736
Authy got hacked, and 33 million user phone numbers were stolen (appleinsider.com)
submitted 11 months ago by [email protected] to c/[email protected]
175 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[-] [email protected] 14 points 11 months ago

Why does it require a phone number to use?!

[-] [email protected] 17 points 11 months ago

They wanted to let companies pay for a non standard 2fa code generation tied to the phone number as it was easier than the mainstream option that was the almost abandoned google authenticator that didn't allow backups.

Cloudflare, humble bundle used that scheme and I hated them for that. Seems that now that plan failed and essentially now authy is a money-losing operation for twilio and this shows on the unsecured API access that allowed the hack

[-] [email protected] 4 points 11 months ago

Also, Google Authenticator now supports backup. Aegis is another free alternative.

[-] [email protected] 3 points 11 months ago

And as soon as I learned about that I stopped using it. Turns out it was the right choice - since then more then one company had breaches where authenticator seeds extracted from a google account were used to bypass 2fa.

[-] [email protected] 1 points 11 months ago

It's completely optional to connect a Google account. You can always back them up using the QR code (just take a picture with another device)

[-] [email protected] 1 points 11 months ago

Protip: Don't do any of this, unless you hate your accounts being secure.

An encrypted backup, and a stash of recovery codes for important accounts is the most secure way.

this post was submitted on 05 Jul 2024
736 points (99.2% liked)

Technology

71922 readers
3891 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]