What 2FA app you recommend?

  • Harrison@infosec.pub
    link
    fedilink
    arrow-up
    8
    ·
    1 year ago

    Android is easy, Aegis.

    IOS is much harder. Right now, probably “2FAs”. Authy is owned by Twilio, Raivo was just bought out by an advertising company, and the others are either too small to get the exposure required for any level of security or charge for the feature.

      • Harrison@infosec.pub
        link
        fedilink
        arrow-up
        5
        ·
        1 year ago

        It’s less that Twilio specifically owns it than problems resulting from corporate ownership. Briefly:

        1. You can’t get your data out of Authy. Actually you can, but it’s a long annoying process involving installing an out of date chrome extension and using developer tools.
        2. Privacy issues. Authy links a lot of data including location to your identity.
        3. Authy supports SMS account recovery (which is inherently insecure) and doesn’t allow users to disable it.