Authy got hacked, and 33 million user phone numbers were stolen - eviltoast
  • Todd Bonzalez@lemm.ee
    link
    fedilink
    English
    arrow-up
    10
    arrow-down
    1
    ·
    6 months ago

    People keep acting like Authy is betraying them by not having an export feature, but why exactly are you leaving Authy to begin with? Because they are a security risk?

    You’re gonna leave Authy a copy of your seeds? That defeats the purpose.

    Re-key your MFA codes on the way out. Security isn’t necessarily convenient.

      • Todd Bonzalez@lemm.ee
        link
        fedilink
        English
        arrow-up
        2
        arrow-down
        1
        ·
        6 months ago

        I can’t even begin to stress what a terrible idea that is. You absolutely don’t want to make bulk-rekeying possible unless you like getting all of your accounts compromised at once.

        • can@sh.itjust.works
          link
          fedilink
          English
          arrow-up
          1
          ·
          6 months ago

          If there’s a benefit to such a tool would bad actors have already developed one?

    • maryjayjay@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      6 months ago

      They got rid of the desktop app.

      Also, with shouldn’t have your seeds. They’re encrypted before they are transmitted to their servers and only decrypted on the device.