Authy - For all your 2FA needs! [Updated]

Source: youtube.com/authy
[This post has been updated on 7 May 2020. Click here to navigate to the update]

I don't know if its due to my previous experiences or not, but I have this habit of giving, sort of a background before I hop onto things...same drill here too.

Ever wanted additional security for your accounts (please...not bank accounts!)? Fear giving even your mobile number to receive OTPs due to privacy concerns? You are at the right place then...there is a solution for you! Read on...

2FA = 2-Factor Authentication; an additional step after you put in your password before you login!
In cyber-security language, there are 3 types of authentications - 
- what you know (the usual passwords)
- what you have (2FAs - OTPs, tokens, etc)
- what you are (biometrics - most secure)

Well, biometrics being the most secure, practicably don't make sense, at least currently, to be implemented in each and every login service!
2FAs, hence, are the most convenient and secure means to further secure your accounts i.e. what you have in addition to what you know.
2FAs could be in the form of OTPs (One time passwords) on your email, mobile numbers; or even mobile prompts.

However, there are genuine issues to it:
  • Mobile number or an email to be registered to receive OTPs (some people may not be comfortable divulging personal information)
  • User has to wait every time for an OTP to arrive
  • Common network issues may result in late / no receipt of OTPs hence leaving you out of your own account!
So, to solve all these issues we have TOTPs (Time-based One Time Passwords). These are OTPs that reset at predefined frequencies (not in users' control) - generally 30 seconds and completely function offline

The usual 2FA process

If your service supports it navigate to it (Generally these are in Security settings / Profile settings of your Account)

Let's take Google, for example,
  • Look for '2-step verification'
  • Now here you can select any of the methods (prompts, mobile numbers, emails and 'Google Authenticator'). Google Authenticator is nothing but your TOTP generation tool!
  • Click it, follow the instructions (and download the 'Google Authenticator' app (AndroidiOS)
  • Scan that QR code that will be displayed on the screen from the 'Google Authenticator' app and you are all set! Every time you sign in, apart from the password you'll have to enter the code generated by the app. 

Again, as the heading stated, this is the USUAL process for every other account you have for enabling 2FA

Why Authy?

Authy (Source - Google Play)
Ya, really, I just *unintentionally* demonstrated Google Authenticator above, so why I use Authy over it?
Well, its more secure and convenient in usage plus has some secure worthy features under the hood:

No Screenshots (ANDROID ONLY)

I see very few apps which use Android's underrated functionality and this one is among those ones. Yes, YOU CANNOT TAKE SCREENSHOTS IN THIS APP. (the next screens that you will see are picked from Google Play or the App store or Google Images). These are screenshots from my phone:
(Even Google's Authenticator allows taking screenshots!)

Secure Backups and Multi-device

Switched your phone, lost all your data on the phone, performed a reset of your phone? - Good job! all your TOTPs are gone forever, and you will have to re-set up your 2FA on your account by logging in through alternative means (verify your mobile, answer security questions, password reset, look for backup codes, etc.). Some account providers are so strict that there's no way out, you lose your TOTP codes, you lose your account. Eg: Discord [I had to learn it the hard way:( ].
Authy solved this problem, you can backup your codes securely and PASSWORDS FOR THOSE BACKUPS ARE MANDATORY. Please ensure to not skip that, else you cannot recover those codes back!
(Source - Google Images)
Courtesy of the above functionality, this app can simultaneously run on more than 1 device and again you can keep a track of them too!

(Source - Google Images)

App Protection

Not all use app-locks on their smartphones, hence an addition of a biometric / Pin-based app protection is always a welcome one. Look at Whatsapp too!
(Source - androidpolice.com)

Personalization

The app offers ability to view your codes in Grid or List mode, and even assign custom names to the different accounts making them easily identifiable and searchable. You can even assign custom colors / icons for different accounts.

Grid mode (Left), Colors (Right)
(Source: App Store and Google Play respectively)

So which Services offer 2FA?

Well every popular one has it. Some of which are -
  • Google
  • Microsoft
  • Facebook
  • Instagram
  • Snapchat
  • Twitter
  • IFTTT
  • Zerodha
  • Spotify
  • Lastpass
    Want even more? There is an entire website dedicated to it where one can find even more services offering 2FA - twofactorauth.org - one can even submit any other known websites if not available there.

    Pro-tip - Got an apple watch? You can view your TOTPs right there!

    Authy is available for free on Google Play and the App store. Just click below
      

    Have any queries over 2FA? the comments section is all yours!

    Stay Aware, Stay Appy! (Stay Safe too!)

    [Update: 7 May 2020]

    There is an update to the above article over the Google Authenticator aspect covered as part of the intro. The app received its first update this morning since 2017 which adds some much needed features:
    • Screenshot restriction on the important sections of the app (Warning!! You might see some potato quality screens at the end...just saying!)
    • A revamped introductory interface

    • Importing or exporting the TOTPs between devices (by scanning a QR code on the old device!). Indirectly, even Multi-device functionality works!



    • Oh, as now you have already noticed, the app has even got a fresh coat of white paint (Google's Material Theme as they call it).
    Okay...Welcome additions, but I am still not convinced about using it over Authy, because of the problem when a factory reset is performed of the phone...these codes will still be gone.
    Whoever, wants to give it a shot, Google Authenticator is available for free to download (AndroidiOS).
    If the update it still not live for you (the Android user), you can grab the same from APKMirror right now.

    Stay Aware, Stay Appy!

    ---End of Update---

    Comments

    1. PJ15 August 2020 at 02:33

      I was use google authenticator but faced lot of problems when my phone was changed. Thanks! Authy looks perfect.

      ReplyDelete
      Replies
      1. Prajjwal P.15 August 2020 at 13:26

        Exactly...why I use authy! Can run it on 2 devices simultaneously too!

        Delete

    Post a Comment

    Posts you loved!

    Taskito - A refreshing take on ToDo, Planning and Journalling

    Image
    Another week...another app... I am sure (pretty sure) that many people need and in fact be using ToDo lists no matter in what manner...PC, mobile apps, notepad, emails, etc. I don't say any method is wrong or should not be preferred (everyone has their comfort zone!). Speaking of the apps, (you very well knew this was coming, Hehe!) there are tons and tons of apps available to use, and we have a recent addition over here - Taskito (seems like a magic spell right?). Launched just a year back, let's dive-in for what this has on offer! The Premise Open the app and you will be greeted with the dashboard in the form of a timeline and a calendar sheet which is expandable from the bottom...that's it, the app completely wants the tasks to be shown in the form a timeline...all of your past, present, and future tasks just some scrolls away! (of course, Taskito offers a day-wise view as an alternative, but again the timeline is the default and I pr
    Read more

    SMS Organizer - Pitch Perfect!

    Image
    So, 2nd April 2019, saw the last day of Inbox by Gmail, perhaps Google's most ambitious project yet (of course, after Google Photos!). I (in fact, everyone who used it), loved the concept of email bundling (and how well Google's algorithms handled it!), high priority notifications, pinning and snoozing e-mails, saving articles, reminders, and a very colourful and playful UI! (Seriously, I miss the app every single day, there hasn't been a single app in the market until now which gets close to Inbox....) Anyways, the reason I gave this background of Inbox is because I've found this new 'Inbox' of SMS apps, right away coming from Microsoft's garage (No, seriously! The developers name themselves literally as Microsoft Garage!) This is how it looks normally So, coming straight to the point, this is perhaps my best ever SMS experience ever since I've stepped into the smartphone world. The features? - Long list, but lets b
    Read more

    [Opinion] The Amazon app - Why does this thing even exist?

    Image
    These kinds of articles require disclaimers, so continuing this trend, I totally respect and admire Amazon as a company [and all its services ;)]. I even have an Echo Dot! (3rd Gen) and regularly order stuff through Amazon.in. It is just that I really, really cannot ignore that fact (refer the title) and I wish people become aware about it! Let me start with screenshots... Just in case y'all are wondering...the first 2 screenshots are of the app while the next 2 are of the mobile website. Apart from the gradient, I can't see any difference really there. Getting the point? Amazon has, in my opinion, technically done no value-add as such by creating this app in the first place (apart from whopping app install numbers) As per App Store  (Left),  As per Google Play  (Right) Btw...this app just has an average rating of  just 3.2/5 on the App store! I mean seriously, at-least here in India, in the app I can only see 2 visible addition
    Read more