What about...Authy?

gmaister22
gmaister22
Community Member

Hello everyone

1Password Family user here, been using Google Authenticator for couple years now but it's really bothering me to remove and readd all 2FA accounts to Google Authenticator when i change phones ( i change few times a year )

I was having a look at Authy. Would you vote for it? Do you think it's secure enough?

I mainly i am interested to add 2FA to my 1Password account since i mostly just use 2FA on websites like Google that i can get an SMS or iPhone prompt message so its not a big deal.

What do you suggest? Anyone using Authy?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • gmaister22
    gmaister22
    Community Member

    or i just checked; Microsoft Authenticator? What about this one?

  • Hi @gmaister22

    Authy and Microsoft Authenticator are the two mentioned in our support guide on setting up TOTP for your 1Password account:

    Turn on two-factor authentication for your 1Password account

    I hope that helps. Should you have any other questions or concerns, please feel free to ask. :)

    Ben

  • gmaister22
    gmaister22
    Community Member

    Are they safe?

  • @gmaister22

    I'm not sure I'm really in a position to evaluate that. What I can say is that based on a number of interactions with 1Password customers many do choose to use one or the other for their 1Password account 2FA. If you have questions about the protections either has I'd recommend reaching out to Microsoft or Authy, respectively.

    This is what Authy seems to have to say on the subject:

    I was not able to find a similar guide from Microsoft on their offering.

    Ben

  • XIII
    XIII
    Community Member

    Or use 1Password as 2FA App, for all your accounts, except the 1Password account itself:

    https://support.1password.com/one-time-passwords/

    Then you would have to keep (and add) only one 2FA code in the other 2FA App you use (for your 1Password account).

  • Indeed. I think the OP was looking for an app in which to store the TOTP info for their 1Password account:

    I mainly i am interested to add 2FA to my 1Password account

    While you can store your TOTP secret for 1Password in 1Password (and it isn't a bad idea to do so) it definitely should not be the only place it is stored. :)

    Ben

  • arunsathiya
    arunsathiya
    Community Member

    Authy user here, and I'm pretty happy with the experience. There is occasionally a case where Authy reports that the token (TOTP) is not backed up to their cloud, but it turns out it actually is.

    In any case, as Ben noted, I'm not in a position to evaluate their security either. You may want to reach out to their customer support team for that.

  • Thanks for sharing @arunsathiya. :)

    Ben

  • Av8tor9804
    Av8tor9804
    Community Member

    Hi. I'm contemplating the pros and cons of Authy versus 1PW for storing all my 2FA TOTP's. Either will work for me. One question I'm asking is do I trust my data to Authy/Twilio? If I chose to solely use 1PW, then if anyone acquires my Master PW, they'd have all the keys to the kingdom (UNs, PWs and TOTPs). From a regular user security standpoint, I was thinking that using Authy may perhaps offer an additional layer of security so all eggs aren't in one basket. Any thoughts?

  • Hi @Av8tor9804

    It's a great question, and I can certainly understand the thought process. We discussed our thoughts in a forum thread which you can find here:

    Why is it a good idea to store 2FA tokens in 1Password? — 1Password Forum

    Ben

  • prime
    prime
    Community Member

    I used Authy and wasn’t a fan of it. I use Duo for my 1Password Family account and I save the TOTP number in my 1Password (this is the number used to make your TOTP instead of the QR code you scan). Now this can only be done if you have more that one device also. So I get a new iPhone, set up 1Password, and use my iPad as my 2nd factor so I can get 1Password on my new phone. Once my phone is set with 1Password, I download Duo. I open Duo and use the code to get that 2nd factor going on my phone.

  • Av8tor9804
    Av8tor9804
    Community Member

    Thanks @prime

    Out of curiosity, why Duo over Authy? Personally, I'm tired of any Tech using (selling, sharing) my data with others, making me the product. I'd rather pay for the software or service and not be the product. (Therefore, would never use Google Authenticator). I don't have any experience with Duo, but Authy's in-app Privacy Policy states "We also share your information with our third party service providers as necessary for them to provide their services to us. We may also have to share your information with third parties if required to do so by law."

  • Av8tor9804
    Av8tor9804
    Community Member
    edited November 2019

    .

  • prime
    prime
    Community Member

    @Av8tor9804 Authy drove me nuts with the notifications to turn on the syncing (I didn’t like it, so I had it off). I also help people securing their on line accounts. So one day I was playing with Pinterest and trying their 2FA settings, and I put in my number in Pinterest and right away it detected I had Authy. It automatically set up Authy for Pinterest, and I didn’t want this. The Pinterest account was just a test account and I wanted to remove Pinterest from Authy. I read on line how to do it and It ended up not working, so I had to contact Authy’s customer service. They knew with my number I had Pinterest (when I 1st messaged them, they I never said what account I had this issue with). This concerned me that they knew I had Pinterest on my Authy, so what else did they know? I dropped them instantly.

  • AGAlumB
    AGAlumB
    1Password Alumni

    I think I'd be okay with that if I knew it upfront (heck, I use Google's stuff!) considering they wouldn't have my username/password, but yeah I don't like surprises like that.

  • prime
    prime
    Community Member

    @brenty google knows you better than you know you :lol:

  • AGAlumB
    AGAlumB
    1Password Alumni

    I don't doubt it. I got a Gmail invite early on too, and I'm not sure I could ever give it up at this point... :lol:

This discussion has been closed.