Hacker News new | ask | show | jobs
by joshAg 1252 days ago
Hey, so this is admittedly monday morning quarterbacking, but in the future, you can definitely consider moving from Google Auth to Twillio's authy [1]. It lets you move devices and all your secrets come with you (it's also got other cool features, but the one that is killer IMO is the ability to migrate from device to device).

https://authy.com/
1 comments
adamors 1252 days ago
I can’t recommend Authy enough. It’s multi device from the start and has cloud backup.

I once broke my phone with Google Authenticator on it and I spent 2 days locked out from my work accounts. Never risking that again.

link
joshAg 1251 days ago
One important note, though, is that the backup and multidevice requires their cloud servers* so the threat model is a little different. They've got a blog on how they do the cloud backup**, but since you need a password it either needs to be something you can remember or be stored in a password vault that doesn't rely on getting a 2fa code from authy for access.

* for the paranoid, there's a mode where it doesn't backup to the cloud, which makes it function the same as google auth, but that does defeat a lot of authy's benefits.

** https://authy.com/blog/how-the-authy-two-factor-backups-work...

link