|
Jating (OP)
|
Twillio, a cloud communication provider recently raises a security bulletin about a unidentified entities was able to take advantage of an unauthenticated endpoint in Authy (a free mobile app for two-factor authentication), to filter out identities of data associated with Authy accounts which include cell phone numbers.  https://www.twilio.com/en-us/changelog/Security_Alert_Authy_App_Android_iOSThis is so important for crypto traders as we could have been using Authy as 2FA for our online accounts. So for members who are using Authy, better to update your apps to the latest version as per advisory. |
|
|
|
Oshosondy
Legendary
 Offline
Activity: 1638
Merit: 1202
Gamble responsibly
|
 |
July 04, 2024, 04:46:04 PM |
|
I saw on news like a day or two days ago about how Authy users data (maybe email or phone number) were leaked. I am not an Authy user and I can not use it at all. We have warned people several times not to use the authenticators that will collect some personal information from you. There are better 2FA apps like Authy and Tofu.
Maybe it is online data breach which has been used to have access to Authy users account that we are going to see next on the news. Stop using Authy.
|
|
|
|
BitMaxz
Legendary
Offline
Activity: 3444
Merit: 3172
Playbet.io - Crypto Casino and Sportsbook
|
|
July 04, 2024, 05:09:00 PM |
|
I stopped other 3rd party authenticator apps I kept using Google Authenticator which doesn't ask for a phone number or email you can use it without them just make sure you separately save your backup codes to a safe place so that you can use them in other app or use it for recovery purposes. Authy is not the best authenticator since before their data always got breached and it isn't safe anymore to use in any exchange accounts. Look at the old news about this below - https://www.engadget.com/twilio-authy-data-breach-202314313.html |
|
|
|
NotATether
Legendary
Offline
Activity: 1792
Merit: 7376
Top Crypto Casino
|
|
July 04, 2024, 05:12:00 PM |
|
You should not have to sign up for an authenticator app or create an account in order to be able to use it. What kind of logic is that anyway? Even Google Authenticator and Microsoft Authenticator don't make me sign into my account before I use them.
|
|
|
|
|
DYING_S0UL
|
|
July 04, 2024, 05:16:39 PM |
|
I used Twillio, aka Authy, in the past and had bitter experience using it. For some reasons, I had to factory reset my device and lost Authy login data in the process. After recovering, I was asked for the master password. Basically, all my keys were encrypted in cloud storage, but I couldn't remember what the password was. Without it, the keys cannot be decrypted. Even though I had the original email and number associated with the account, I couldn't reset my password. It's a one way system kind of thing. If you forget it, you can't reset it (I don't remember much, but it was something like that). And in the end, I lost every 2FA keys and had to leave Authy. Luckily, I had manually backed up my keys. Currently using Google Authenticator. Don't know how safe it is. But at least there is no chance of losing the 2FA keys unless my Gmail is lost/hacked/compromised. Guys any recommendations?  |
| | cryptomus. | | ▀ ▀
▀ | .
▀ | | | lllllllllllllllllll CRYPTO
PAYMENT GATEWAY | | | │ | ▄█▀▀██▄░░░▄█████▄░░░▄▀████▄
██░▀▄██░░░██▄░▄██░░░██▄▀▀▀█
██░▀▄██░░░███▄███░░░███░░▄█
░▀▀▀▀▀░░░░░▀▀▀▀▀░░░░░▀▀▀▀▀░
░▄▄▄▄▄░░░░░▄▄▄▄▄░░░░░▄▄▄▄▄░
███▀▄██░░░██▀░▀██░░░██▀▀▀▀█
██▀▄███░░░██░░░██░░░█▄███░█
▀█▄▄▄█▀░░░▀██▄██▀░░░▀█▄▄▄█▀
▄█████▄░░░▄█▀▀██▄░░░▄█████▄
█▀░█░▀█░░░█░▀░▀▀█░░░██▄░▄██
█▄█▄█▄█░░░███░▀▄█░░░███▄███
░▀▀▀▀▀░░░░░▀▀▀▀▀░░░░░▀▀▀▀▀░ | │ | ACCEPT
CRYPTO
PAYMENTS | | | | ██████
██
██
██
██
██████ |
GET STARTED | ██████
██
██
██
██
██████ |
|
|
|
|
Ever-young
|
|
July 04, 2024, 05:38:21 PM |
|
Currently using Google Authenticator. Don't know how safe it is. But at least there is no chance of losing the 2FA keys unless my Gmail is lost/hacked/compromised. Guys any recommendations? Google authenticator is a close source authenticator app which is not advisable for you to use in the first place. So I will advice you to check out the list of open source recommended authenticator app and use. Best 2FA applications to use. Open source, free, secure. Better than Google's |
|
|
|
|
DYING_S0UL
|
|
July 04, 2024, 05:49:40 PM |
|
Currently using Google Authenticator. Don't know how safe it is. But at least there is no chance of losing the 2FA keys unless my Gmail is lost/hacked/compromised. Guys any recommendations? Google authenticator is a close source authenticator app which is not advisable for you to use in the first place. So I will advice you to check out the list of open source recommended authenticator app and use. Best 2FA applications to use. Open source, free, secure. Better than Google's I know of a good open source authenticator app ( https://github.com/beemdevelopment/Aegis), but I'm not sure if it supports online backups. The last time I checked, I can't remember much, but it didn't have any online backup system. And since Google Authenticator has an online backup system, I am using it even if it's closed source. It's very convenient for me to login and access my keys and codes. I just have to login to my Gmail. For example, if I loss my device is there any way to recover my keys again? Because AFAIK for the apps you suggested everything is stored locally. Aegis was included in your link!!! Opps, I didn't clicked your link and started writing my reply.  |
| | cryptomus. | | ▀ ▀
▀ | .
▀ | | | lllllllllllllllllll CRYPTO
PAYMENT GATEWAY | | | │ | ▄█▀▀██▄░░░▄█████▄░░░▄▀████▄
██░▀▄██░░░██▄░▄██░░░██▄▀▀▀█
██░▀▄██░░░███▄███░░░███░░▄█
░▀▀▀▀▀░░░░░▀▀▀▀▀░░░░░▀▀▀▀▀░
░▄▄▄▄▄░░░░░▄▄▄▄▄░░░░░▄▄▄▄▄░
███▀▄██░░░██▀░▀██░░░██▀▀▀▀█
██▀▄███░░░██░░░██░░░█▄███░█
▀█▄▄▄█▀░░░▀██▄██▀░░░▀█▄▄▄█▀
▄█████▄░░░▄█▀▀██▄░░░▄█████▄
█▀░█░▀█░░░█░▀░▀▀█░░░██▄░▄██
█▄█▄█▄█░░░███░▀▄█░░░███▄███
░▀▀▀▀▀░░░░░▀▀▀▀▀░░░░░▀▀▀▀▀░ | │ | ACCEPT
CRYPTO
PAYMENTS | | | | ██████
██
██
██
██
██████ |
GET STARTED | ██████
██
██
██
██
██████ |
|
|
|
Oshosondy
Legendary
Offline
Activity: 1638
Merit: 1202
Gamble responsibly
|
|
July 04, 2024, 05:59:26 PM |
|
I stopped other 3rd party authenticator apps I kept using Google Authenticator which doesn't ask for a phone number or email you can use it without them just make sure you separately save your backup codes to a safe place so that you can use them in other app or use it for recovery purposes.
I thought Google authenticator is encouraging online backup. That has been the reason I do not like it. Authy is not the best authenticator since before their data always got breached and it isn't safe anymore to use in any exchange accounts.
I will prefer not to use any authenticator that encourages online backup like Authy like I have said before. The authenticator is as bad as Google authenticator which is also encouraging users data backup. |
|
|
|
|
Ever-young
|
|
July 04, 2024, 05:59:30 PM |
|
Currently using Google Authenticator. Don't know how safe it is. But at least there is no chance of losing the 2FA keys unless my Gmail is lost/hacked/compromised. Guys any recommendations? Google authenticator is a close source authenticator app which is not advisable for you to use in the first place. So I will advice you to check out the list of open source recommended authenticator app and use. Best 2FA applications to use. Open source, free, secure. Better than Google's I know of a good open source authenticator app ( https://github.com/beemdevelopment/Aegis), but I'm not sure if it supports online backups. The last time I checked, I can't remember much, but it didn't have any online backup system. And since Google Authenticator has an online backup system, I am using it even if it's closed source. It's very convenient for me to login and access my keys and codes. I just have to login to my Gmail. When you want to link your authenticator to any app, exchange, or anywhere at all, there is a code that is being generated. Either you manually type it in to the authenticator or you use the scanner to scan it and then input the generated code to make the linking successful. You can manually write down that code each time for each app and make sure you have it backed up in a safe place so that if you lose access to the app, you can use that signature to restore it. Backing your Google authenticator app to your cloud is a very risky thing for you to do. Once the email linked to that cloud is hacked, the authenticator's data is also compromised, as anyone who has access to the email can access your authenticator too. Offline backup for anything remains the best for everything as it can’t be hacked by anyone since it’s not not uploaded online. |
|
|
|
BitMaxz
Legendary
Offline
Activity: 3444
Merit: 3172
Playbet.io - Crypto Casino and Sportsbook
|
|
July 04, 2024, 06:11:10 PM |
|
I thought Google authenticator is encouraging online backup. That has been the reason I do not like it.
I don't think there's an online backup it does have an export option but you can only export them if you are going to move the authenticator to a new device because it would generate a QR code that you need to scan to another device. I never tried exporting my authenticator with email I saw this as another option but you can just ignore it and use the QR code option instead if you want to export and move it to a new device. However, saving the secret code to an offline device is still the best way to backup your authenticator for future recovery and ignore all export option from the app. |
|
|
|
|
Nwada001
|
|
July 04, 2024, 06:16:27 PM
Last edit: July 04, 2024, 06:31:18 PM by Nwada001 |
|
I thought Google authenticator is encouraging online backup. That has been the reason I do not like it.
I don't think there's an online backup it does have an export option but you can only export them if you are going to move the authenticator to a new device because it would generate a QR code that you need to scan to another device. I never tried exporting my authenticator with email I saw this as another option but you can just ignore it and use the QR code option instead if you want to export and move it to a new device. Actually, there is an online backup where you will be required to permit the authenticator app to synchronise with any Gmail account linked to your device. Most times, it uses your primary email by default to conduct the backup. This has been effective on Google Authenticator since last year. If I can remember correctly, let me search to see if I can find the link to the update. Edit: Google Authenticator now supports Google Account synchronization the update was done on the 24th of April last year according to that article. |
|
█▄ | R |
▀▀▀▀▀▀▀██████▄▄
████████████████
▀▀▀▀█████▀▀▀█████
████████▌███▐████
▄▄▄▄█████▄▄▄█████
████████████████
▄▄▄▄▄▄▄██████▀▀ | LLBIT | ▀█ |
THE #1 SOLANA CASINO | ████████████▄
▀▀██████▀▀███
██▄▄▀▀▄▄█████
█████████████
█████████████
███▀█████████
▀▄▄██████████
█████████████
█████████████
█████████████
█████████████
█████████████
████████████▀ | ████████████▄
▀▀▀▀▀▀▀██████
█████████████
▄████████████
██▄██████████
████▄████████
█████████████
█░▀▀█████████
▀▀███████████
█████▄███████
████▀▄▀██████
▄▄▄▄▄▄▄██████
████████████▀ | ........5,000+........
GAMES
......INSTANT......
WITHDRAWALS | ..........HUGE..........
REWARDS
............VIP............
PROGRAM | .
PLAY NOW |
[/quote] [center][table][tr][td][/td][td][size=20pt][nbsp]
[size=6pt][color=#65e]█▄[/td]
[td][font=arial black][size=24pt]R[/size][/font][/td]
[td][size=2pt]
[color=#fec]▀[color=#fda]▀[color=#fc9]▀[color=#eb7]▀[color=#eb5]▀[col |
|
|
Oshosondy
Legendary
Offline
Activity: 1638
Merit: 1202
Gamble responsibly
|
|
July 04, 2024, 07:50:27 PM |
|
I don't think there's an online backup it does have an export option but you can only export them if you are going to move the authenticator to a new device because it would generate a QR code that you need to scan to another device.
It has an online backup. Some people said it was optional but I updated the authenticator last year or 2 years ago and I saw that it has been backed up online. I did not know how it happened until it was too late. I never tried exporting my authenticator with email I saw this as another option but you can just ignore it and use the QR code option instead if you want to export and move it to a new device.
I do not believe in QR code backups. I backup the secret code generated on the site (like exchanges) which should be backed up. I prefer it that way. |
|
|
|
|
OcTradism
|
Synchronization can be start of nightmare. 2-factor authentication application must be an independent one and don't need to be synchronized with your Google account. If Google account is hacked, you will lose many information there includes 2FA backup. Use Aegis, an open source 2FA. Google Authy is closed source. https://getaegis.app/ |
| | .
.Duelbits. | │ | ..........UNLEASH..........
THE ULTIMATE
GAMING EXPERIENCE | │ | DUELBITS
FANTASY
SPORTS | ████▄▄▄█████▄▄▄
░▄████████████████▄
▐██████████████████▄
████████████████████
████████████████████▌
█████████████████████
████████████████▀▀▀
███████████████▌
███████████████▌
████████████████
████████████████
████████████████
████▀▀███████▀▀ | .
▬▬
VS
▬▬ | ████▄▄▄█████▄▄▄
░▄████████████████▄
▐██████████████████▄
████████████████████
████████████████████▌
█████████████████████
███████████████████
███████████████▌
███████████████▌
████████████████
████████████████
████████████████
████▀▀███████▀▀ | /// PLAY FOR FREE ///
WIN FOR REAL | │ | ..PLAY NOW.. | |
|
|
|
NotATether
Legendary
Offline
Activity: 1792
Merit: 7376
Top Crypto Casino
|
|
July 05, 2024, 11:18:41 AM |
|
Synchronization can be start of nightmare. 2-factor authentication application must be an independent one and don't need to be synchronized with your Google account. If Google account is hacked, you will lose many information there includes 2FA backup. Use Aegis, an open source 2FA. Google Authy is closed source. https://getaegis.app/You can also turn off the 2FA synchronization in Google Authenticator if exporting your accounts is too much of a PITA. |
|
|
|
_act_
Legendary
Offline
Activity: 1078
Merit: 1310
Lightning network is good with small amount of BTC
|
|
July 05, 2024, 11:43:39 AM |
|
You can also turn off the 2FA synchronization in Google Authenticator if exporting your accounts is too much of a PITA.
I did not understand what you meant here. You mean it is possible to turn off the synchronization on Google authenticator if you do not want to export the authenticator codes that you setup already? You do not need the online synchronization before you can export your Google authenticator account. As for recommendation, any 2fa application that backups online should not be used. |
|
|
|
|
DYING_S0UL
|
|
July 05, 2024, 05:26:50 PM |
|
Use Aegis, an open source 2FA. Google Authy is closed source.
Just for the clarification, does Aegis supports online backing up of the 2FA keys? Local backups are kinda pain for me! I like to test different OS/Custom Roms, it requires full format of device data. Factory reset, reinstall, backup, import, export all are a hassle when you frequently doing these kind of stuff. That was the only reason why I use Google Authenticator. Even a week ago I changed my android OS to a different build from a different developer. |
| | cryptomus. | | ▀ ▀
▀ | .
▀ | | | lllllllllllllllllll CRYPTO
PAYMENT GATEWAY | | | │ | ▄█▀▀██▄░░░▄█████▄░░░▄▀████▄
██░▀▄██░░░██▄░▄██░░░██▄▀▀▀█
██░▀▄██░░░███▄███░░░███░░▄█
░▀▀▀▀▀░░░░░▀▀▀▀▀░░░░░▀▀▀▀▀░
░▄▄▄▄▄░░░░░▄▄▄▄▄░░░░░▄▄▄▄▄░
███▀▄██░░░██▀░▀██░░░██▀▀▀▀█
██▀▄███░░░██░░░██░░░█▄███░█
▀█▄▄▄█▀░░░▀██▄██▀░░░▀█▄▄▄█▀
▄█████▄░░░▄█▀▀██▄░░░▄█████▄
█▀░█░▀█░░░█░▀░▀▀█░░░██▄░▄██
█▄█▄█▄█░░░███░▀▄█░░░███▄███
░▀▀▀▀▀░░░░░▀▀▀▀▀░░░░░▀▀▀▀▀░ | │ | ACCEPT
CRYPTO
PAYMENTS | | | | ██████
██
██
██
██
██████ |
GET STARTED | ██████
██
██
██
██
██████ |
|
|
|
RickDeckard
Legendary
Offline
Activity: 1148
Merit: 3119
|
|
July 05, 2024, 06:01:43 PM |
|
Use Aegis, an open source 2FA. Google Authy is closed source.
Just for the clarification, does Aegis supports online backing up of the 2FA keys? snipYou can backup to Google Drive for example[1]. If you want to manually make a backup of your file, then it will be saved on a folder in the local device. However, if you choose to "Export" your encrypted vault the program allows you to save your file in a cloud provider, provided that you have it installed.
[1] https://github.com/beemdevelopment/Aegis/issues/258 |
|
|
|
Oshosondy
Legendary
Offline
Activity: 1638
Merit: 1202
Gamble responsibly
|
|
July 07, 2024, 08:11:10 AM |
|
You can backup to Google Drive for example[1]. If you want to manually make a backup of your file, then it will be saved on a folder in the local device. However, if you choose to "Export" your encrypted vault the program allows you to save your file in a cloud provider, provided that you have it installed.
I saw the Android cloud backup on Aegis but the manual backup is safer. Online backup is easier, especially during migration from one device to another but it is not safe at all. We heard of LastPass password manager issue since two years ago but later funds were later stolen from LastPass users. The issue can start from somewhere taken for granted until people regret. |
|
|
|
RickDeckard
Legendary
Offline
Activity: 1148
Merit: 3119
|
|
July 08, 2024, 09:21:36 PM |
|
You can backup to Google Drive for example[1]. If you want to manually make a backup of your file, then it will be saved on a folder in the local device. However, if you choose to "Export" your encrypted vault the program allows you to save your file in a cloud provider, provided that you have it installed.
I saw the Android cloud backup on Aegis but the manual backup is safer. Online backup is easier, especially during migration from one device to another but it is not safe at all. We heard of LastPass password manager issue since two years ago but later funds were later stolen from LastPass users. The issue can start from somewhere taken for granted until people regret. I also don't support a backup to a cloud provider, too much of a risk for me, but DYING_S0UL was interested in knowing if the program had that particular feature from someone that has used the program, hence my guidance. Still, nothing beats an offline backup of your TOTP secrets. |
|
|
|
Chikito
Legendary
Offline
Activity: 2562
Merit: 2077
youtube.com/@ChikitoBitcointalk
|
|
July 09, 2024, 03:13:34 AM |
|
Authy is not the best authenticator since before their data always got breached and it isn't safe anymore to use in any exchange accounts.
So far I have never problem using Authy, so when I compared it with Google, Using Authy is simpler when we change cellphones, we can log in again using the same cellphone number and receive a code via SMS. I have experience lost the google 2fa code and can't login on 2fa. because of that, I prefer using authy for beginners who have weaknesses in storing data or code on paper. |
|
|
|
|
