Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Authy Users Urged to Stay Alert After 33 Million Phone Numbers Exposed

Radeon85

Radeon85

macrumors 65816
Mar 16, 2012
1,045
1,924
South Wales, UK
Ditched Authy a while back when they dropped Windows desktop support as that was my primary platform, been using RoboForm for many years and they support 2FA these days so moved all my 2FAs over to them. I love RoboFrom as it works on all the major platforms with a nice clean UI so I have a native Windows app, iOS app and native Apple Watch app. Was a pain to move over as I had to redo almost two dozen 2FAs by disabling them on each site and setting them up from scratch, took ages but it was worth it.

Haven't closed my Authy account even though all 2FAs on there are gone as I kept it just in case, bit late now but I'll do that later.
 
  • Like
Reactions: eltoslightfoot
boss.king

boss.king

macrumors 603
Apr 8, 2009
6,248
7,252
WarmWinterHat said:
I don't use Authy anymore, but I've always kept my 2FA codes separate from my passwords app. If one got compromised, at least the 2FA sites would still be secure.
Click to expand...
I’m the same with keeping 2FA stuff separate. I used Authy for a long time, recently switched to 2FAS and have been happy with it. It would be a lot more convenient having them both in one place, but that really defeats the purpose of it being a serving factor of security.
 
G

ghanwani

macrumors 601
Dec 8, 2008
4,716
5,989
Users should change their phone numbers every 3 months. That way scammers won’t be able to keep up with them! Ideally should also change their own names and relocate every 3 months. That’s the new version of “catch me if you can” where people stay ahead of criminals, instead of the obsolete version where criminals stay ahead of law enforcement.
 
  • Haha
Reactions: addamas, jagooch, freedomlinux and 2 others
M

mtrm

macrumors regular
Jul 7, 2013
119
256
Portugal
I never felt very comfortable with the fact your account was tied to your phone number, but used Authy regardless because it was pretty much the only cross platform around. But after reading these news, I just spent the last 2~3 hours migrating about 30 accounts from Authy to 2FAS (and ensuring the sites were actually giving me a different QR code rather than just giving me the one I already had). It was a MAJOR p.i.t.a....

2FAS syncs with icloud, but it allows you to export/import a manual backup in case you want to switch to android (hate the idea of being fully tied to one ecosystem). Will delete my Authy account as soon as Instagram allows me to change my 2fa app.
 
C

canadianpj

macrumors 6502a
Jun 27, 2008
509
422
CalMin said:
Thanks and yes. I do have the iPad version on my Mac - I just figured that it is a matter of time before they close this off.

I switched to Step Two (it was linked in my post above).

I hope Apple's new Passwords app will help with this too, but mainly so that my less techie family members can implement better security. Too many of them use the same weak password everywhere.
Click to expand...

I don't see any possibility of them closing it off; it costs them nothing extra to allow it to run on M machines.

I don't see Apples passwords as it's very bad security practice to trust to much to one company.
 
C

canadianpj

macrumors 6502a
Jun 27, 2008
509
422
mtrm said:
I never felt very comfortable with the fact your account was tied to your phone number, but used Authy regardless because it was pretty much the only cross platform around. But after reading these news, I just spent the last 2~3 hours migrating about 30 accounts from Authy to 2FAS (and ensuring the sites were actually giving me a different QR code rather than just giving me the one I already had). It was a MAJOR p.i.t.a....

2FAS syncs with icloud, but it allows you to export/import a manual backup in case you want to switch to android (hate the idea of being fully tied to one ecosystem). Will delete my Authy account as soon as Instagram allows me to change my 2fa app.
Click to expand...

I took a look at 2FAS but they don't allow their app to work on Mac so it's an instant no from me.
 
eltoslightfoot

eltoslightfoot

macrumors 68020
Feb 25, 2011
2,417
2,915
LIVEFRMNYC said:
I still use Authy and like it. I'm not to worried about this.
Click to expand...
I guess that is your prerogative. If a bad actor knows my Authy phone number, they will then be able to tie that phone number to a cell phone. Now they can clone your number and guess that is your backup sms 2FA? Seems like it could be a slight irritation that they didn’t have part of their external network properly secured.
 
S

svish

macrumors G4
Nov 25, 2017
10,375
26,825
Don't use the service. So, not worried. But bad to see that customer data was obtained.
 
Stromos

Stromos

macrumors 6502a
Jul 1, 2016
855
2,017
Woodstock, GA
canadianpj said:
I took a look at 2FAS but they don't allow their app to work on Mac so it's an instant no from me.
Click to expand...
They may in the future the one thing I really wanted was Apple Watch support which was added not too long ago. They have a Discord community.

I was also able to export out of Authy to 2FAS without resetting everything. Not sure if that’s still possible but there was a GitHub script out there to dump Authy to QR codes.

Sadly I have to keep Authy for Sendgrid. But that’s the only thing in there now.
 
S

sKurt

macrumors newbie
Jul 8, 2022
12
-2
I've been using DUO from my company. But I recently got a set of Yubikey dongles to wave at my phone.

Haven't set them up yet, bit confusing.
 
H

hagar

macrumors 68020
Jan 19, 2008
2,048
5,194
WarmWinterHat said:
I don't use Authy anymore, but I've always kept my 2FA codes separate from my passwords app. If one got compromised, at least the 2FA sites would still be secure.
Click to expand...
I was going to ask: why the need for these third party apps? It’s built into iOS and macOS. But this could be a good argument.
 
H

hagar

macrumors 68020
Jan 19, 2008
2,048
5,194
eltoslightfoot said:
Right? With Mac, you can just copy it on your iphone, and paste it into your Mac. That's the whole point of being stuck in the walled garden. :D
Click to expand...
I have a lot of instances where copy/paste doesn’t work. It’s always trial and error.
 
M

macmac30

macrumors regular
Nov 19, 2015
152
387
Maybe this is why I have noticed an increase in those idiotic texts like: “Hi Lisa, how are you doing today?” Or “Hi Bill, would you like to meet for coffee at the same place?”
 
0

0423MAC

macrumors 6502
Jun 30, 2020
433
551
jagooch said:
I’m on team physical security key, hoping that yubikey and its ilk become more popular.
Click to expand...
Getting there. It's frustrating to deal with all these hacks, but I suspect it will be a long time until companies really take security seriously.

Many BANKS in the US still only support 2FA via SMS.
 
A

Adora

macrumors newbie
Jun 30, 2024
29
15
Strange I didn't even got a message that the desktop app will be discontinued. I installed it on my Mac from the AppStore and it worked for a few days but seemed very buggy and suddenly always crashed when I tried to open it.
Seems I started using it, when it already had been discontinued for Desktop and by coincidence the iOS app worked still for a few days on my Mac.

I just tried to login on my new Mac and was able to start the app, but I couldn't login because of a missing library or something like that.

Gladly I have everything in another App stored too. Now I have to wait 30 days until my account gets deleted. :mad:

And I really got some SMS Spam in the last couple of weeks, very rare, but I never before got any Spam via SMS.
 
  • Like
Reactions: addamas and eltoslightfoot
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom