What 2FA app you recommend?

  • @Harrison@infosec.pub
    link
    fedilink
    81 year ago

    Android is easy, Aegis.

    IOS is much harder. Right now, probably “2FAs”. Authy is owned by Twilio, Raivo was just bought out by an advertising company, and the others are either too small to get the exposure required for any level of security or charge for the feature.

    • westingham
      link
      fedilink
      41 year ago

      I’m out of the loop, why is Authy being owned by Twilio a bad thing?

      • @Harrison@infosec.pub
        link
        fedilink
        51 year ago

        It’s less that Twilio specifically owns it than problems resulting from corporate ownership. Briefly:

        1. You can’t get your data out of Authy. Actually you can, but it’s a long annoying process involving installing an out of date chrome extension and using developer tools.
        2. Privacy issues. Authy links a lot of data including location to your identity.
        3. Authy supports SMS account recovery (which is inherently insecure) and doesn’t allow users to disable it.