Authy: A Better Replacement for Google Authenticator
In today’s world, we face serious concerns with the risk of our online security being hacked. Protecting our security has grown more difficult with several new online threats. Though there are multiple ways to keep our data protected, the most user friendly one is enabling Two-Step Verification for your accounts.With 2FA, you will receive a phone call or text message with a one-time code to log in to your account. One such simple technique to set up Two-factor Authentication(2FA) is with Google Authenticator app to your account. The app brings online security to your convenience by automatically generating one-time pass codes in your phone.
Before using Google Authenticator, I was using the default 2-Step verification from Google. Here, I would receive codes through phone call or text messages. But I preferred replacing it as I could get the codes from my phone itself, even if there is a network trouble. The codes are refreshed every minute adding to the safety of my account. But recently I found something more advance than this app.
Authy vs Google Authenticator for 2 Factor Authentication
You can make your online security more safe and convenient with Authy 2-Factor Authentication. The app can replace your Google Authenticator with its extended features, apart from just generating codes. Authy provides trusted protection to all your apps and accounts that supports Google Authenticator. Be it your Facebook, Gmail or Dropbox, you are protected with Authy.
What makes Authy more reliable than Google Authenticator?
We have used both the applications and has found out Authy wins over Google Authenticator on these pointers-
- Convenience of using Authy from anywhere
Instead of handling you with a pack of backup verification codes like Google does, Authy securely backs up your account data in cloud storage. Just register your new devices when you access your account from anywhere. You can even access Authy from your Google Chrome by downloading the Chrome extension from here. I find this very convenient as I access my account from multiple devices.
- Logging and Pre-Filtering
Authy 2FA tracks account details like phone type and carrier and identifies threats such as pre-pay or recently ported accounts. Different ways of authentication ensures transactions safety as the security needs may differ. ‘Twillo‘ is the paid version of Authy which is a very good and handy tool available for business with extended features.
- Powerful Combination of Authentication Options
Authy provides three ways of authentication. Authy Onecode is recommended for users not using Authy app. A seven digit pass code is generated on demand and sent to mobile via text message. Authy Softtoken is available for app users which displays the seven digit code only for 20 seconds. Authy Onetouch sends you push notifications when you log in to your account. Nothing can match Authy Onetouch for a trouble-free authentication. Just swipe to access or deny – as simple as that.
I enjoyed the feature of Onetouch authentication. It’s the most easiest and convenient authentication method to log in to my accounts.
- Never get locked out of your accounts
Even losing your phone will not block you from accessing your accounts as you can access Authy from any device. Just one account for access to all your accounts.
Things that may concern you –
- Since Authy can be accessed from multiple devices, there can be a concern of your account being manipulated by anyone who gets to know your master credentials.
- In order to log in to different accounts, Authy owns some of your account information to provide security.
I liked the user interface of Authy very much as compared to the dull UI of the authenticator. Setting up Authy made it easy for me to access all my account in just a swipe of my finger. You can get official tutorials to set up your Authy with different accounts here.
Even though we have to share some of our account information with Authy, it offers unmatchable security and convenience to our online world. Download the Authy app from here.
Dear Akhil and Gtricks Team,
Thanks for sharing this post. However, to you and the venerable readers of Gtricks, please note, from what you have shared, it seems actually a dangerous proposition and the readers should be aware of one critical aspect before ditching Google Authenticator in favor of Authy.
You say Authy can be used from multiple devices as its keys are stored in cloud and anyone with the “master password” can access it, too. Well, that about sums up the entire point that using it this way essentially defeats the purpose.
With Google Authenticator or any reasonable 2FA tool what we get is effectively similar to having a digital version of a “physical key” and that “inconvenience” is what we need to accept.
Dear readers, please make no mistake, if you care for the value of a vault and if you WANT to ensure you’d, at least, know that any time this vault is opened your PHYSICAL KEY or an exact copy would be required, then you’d HAVE TO live with that very arrangement for yourself, too. It’s not an inconvenience, it’s what you want.
Since physical keys won’t appear from thin air every time we want it and again won’t magically go away after every use, any good review/suggestion on its usage would NOT direct you away from having its need (and to the “convenience” of letting it go in favour of an “on air” keys available from any device).
Dear readers, please consider this before deciding, using Authy this way would simply mean having similar kind of two layered passwords and that’s really it. Repeat, it would be like having a double set of passwords but passwords nonethemore. Any hacker would be enterprising enough to go through the “pain” of putting your Authy generated password in case she does get her hands on the supposed master password. And, what would you do, use Google Authenticator only for this master password?
Yes, of course, many users are availing Authy and I’m not suggesting it’s insecure. What I’m only saying is — it REMOVES the necessity of HAVING the physical device on which your Google Authenticator or the 2FA tool is installed.
I love Gtricks and it is one of the very few newsletters I read and still look for these days (I use Unroll.me for 99% of my newsletters) but this article and the suggestion seems to miss one critical aspect and, I’m worried, it puts forward a potentially dangerous proposition to readers many of whom, understandably, would be quite lean to adopting Gtricks suggestion without much deliberation because of Gtricks’ hard-earned credibility which is very well deserved.
Please take note of this in making your choice. Thank you.
Best regards,
Oli
Hello Oli,
Thanks for sharing your thoughts. Our intention was not to undermine the security provided by Authenticator by convenience of Authy. I will re-write the article so the distinction becomes crystal clear. Our work is to produce facts and let users decide what works best for them.
Thanks again for your feedback.
Hi there. Just reading this post (and the comment from Oli below) and want to clarify a few things, especially in response to his comment: “many users are availing Authy and I’m not suggesting it’s insecure. What I’m only saying is — it REMOVES the necessity of HAVING the physical device on which your Google Authenticator or the 2FA tool is installed.”
To gain access to the encrypted backup, you must first prove access by performing 2FA via SMS. Then the encrypted backup is delivered to the local device, where a user-provided password is used to decrypt the backups locally. Authy has no hash table or password table to attack.
Backup codes actually deliver a riskier form of “something you know”-only access, usually with 10 never-expiring passwords that users often don’t have when they need them, or handle insecurely.
When Authy designed the service, they solicited input from the highly security conscious bitcoin community. And Authy delivers the feature turned off by default (no backups), and wrote this detailed blog documenting how the backup feature works: https://www.authy.com/blog/how-the-authy-two-factor-backups-work