Surely having 2FA in 1 password along with your username/password is asking for trouble if 1 password is compromised they with have login details and 2FA all sat waiting for them.??
True, so I separate password/2fa for high risk accounts (passwords on 1Password and 2fa using Okta or Microsoft authenticator) but for most lower risk accounts I keep it all on 1Password
Having the same code in multiple places maybe "cool" but it's a greater security risk, and I suspect why Twilio is doing it, given Windows is easily the most compromised platform. Backup codes and recovery via email etc. exist for platforms if you lose your phone, utilise those and have your 2FA TOTP code in one place imo. Admittedly I don't use Authy on the desktop but I think it's the right move to stop supporting it. disclaimer: I'm not affiliated with Authy or Twiliio just an IT security guy
You are effectively reducing your login to single factor as the password manager is storing both your password and the key to generate the one time passcode. Though, if you use true 2FA for your password manager, there's the argument that if your building is protected by 2FA then everything in your building is protected by 2FA. 🤔 If your chosen password manager is doing everything right, you're likely safe.
I use Keepass for which there is no vault as it is an offline program. That reduces the risk of data breech but increases your obligation to maintain the DB and keep it backuped in multiple places like USB drives, portable drives and other devices.
I am also an Authy user on mobile and desktop. When I saw "Authy Desktop" was going away I deleted "Authy Desktop" and then I installed "Authy" (Version 25.2.7 (20240206.1)) on my desktop and entered my Twilio Authy credentials and have all my TOTP 2FA codes! So - What is this "Authy" (not Authy Desktop") app that is running on my desktop? My desktop is a Mac with an M1 processor. This iOS version of the "Authy" app and it runs perfectly on my macOS desktop system. It looks exactly like the "Authy" that is running on my iPad. Thus, for me, in the Apple ecosystem, I will continue to have Authy on my desktop. By the way, I also use 1Password and have the same Authenticator codes running in 1Password (I'm a belt and suspenders type of computer user).
used to be banking required you to show up at the counter to get your cash--now ANYBODY can get your "Cash" from ANYWHERE . We've come a long way (from common sense) but young people who don't have any money anyway and who think paying 20% interest on their credit card debt is Cool are the ones running the show
I think using the same password manager for both your passwords and 2fa is a bad idea. I wonder if using a second password manager for only the 2fa codes is a possible solution.
So, Authy desktop is going now. Is the entire app going to be eventually scrapped or sold by Twillio or can we be pretty confident that the iOS and Android versions will remain and continue to be supported? II know Twillio is saying it is just the desktop app, but does anyone know the true story?
I feel like they're saying that as a cop-out, but I would not continue to use it under the assumption that it will continue to work. My understanding is that they have intentionally interfered with the operation of their Android apps on emulators in the past. So unless they explicitly claim support for that use case, I could see them blocking it in the future.
@@davidboeger6766 it states on Authy "Note: The iOS app will also be available to download on M1/M2 powered Apple Mac devices. so this suggests that it will be supported if its the iOS app?
Yubico security keys of series 5 comes with an authenticator downloaded from Yubico and with values inside the key. The Yubico authenticator can then be used on any platform you can use with a Yubi key and that has the Yubico authenticator app installed on it. For me that is a laptop, a desktop and a mobile phone, all of which have the Yubi authenticator installed. Yubico has supplied the feature because many sites only supply an authentication option but no security key option.
Does ANYONE know exactly what this sunset entails? I opened my desktop Authy today and nothing seems to have changed. Are they simply discontinuing updates to this app, or are they gonna do an Adobe and do something to make the app unusable? Are they gonna cease all syncing, only allowing manual use? Block all sign-in attempts from desktop? Other than pulling all their installers, WHAT ARE THEY DOING?
They haven't said, but my assumption is that it'll keep working, just no longer be updated. If something breaks it some day (like an OS update), that'll be the end.
With the Keepass password manager it's free. You can turn on TOTP in the tools option for an account entry, enter the secret key, accept the default values for number of digits and time interval or edit and voila, there's your authenticator as a string which can be copied.
@@iAnguel Microsoft just killed Windows Subsystem for Android. From the Microsoft Windows Subsystem for Android page “Important Microsoft is ending support for the Windows Subsystem for Android™ (WSA). As a result, the Amazon Appstore on Windows and all applications and games dependent on WSA will no longer be supported beginning March 5, 2025. Until then, technical support will remain available to customers. Customers that have installed the Amazon Appstore or Android apps prior to March 5, 2024, will continue to have access to those apps through the deprecation date of March 5, 2025. Please reach out to our support team for further questions support Microsoft. We are grateful for the support of our developer community and remain committed to listening to feedback as we evolve experiences.”
@@iAnguel - Microsoft just killed Windows Subsystem for Android. From the Microsoft Windows Subsystem for Android page: Important Microsoft is ending support for the Windows Subsystem for Android (WSA). As a result, the Amazon Appstore on Windows and all applications and games dependent on WSA will no longer be supported beginning March 5, 2025. Until then, technical support will remain available to customers. Customers that have installed the Amazon Appstore or Android apps prior to March 5, 2024, will continue to have access to those apps through the deprecation date of March 5, 2025. Please reach out to our support team for further questions Microsoft support. We are grateful for the support of our developer community and remain committed to listening to feedback as we evolve experiences.
@@iAnguel Microsoft just killed Windows Subsystem for Android. From the Microsoft Windows Subsystem for Android page: Important Microsoft is ending support for the Windows Subsystem for Android (WSA). As a result, the Amazon Appstore on Windows and all applications and games dependent on WSA will no longer be supported beginning March 5, 2025. Unti then, technical support will remain available to customers. Customers that have installed the Amazon Appstore or Android apps prior to March 5, 2024, will continue to have access to those apps through the deprecation date of March 5, 2025. Please reach out to our support team for further questions Microsoft support. We are grateful for the support of our developer community and remain committed to listening to feedback as we evolve experiences
A useful tool, broken.
And now this dumbass suggest we use a paid service...
Surely having 2FA in 1 password along with your username/password is asking for trouble if 1 password is compromised they with have login details and 2FA all sat waiting for them.??
True, so I separate password/2fa for high risk accounts (passwords on 1Password and 2fa using Okta or Microsoft authenticator) but for most lower risk accounts I keep it all on 1Password
Thanks Leo, the other program I use for years that does the same thing is Keeper Security. Keep up the good work
Excellent. Thanks for letting me know.
Having the same code in multiple places maybe "cool" but it's a greater security risk, and I suspect why Twilio is doing it, given Windows is easily the most compromised platform.
Backup codes and recovery via email etc. exist for platforms if you lose your phone, utilise those and have your 2FA TOTP code in one place imo.
Admittedly I don't use Authy on the desktop but I think it's the right move to stop supporting it.
disclaimer: I'm not affiliated with Authy or Twiliio just an IT security guy
Personally, I would feel uncomfortable storing both security factors in one program.
Hi Leo, thank you for another interesting and great material! Just one question: How safe is it to keep passwords and 2FA codes in the same place?
Good point!
You are effectively reducing your login to single factor as the password manager is storing both your password and the key to generate the one time passcode.
Though, if you use true 2FA for your password manager, there's the argument that if your building is protected by 2FA then everything in your building is protected by 2FA. 🤔
If your chosen password manager is doing everything right, you're likely safe.
I use Keepass for which there is no vault as it is an offline program. That reduces the risk of data breech but increases your obligation to maintain the DB and keep it backuped in multiple places like USB drives, portable drives and other devices.
I am also an Authy user on mobile and desktop. When I saw "Authy Desktop" was going away I deleted "Authy Desktop" and then I installed "Authy" (Version 25.2.7 (20240206.1)) on my desktop and entered my Twilio Authy credentials and have all my TOTP 2FA codes! So - What is this "Authy" (not Authy Desktop") app that is running on my desktop? My desktop is a Mac with an M1 processor. This iOS version of the "Authy" app and it runs perfectly on my macOS desktop system. It looks exactly like the "Authy" that is running on my iPad. Thus, for me, in the Apple ecosystem, I will continue to have Authy on my desktop. By the way, I also use 1Password and have the same Authenticator codes running in 1Password (I'm a belt and suspenders type of computer user).
Authy will continue to work on all Mac desktops with the M1 and M2 processors so there will be no action needed.
Get What ? @Midnightquestions353
used to be banking required you to show up at the counter to get your cash--now ANYBODY can get your "Cash" from ANYWHERE . We've come a long way (from common sense) but young people who don't have any money anyway and who think paying 20% interest on their credit card debt is Cool are the ones running the show
I wonder if you can just run the Android Authy on Windows and the iOS Authy on Mac.
ok... while the mac DESKTOP application is now EoL, the iPAD version will run on macs running macos 13 or later.
Excellent video. Are you also ok with Bitwarden ?
Yup. 👍
there a scripts to export all you authy token so you can import them to other tools...
I think using the same password manager for both your passwords and 2fa is a bad idea. I wonder if using a second password manager for only the 2fa codes is a possible solution.
So, Authy desktop is going now. Is the entire app going to be eventually scrapped or sold by Twillio or can we be pretty confident that the iOS and Android versions will remain and continue to be supported? II know Twillio is saying it is just the desktop app, but does anyone know the true story?
It will still work on Macs with the M1 or M2 chips after the deadline so these users will be ok and can carry on using Authy on their desktops.
I feel like they're saying that as a cop-out, but I would not continue to use it under the assumption that it will continue to work. My understanding is that they have intentionally interfered with the operation of their Android apps on emulators in the past. So unless they explicitly claim support for that use case, I could see them blocking it in the future.
@@davidboeger6766 it states on Authy "Note: The iOS app will also be available to download on M1/M2 powered Apple Mac devices.
so this suggests that it will be supported if its the iOS app?
So funny, I just move away from Authy last week exactly because of this reason. And very few 2FA platforms exist for Desktop and mobile simultaneous.
Yubico security keys of series 5 comes with an authenticator downloaded from Yubico and with values inside the key. The Yubico authenticator can then be used on any platform you can use with a Yubi key and that has the Yubico authenticator app installed on it. For me that is a laptop, a desktop and a mobile phone, all of which have the Yubi authenticator installed. Yubico has supplied the feature because many sites only supply an authentication option but no security key option.
Does ANYONE know exactly what this sunset entails? I opened my desktop Authy today and nothing seems to have changed. Are they simply discontinuing updates to this app, or are they gonna do an Adobe and do something to make the app unusable? Are they gonna cease all syncing, only allowing manual use? Block all sign-in attempts from desktop? Other than pulling all their installers, WHAT ARE THEY DOING?
They haven't said, but my assumption is that it'll keep working, just no longer be updated. If something breaks it some day (like an OS update), that'll be the end.
i am wondering too still working
Is this available on free or paid 1Password accounts? If paid, which tier?
With the Keepass password manager it's free. You can turn on TOTP in the tools option for an account entry, enter the secret key, accept the default values for number of digits and time interval or edit and voila, there's your authenticator as a string which can be copied.
Bitwarden paid does that too, but some websites stop accepting TOTP codes after initial flawless setup. @@coweatsman
It was a good tool.
I didn't know this was a thing. Sorry, I find out about it when it's going away. #SorryLeo
How bout running Authy through BlueStacks on Windows?
Not familiar with BlueStacks, but if that allows you run Andoid (or iPhone) apps, then that should work.
Actually there is also an official Android Subsystem for Windows, just found out that it will be also discontinued soon 😟
@@iAnguel Microsoft just killed Windows Subsystem for Android. From the Microsoft Windows Subsystem for Android page
“Important
Microsoft is ending support for the Windows Subsystem for Android™ (WSA). As a result, the Amazon Appstore on Windows and all applications and games dependent on WSA will no longer be supported beginning March 5, 2025. Until then, technical support will remain available to customers.
Customers that have installed the Amazon Appstore or Android apps prior to March 5, 2024, will continue to have access to those apps through the deprecation date of March 5, 2025. Please reach out to our support team for further questions support Microsoft. We are grateful for the support of our developer community and remain committed to listening to feedback as we evolve experiences.”
@@iAnguel - Microsoft just killed Windows Subsystem for Android. From the Microsoft Windows Subsystem for Android page:
Important
Microsoft is ending support for the Windows Subsystem for Android (WSA). As a result, the Amazon Appstore on Windows and all applications and games dependent on WSA will no longer be supported beginning March 5, 2025. Until then, technical support will remain available to customers.
Customers that have installed the Amazon Appstore or Android apps prior to March 5, 2024, will continue to have access to those apps through the deprecation date of March 5, 2025. Please reach out to our support team for further questions Microsoft support. We are grateful for the support of our developer community and remain committed to listening to feedback as we evolve experiences.
@@iAnguel Microsoft just killed Windows Subsystem for Android. From the Microsoft Windows Subsystem for Android page:
Important
Microsoft is ending support for the Windows Subsystem for Android (WSA). As a result, the Amazon Appstore on Windows and all applications and games dependent on WSA will no longer be supported beginning March 5, 2025. Unti then, technical support will remain available to customers.
Customers that have installed the Amazon Appstore or Android apps prior to March 5, 2024, will continue to have access to those apps through the deprecation date of March 5, 2025. Please reach out to our support team for further questions Microsoft support. We are grateful for the support of our developer community and remain committed to listening to feedback as we evolve experiences