this post was submitted on 30 Jul 2024
63 points (89.9% liked)

Android

17652 readers
172 users here now

The new home of /r/Android on Lemmy and the Fediverse!

Android news, reviews, tips, and discussions about rooting, tutorials, and apps.

πŸ”—Universal Link: !android@lemdro.id


πŸ’‘Content Philosophy:

Content which benefits the community (news, rumours, and discussions) is generally allowed and is valued over content which benefits only the individual (technical questions, help buying/selling, rants, self-promotion, etc.) which will be removed if it's in violation of the rules.


Support, technical, or app related questions belong in: !askandroid@lemdro.id

For fresh communities, lemmy apps, and instance updates: !lemdroid@lemdro.id

πŸ’¬Matrix Chat

πŸ’¬Telegram channels / chats

πŸ“°Our communities below


Rules

  1. Stay on topic: All posts should be related to the Android OS or ecosystem.

  2. No support questions, recommendation requests, rants, or bug reports: Posts must benefit the community rather than the individual. Please post to !askandroid@lemdro.id.

  3. Describe images/videos, no memes: Please include a text description when sharing images or videos. Post memes to !androidmemes@lemdro.id.

  4. No self-promotion spam: Active community members can post their apps if they answer any questions in the comments. Please do not post links to your own website, YouTube, blog content, or communities.

  5. No reposts or rehosted content: Share only the original source of an article, unless it's not available in English or requires logging in (like Twitter). Avoid reposting the same topic from other sources.

  6. No editorializing titles: You can add the author or website's name if helpful, but keep article titles unchanged.

  7. No piracy or unverified APKs: Do not share links or direct people to pirated content or unverified APKs, which may contain malicious code.

  8. No unauthorized polls, bots, or giveaways: Do not create polls, use bots, or organize giveaways without first contacting mods for approval.

  9. No offensive or low-effort content: Don't post offensive or unhelpful content. Keep it civil and friendly!

  10. No affiliate links: Posting affiliate links is not allowed.

Quick Links

Our Communities

Lemmy App List

Chat and More


founded 1 year ago
MODERATORS
 

Losing access to Authy leads to another reckoning with Google's security model.

you are viewing a single comment's thread
view the rest of the comments
[–] ililiililiililiilili@lemm.ee 39 points 3 months ago (3 children)

This is a non-issue. Why not use Aegis and backup your own credentials? I wouldn't trust Authy (or any 2FA app that includes cloud backup).

[–] mp3@lemmy.ca 14 points 3 months ago

Other decent options:

TOTP is an open standard, no need to stick to Authy.

[–] 01189998819991197253@infosec.pub 12 points 3 months ago (1 children)

Aegis all the way. Looked at authy and hardpassed after reading the permissions it requires. Your job is to calculate the OTP. You don't need wifi access if you're an offline OTP calculator.

[–] Chozo@fedia.io 4 points 3 months ago (2 children)

Authy is not an offline OTP. It syncs your tokens across devices.

[–] 01189998819991197253@infosec.pub 5 points 3 months ago* (last edited 3 months ago)

It can, but it doesn't have to (or at least it didn't used to). But if you ever choose to leave, you can't export anything (or, at least you couldn't). My statement is using old information, at least a year old, since that's about when I hardpassed on them.

Edit: correct autocorrect

[–] Carighan@lemmy.world 3 points 3 months ago

Just another reason not to use them. Non-synced tokens cannot be leaked.

[–] Penguincoder@beehaw.org 8 points 3 months ago

I recommend Aegis as well. Does what it needs without shadiness going on.