First time I hear the word "smishing". I hate it. It's an ugly word.
you should've been like me and been using 2FAS Auth for the last 2 years, so this never would've happened! Also every account I use has a different password, no two are the same thanks to password managers like bitwarden baby yeah!!!Been using Authy for years but I’ve always been suss on the requirement for a phone number, especially as Twilio’s entire business model is SMS.
You should not have to, nor expect to, disclose your phone number in order to use a TOTP generator. My data has already been leaked so many times, so I migrated to 2FAS about a month ago in anticipation of an event like this. Sadly my data was leaked because Authy takes 30 days to delete an account 🙃
Do not use Authy.
It's plenty avoidable if these companies would take security of user data seriously, but they know nothing more than a slap on the wrist happens so they cheap out.Things like this happen all the time. Most of the time we never are even informed, even when they get way more than our phone numbers. It is near unavoidable in today's world.
Thanks, I’ll be switching away from Authy (have a few accounts on there for 2FA).Been using Authy for years but I’ve always been suss on the requirement for a phone number, especially as Twilio’s entire business model is SMS.
You should not have to, nor expect to, disclose your phone number in order to use a TOTP generator. My data has already been leaked so many times, so I migrated to 2FAS about a month ago in anticipation of an event like this. Sadly my data was leaked because Authy takes 30 days to delete an account 🙃
Do not use Authy.
I was a big fan of Authy until they killed off the desktop version which was a major inconvenience to me. I've since switched over to the Step Two app https://steptwo.app/
It does pretty much the same thing but it's better integrated with Safari, and it uses iCloud to sync vs. some third-party. And it's free up to 10 accounts.
So long Authy!
I don’t discount this as a possibility but with universal apps from Apple - it shouldn’t be a problem for the Mac ecosystem.I don't see them as related. The desktop app was probably killed for lack of usage. (Unfortunate.)
Been using Authy for years but I’ve always been suss on the requirement for a phone number, especially as Twilio’s entire business model is SMS.
You should not have to, nor expect to, disclose your phone number in order to use a TOTP generator. My data has already been leaked so many times, so I migrated to 2FAS about a month ago in anticipation of an event like this. Sadly my data was leaked because Authy takes 30 days to delete an account 🙃
Do not use Authy.
There only unlocked if you don't have a backup password added to your account. I just reinstalled authy today on a new device and even though I was able to log in and see what authenticator accounts I had, I was not able to use them until I entered my backup password which is different then the account password that is used to log in.My problem with Authy is their native tokens are based solely on SMS authentication.
Many people think Authy protects tokens behind a client side password but this applies to Google Authenticator TOTP Tokens backed up only. When you setup a new Authy install on a new device, you will see after completing SMS authentication, your Authy native tokens are unlocked.
The Google TOTP tokens are not unlocked until you type in a further password. This is a huge risk to Authy tokens which is why services like Coinbase already shifted away from Authy and require the standard RFC 6238 token.
It's a SMS service widely adopted for 2FA and other text messaging services. They list Lyft, Netflix, and Airbnb as their users, so you can imagine how many other large companies are using them. Chances are your number is among those 33 million.Never even heard of Twilio, should we be concerned?![]()
Security cost them money and it decreases the profit.It's plenty avoidable if these companies would take security of user data seriously, but they know nothing more than a slap on the wrist happens so they cheap out.
You could have installed the iPad version if you have an M series machine. Took me 15 seconds and I had my desktop application back again, not that using my phone was a burden mind you.
Curious, what did you and the people who ditched it switch to? Not that I plan to move.
so I migrated to 2FAS about a month ago
2FAS looks interesting,
This one isn't. Probably from previous phone number leaks from other companies. This is a very old scam. I've had these messages show up like 3 years ago.Got added to a random scam WhatsApp group on Wednesday. Maybe related to this hack?
Never even heard of Twilio, should we be concerned?![]()
33 million numbers? I don't even know 33 people who use Authy. 🤯
...jokes aside, I really question the wisdom of using 2FA / security apps from companies that aren't well known. Something like Google Authenticator or Microsoft Authenticator would make more sense. A 2FA authenticator from.... Twilio...? Maybe not so much.
With this and there desktop app dead, does this mean the service is dying? Should I move my codes? I’ve never seen an active service close a desktop app before like this. I suspect it was due to a script being able to export 2FA account data (Reddit post) and maybe it was turned off for security reasons BUT their documentation doesn’t mention anything other than - “End of Life” and here are alternative software options.