Twilio's Authy 2FA app has been breached.

[RickDeckard]

I have never used such apps because I simply never considered them safe, just as I do not consider my smartphone to be a safe device, regardless of all the security measures. At some point, all these programs and apps, instead of preventing risks, turn into risks.

I totally understand your feeling. I wonder, however, how do you manage your passwords and TOTP secrets (if you have them), could you share what is your methodology? There are also offline programs that you can use (such as KeePassXC[1]) that eliminate the risk that exists in having your vault sent to the cloud...
[1]https://keepassxc.org/

[Lucius]

I have never used such apps because I simply never considered them safe, just as I do not consider my smartphone to be a safe device, regardless of all the security measures. At some point, all these programs and apps, instead of preventing risks, turn into risks.

I totally understand your feeling. I wonder, however, how do you manage your passwords and TOTP secrets (if you have them), could you share what is your methodology? There are also offline programs that you can use (such as KeePassXC[1]) that eliminate the risk that exists in having your vault sent to the cloud...
[1]https://keepassxc.org/

I stick to the old proven methods of pen and paper, along with some of my own ideas on how to protect such data even if someone were to get hold of it. In the decades I've been using computers and the internet, I've never had a case of someone hacking me - that's why I'll always trust myself more than any program or application that might do its job, but I still think I'm safer without such help.

[Z-tight]

I stick to the old proven methods of pen and paper, along with some of my own ideas on how to protect such data even if someone were to get hold of it.

I do the same thing as you, just as i back up my seed phrases on paper, i also manage my passwords or any sensitive data on paper. However, for some reasons i know some people may not like the idea of writing their passwords on paper, so i also recommend open source password managers to them, i.e. KeePass, but for now i am yet to see a need to use them, since paper and pen works fine for me.

[Orange89]

my favourite one is Google authentication you lose your phone and everything gone I don't knew it was hacked  thank you for letting me knew I used couple of authenation there , what I love about authy is that it provide linking it with Google but these news of sensitive information leaked I still can't believe it, but do I need to change the key and password I am wondering what can I do more ??

[tabas]

my favourite one is Google authentication you lose your phone and everything gone I don't knew it was hacked  thank you for letting me knew I used couple of authenation there , what I love about authy is that it provide linking it with Google but these news of sensitive information leaked I still can't believe it

You should read the reviews of other members from this thread about Google Authenticator. While it's a good feature of Authy and probably other 2FA apps that it can link to Google Authenticator, we have to be careful at most times as these breaches aren't simple things to ignore.

but do I need to change the key and password I am wondering what can I do more ??

Based on this update: https://www.twilio.com/en-us/changelog/Security_Alert_Authy_App_Android_iOS
You have to update to the latest software updates, iOs and android.

[dkbit98]

I've used both and I would recommend both (be aware that Aegis is just a TOTP generator, it can't hold any passwords).

If you want to save passwords and TOTP than you have the option of using KeePass password manager and some of it's forks like KeePassXC and KeePassDX for mobile devices.
I think that Aegis is still better option if you want to use it only for TOTP, but both of them are good open source options.
Everything is stored and encrypted locally and there is no use of cloud services aka computer of someone else.

[libert19]

This is why I prefer no login/sign-ups unless absolutely necessary and prefer encrypted backups (although, I keep these backups on cloud); this way even if cloud service were to get breached (always expect worse, no matter how secure they call themselves) and hacker were to get access to my file, nothing would happen since they would require password to access the content and it's password that only I know.

If they can guess the password, they deserve all the monies

p.s: I use Aegis myself, and make encrypted backups.