If you’d rather switch apps altogether, it’s worth noting that Authy doesn’t come with an export feature.
That’s what makes Aegis better IMO. People use it because they like it, not because they’re locked in.
So how do I go about switching away from Authy? Go to every site I have 2FA enabled and remove/readd with the new app?
You can follow the steps here to use a previous version of the desktop app to extract the keys: https://gist.github.com/gboudreau/94bb0c11a6209c82418d01a59d958c93
The javascript didn’t seem to send the extracted data anywhere, but I did disconnect from the internet while running the script.
It’s not like they advertise “No exporting” as a feature after all.
And generally speaking when people are grabbing an authenticator app it’s because you’re either trying to sign up for a service, or you’ve been given some kind of unwelcome push to upgrade your account security. Not an environment that’s conducive to extensive research.
Spent an hour last night moving to 2FAS. Authy doesn’t make it easy – unlike their competitors, they don’t offer an export feature.
2FAS
It launched an NFT based donation program: https://2fas.com/donate/
and it is not available on F-Droid.
I’d go with Aegis for an App on Android, or a Bitwarden/KeepassXC password manager which can both handle 2fa tokens too.
I don’t like the thought of having my passwords and 2FA live in the same place - that seems to miss the point a bit.
You can have 2 different keys DB on keepassXC with different passwords, you can even try to save them in separate remote locations. The key points are data interoperability over different devices and its portability over different services, because the worst thing that can happen is that your favourite app, from where you cannot use or move your credentials elsewhere (like the Steam Guard app for instance), one day might stop working suddenly leaving you unable to access your accounts.
If you use Linux then OTPClient works great with Aegis since it can open Aegis export files directly. I’ve set up Aegis to make an export whenever I change something, I sync the exports automatically to my PC, and I open them with OTPClient there.
OTPClient can ask for the export password each time you open it and will close itself automatically if it’s not used for a while.
You can also use it to export the 2FA codes further in various formats, show the QR code for any of them, and all kinds of useful features like that.
You can download it straight from their GitHub, or presumably using Obtainium:
https://github.com/twofas/2fas-android/releases/latest
But wow, those NFTs. It’s cute that they’re trying to create an incentive for donation, and I appreciate that whoever they outsourced that project to, they (allegedly) employed and artist and not a machine to make the components of the artwork… But it would have been a lot less cringe if they had done it in-house and not thrown it onto a blockchain (all use of one validates their use and helps create “value” for them, after all.)
It’s an electron application so it’s possible to connect a debugger and extract the keys from there if you wish to export them.
A quick search found this and I did similar myself a few years ago when something forced me to usr authy.
Twilio, Authy’s parent company, is also moving Authy’s customer support hub to the help center on Twilio’s website after January 15th, 2024.
Twilio says it made the decision to sunset its desktop app to “streamline our focus and provide more value on existing product solutions for which we see increasing demand.” The company laid off 5 percent of workers in December 2023, and it just announced on Monday that it has replaced its CEO.
Sigh…
Authy desktop was extremely useful when my phone broke during an international trip, and getting a new one obviously took some time due to well… being abroad.
