Security Alert: Update your Authy to the latest version

[Luzin]

So far I have never problem using Authy, so when I compared it with Google, Using Authy is simpler when we change cellphones, we can log in again using the same cellphone number and receive a code via SMS. I have experience lost the google 2fa code and can't login on 2fa. because of that, I prefer using authy for beginners who have weaknesses in storing data or code on paper.

From the very beginning I traded using Authy security. I think it's still safe and I feel comfortable with the automatic recovery feature and it can be used on multiple devices. I hope there are no other losses for me and other users later.

Then regarding the update problem, I checked in my application Authy that I have the latest version. I checked from the Play Store. Is this a little different from the one on the play store? Hopefully not. I see the details My update version is already in 25.11.

[RickDeckard]

So far I have never problem using Authy, so when I compared it with Google, Using Authy is simpler when we change cellphones, we can log in again using the same cellphone number and receive a code via SMS. I have experience lost the google 2fa code and can't login on 2fa. because of that, I prefer using authy for beginners who have weaknesses in storing data or code on paper.

From the very beginning I traded using Authy security. I think it's still safe and I feel comfortable with the automatic recovery feature and it can be used on multiple devices. I hope there are no other losses for me and other users later.

Then regarding the update problem, I checked in my application Authy that I have the latest version. I checked from the Play Store. Is this a little different from the one on the play store? Hopefully not. I see the details My update version is already in 25.11.

I had this discussion on the other thread that is addressing this breach more hands on, but I'll post the intervention here as well:

Bear in mind that this was not the first breach that Authy suffered. There have been a few already[1][2] and, to my books, more than 1 would be enough to convince me that they are not worth to have my data, let alone considering the type of service that they offer. Again, this is purely by personal opinion. The fact that you have to rely on a "non official" tool to export your 2FA codes[3][4] is just ridiculous and shows how deep they want you to be locked in to their app.
(...)
[1]https://www.twilio.com/en-us/blog/august-2022-social-engineering-attack
[2]https://www.engadget.com/twilio-authy-data-breach-202314313.html
[3]https://gist.github.com/gboudreau/94bb0c11a6209c82418d01a59d958c93
[4]https://help.ente.io/auth/migration-guides/authy/

If you know about all these breaches in the past and you make your risk assessment regarding Authy, then fine by me. I just don't like seeing users that do not have a full picture of the product that they are currently using.

[BitMaxz]

So far I have never problem using Authy, so when I compared it with Google, Using Authy is simpler when we change cellphones, we can log in again using the same cellphone number and receive a code via SMS. I have experience lost the google 2fa code and can't login on 2fa. because of that, I prefer using authy for beginners who have weaknesses in storing data or code on paper.

Well, all of us don't have the same experience if the authy is working just fine for you then it's fine I believe you'll understand it better once you've gone through others who have experienced similar to those mentioned in the news but for now, since you believe it safe then we can't change your thoughts since we have difference experienced.

Another thing is I avoid using authy just because they always got breached like the news said posted just a few weeks ago they got breached meaning it happened again so how are you sure that you are safe using authy?
Yes, it is easy to use but the news about breaches alarms me not to use them anymore.

[Peanutswar]

I never used this app, since then I've been using Google authenticator because its more convenient no need to create any account just download the app, and its already binded with your device if you are using google well most likely people using google nowadays. That's the essence of having an update with the application, server, and websites because of the vulnerability so better to make sure to read all of the patch notes and updates before committing to make sure there are no bugs and prone to vulnerability. Stay vigilant and safe in the internet.

[Luzin]

If you know about all these breaches in the past and you make your risk assessment regarding Authy, then fine by me. I just don't like seeing users that do not have a full picture of the product that they are currently using.

Of course, this adds to my insights. No matter how strong the security is, there are always gaps that can be exploited by bad people. Not only Authy. I think all GAs, Aegis have weaknesses. So not only from the application and developers but from the user users. But from this condition, isn't Authy likely to develop to fix the vulnerability gap. Actually it is quite strange if there is no problem, or maybe no media wrote it? The media can always make writing and business competition.

[RickDeckard]

Of course, this adds to my insights. No matter how strong the security is, there are always gaps that can be exploited by bad people. Not only Authy. I think all GAs, Aegis have weaknesses. So not only from the application and developers but from the user users. But from this condition, isn't Authy likely to develop to fix the vulnerability gap. Actually it is quite strange if there is no problem, or maybe no media wrote it? The media can always make writing and business competition.

I'm not sure that I understood your intervention. Sure that each TOTP/2FA program has positives/negatives aspects of it, but considering that Authy is both closed source, doesn't allow users to export their TOTP's and has been breached multiple times, those factors have to account for something no? I'm not saying that Aegis won't ever suffer such breach, but being open source and developed by the community surely helps in transparency, far more than Authy does.

[Chikito]

So far I have never problem using Authy, so when I compared it with Google, Using Authy is simpler when we change cellphones, we can log in again using the same cellphone number and receive a code via SMS. I have experience lost the google 2fa code and can't login on 2fa. because of that, I prefer using authy for beginners who have weaknesses in storing data or code on paper.

From the very beginning I traded using Authy security. I think it's still safe and I feel comfortable with the automatic recovery feature and it can be used on multiple devices. I hope there are no other losses for me and other users later.

Then regarding the update problem, I checked in my application Authy that I have the latest version. I checked from the Play Store. Is this a little different from the one on the play store? Hopefully not. I see the details My update version is already in 25.11.

I never checked my application is updated or not, because I setting up it automatic update on my phone. Just set it on your play store, then all applications installed will automatic update when that aplication ask for it. but if you're not sure, you can check it manually on their site.