Loss of popular 2FA tool puts security-minded GrapheneOS in a paradox - eviltoast

Losing access to Authy leads to another reckoning with Google’s security model.

  • ililiililiililiilili@lemm.ee
    link
    fedilink
    English
    arrow-up
    39
    ·
    5 months ago

    This is a non-issue. Why not use Aegis and backup your own credentials? I wouldn’t trust Authy (or any 2FA app that includes cloud backup).

    • 𝕸𝖔𝖘𝖘@infosec.pub
      link
      fedilink
      English
      arrow-up
      12
      ·
      5 months ago

      Aegis all the way. Looked at authy and hardpassed after reading the permissions it requires. Your job is to calculate the OTP. You don’t need wifi access if you’re an offline OTP calculator.

        • 𝕸𝖔𝖘𝖘@infosec.pub
          link
          fedilink
          English
          arrow-up
          5
          ·
          edit-2
          5 months ago

          It can, but it doesn’t have to (or at least it didn’t used to). But if you ever choose to leave, you can’t export anything (or, at least you couldn’t). My statement is using old information, at least a year old, since that’s about when I hardpassed on them.

          Edit: correct autocorrect