expanding it.
#appeals channel in either Zulip or Discord to request removal.An article may be flagged as a stub when it is missing major elements needed to make it useful to a reader. You can help by adding missing sections, verifiable sources, relevant company policies and communications, etc. to make the article more complete.
| Basic Information | |
|---|---|
| Release Year | 2008 |
| Product Type | Security, Software |
| In Production | Yes |
| Official Website | https://www.authy.com/ |
Authy is a free mobile app that generates random six-digit tokens to enable two-factor authentication (2FA) for online services. Authy was acquired by Twilio in 2015.
Consumer impact summary
[edit | edit source]- Data export not allowed[1]
- Data breach exposed user information[2]
- Moved up the EOL for their desktop app; Microsoft Windows and Linux were left unsupported, whereas M-Series Mac users could download the IOS app.[3][4]
User freedom
[edit | edit source]Inability to export tokens
[edit | edit source]Authy does not allow the user to export their 2FA tokens to another service in order to "maintain security for our users".[1] This makes it harder for users to switch to another 2FA application, in return forces them to delete all their 2FA tokens and manually add set them up again in a new app.
User privacy
[edit | edit source]- User accounts are linked to phone numbers
- In 2022, threat actors reportedly gained access to 93 Authy accounts after a Twilio data breach[5]
- A data breach in 2024 in which a CSV file, reportedly containing 33 million phone numbers, was leaked.[2]
Incidents
[edit | edit source]Data breach (July 2024)
[edit | edit source]On July 1, 2024, it was disclosed by Twilio that unauthorized actors accessed customer data "due to an unauthenticated endpoint", but stressed "Authy accounts are not compromised".[6] It would be later discovered the hacker group ShinyHunters breached Authy servers and had access to 33 million phone numbers from Authy.[7]
Removing desktop app (August 2024)
[edit | edit source]
On March 19, 2024, Authy would no longer support their desktop app.[3] Previously, the EOL date had been August 19, 2024, however it was moved to March in order to:
"Streamline our focus and provide more value on existing product solutions for which we see increasing demand."
[8] It was noted by TheVerge that M1 and M2 Macs can download the iOS version of the app, though Windows and Linux computers are left unsupported.[4]
See also
[edit | edit source]References
[edit | edit source]- ↑ 1.0 1.1 "Export or Import Tokens in the Authy app Not Supported Objective". Twilio. Archived from the original on 2026-02-17. Retrieved 2026-03-06.
- ↑ 2.0 2.1 Arntz, Pieter (4 Jul 2024). "Authy phone numbers accessed by cybercriminals, warns Twilio". Malwarebytes. Archived from the original on 21 Jun 2026.
- ↑ 3.0 3.1 "User guide: End of Life (EOL) for Twilio Authy Desktop app Overview". Twilio. 2024-01-01. Archived from the original on 2026-02-08.
- ↑ 4.0 4.1 Roth, Emma (2024-01-08). "Authy is shutting down its desktop app". TheVerge. Archived from the original on 2026-03-09.
- ↑ Paganini, Pierluigi (29 Aug 2022). "Twilio breach let attackers access Authy two-factor accounts of 93 users". securityaffairs.com. Archived from the original on 22 Jun 2026.
- ↑ Authy (2024-07-01). "Security Alert: Update to the Authy Android (v25.1.0) and iOS App (v26.1.0)". Twilio. Archived from the original on 2026-03-03.
- ↑ Kovacs, Eduard (2024-07-04). "Twilio Confirms Data Breach After Hackers Leak 33M Authy User Phone Numbers". SecurityWeek. Archived from the original on 2026-02-13.
- ↑ Karthik, Ashwin (2024-01-08). "Authy authenticator apps for desktop are being discontinued in March 2024". ghacks.net. Archived from the original on 2025-07-24.