Loss of popular 2FA tool puts security-minded GrapheneOS in a paradox - eviltoast

Losing access to Authy leads to another reckoning with Google’s security model.

  • 𝕸𝖔𝖘𝖘@infosec.pub
    link
    fedilink
    English
    arrow-up
    12
    ·
    5 months ago

    Aegis all the way. Looked at authy and hardpassed after reading the permissions it requires. Your job is to calculate the OTP. You don’t need wifi access if you’re an offline OTP calculator.

      • 𝕸𝖔𝖘𝖘@infosec.pub
        link
        fedilink
        English
        arrow-up
        5
        ·
        edit-2
        5 months ago

        It can, but it doesn’t have to (or at least it didn’t used to). But if you ever choose to leave, you can’t export anything (or, at least you couldn’t). My statement is using old information, at least a year old, since that’s about when I hardpassed on them.

        Edit: correct autocorrect