So if Authy is cucked (which it clearly is), are we just supposed to succumb to Google Authenticator ?
Discussion
Yubico has one that you need hardware keys to unlock
That’s a great topic. Where is the better option?
2FAS is cross platform and has been recommended.
This website keeps a pretty up do date list of which tools to use and what you should stop using when they changed their tos. This is the page on password managers and 2fa.
thanks, will check it out
Many will seethe, but I’ve been using 1Password for about 12 years. It’s rock solid.
What's the news with authy?
vulnerability exploited exposing user phone numbers
Oh I think I saw that. Why does it matter? If you are using Authy for 2FA they can't sim swap you.
The cloud backup bothers me way more than a phone number leak. If I accidentally tap the wrong button my shit is instantly uploaded. No way to know you haven't been pwned by the NSA.
i think they do the phone number thing to enable syncing between devices, so have server side processes. and are not particularly good at securing those data.
As a security specific offering having there own security being flawed is never a great look i guess
I assume all authenticators are compromised but offer some added security.
Of all the Google apps, I think Authenticator is probably one of the least intrusive
The big risk of Google authenticator seems to be if people have their gmail compromised and Google authenticator is synced with their Google account then the 2FA is useless due to a single point fo failure.
This is pretty good: https://github.com/rsc/2fa
OH WOW THE LAST COMMIT WAS FOUR YEARS AGO ITS UNMAINTAINED IT PROBABLY DOESNT WORK ILL NEVER TOUCH IT