AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |
Back to Blog
Authy desktop not syncing3/1/2023 ![]() Having the "B4dpassw0rd" will not help the attacker. Stl dr Your Authy ID is tightly coupled with the phone number initially used during registration. Tl dr Even with your password, this attack vector still requires user-approval from your initially registered phone number. I hope this clears everything up for you. The phone is more secure in some respects because I get my apps from the Play store and Android. So they are stored unencrypted on your device and only encrypted when being uploaded to Twilio's servers. However, as far as I can work out, this isn't used to encrypt your 2FA tokens. ![]() ![]() If they are able to provide this approval, then they already have access to your primary phone. Authy Desktop allows you to add a Master Password to the app. To answer your question, before an attacker can sync keys down to an additional device, they will have to have approved the addition of another device via a token or the "Use Existing Device" feature on your initially registered device. Once you've added a device, you can always see (and remove) devices that are associated with your account from any device. If you choose to 'Use Existing Device', you'll receive the following prompt on your initially registered device as seen here: If you choose SMS or Voice, your initially registered phone number will get a notification with a token to gain access to the Authy account. At this point, you can choose either an SMS/Voice or "Use Existing Device" (your initial phone) notification for accessing your Authy account. When you add a second device, you need to provide the first phone number to get access to those keys. Or, you may just want to sync your codes between a phone and a tablet. Install Authy desktop app - The following steps will work on Linux, Mac and Windows. There’s also a macOS app in beta and a Windows app coming soonyou’ll find them all on Authy’s downloads page. If you are not sure, scan this code with your authenticator to test. For example, Authy offers a Chrome app that allows you to access your codes on any computer. We also have an opt-in feature which allows for the syncing of these keys across multiple devices (iPhone, Android, Chrome Extension). Authy can sync your codes across multiple devices, too. I'm a Solutions Architect with Authy and am happy to clarify this issue for you.Īs you noted, we do require a password to encrypt and store your 'backup keys'.
0 Comments
Read More
Leave a Reply. |