[bitsweet]

Nice. Wish it integrated with Authy though

[dguido]

Nope, nope nope nope nope. Authy's latest "innovation" where bluetooth on the host can grab a new code from your mobile device provides a direct link between your two factors (reducing them to one). I don't think their team understands much about the problem they're trying to solve and they seem to be watering down the security of the product to attract new users instead. DUO and plain TOTP are really the only ways to go.

[dguido]

[replying to my own post] Just a note, I talked with Authy on Twitter and they indicated they're making Bluetooth an opt-in feature in the future and that their management console has the ability to restrict all use of it by managed clients. I'm still not happy about it, but those are positive steps.

[chimeracoder]

Agreed.

For those who missed it before, from a previous discussion on Authy:

> You're correct - there are serious security concerns with Authy's product, which were pointed out on an earlier HN thread: https://news.ycombinator.com/item?id=4916983

>Personally, I'd be concerned with trusting my credentials with any company unless all members of the leadership team (yes, including "nontech" people) are incredibly familiar with basic security terminology and practices.

> (Note that the founder is unclear when PBKDF2 and AES are being used in the product, which is concerning, because they have very different use cases and should be hard to confuse).

(http://news.ycombinator.com/item?id=6133648)

[voltagex_]

Great, so what should I use instead?

[danielsju6]

You can certainly use your Authy app for it, it's just Authenticator.

[madsushi]

I would also suggest that any iOS users move away from Google Authenticator and towards Authy or another solution. Google Auth in iOS7 has been deleting labels, and even worse, deleting tokens, for many users. The app hasn't been updated since 2011 and there's been no word from Google on an upcoming update to fix the issue. With iOS7's launch/announcement next week, I suggest looking into a new TOTP app (like Authy) before upgrading.

[mik3y]

Good advice. Indeed it looks like changes to the open source Google Authenticator app dried up in late 2011:

https://code.google.com/p/google-authenticator/source/list

Doesn't necessarily mean the project is abandoned (as sometimes open source bits are sync'd periodically from more active internal trees), but.. sure doesn't seem actively maintained.

[dmd]

Can anyone here speak to Authy vs. Duo (as a regular user, not as someone providing 2fa for their site)?

[stock_toaster]

Duo app doesn't store token data server side (authy used to last time I checked. -_-), and did not require a phone number to use totp.

I use duo.

[chime]

I had all of those problems with Google Auth on iOS7. I just installed Authy and it seems to work great. I'd have paid $1-3 for it. I disabled the bluetooth feature though.

[lisnake]

Looks like Google just updated their Authenticator app. Works fine for me on iOS7

[elithrar]

> Looks like Google just updated their Authenticator app. Works fine for me on iOS7

Be aware that it will drop all of your existing tokens, so make sure your backup phone number is set & verified across all services and/or your have your backup codes prepped.

[Dobbs]

I added it to Authy with no issues. The only downside is that they don't have a github icon currently.