With all the security breaches in the news during over the past year or two, I resolved to do something about securing my online accounts for social media, email and the like. Due to some advice I received from a Twitter friend, I found Authy.
Authy is a service for your PC, Mac or mobile device that puts all of your two-factor authentication codes in one place, securely and safely.
Authy will work with any service compatible with Google Authenticator or that provides a QR code to add your account such as Gmail, Facebook, Dropbox, Tumblr, Amazon Web Services, and Cloudflare among others.
Authentication services like Authy aren't entirely new. As previously mentioned, it will work with any service that is compatible with Google Authenticator as well, so it's clear to see that this concept has been around for a bit. What makes Authy an awesome service (at least for me), is the native Mac OS app allowing you to sync your accounts to your desktop or laptop. With a simple click or a combination of keys you can copy your authentication code to your device's clipboard to paste when prompted. This means not having to waste time by obtaining the code from your phone, then struggling to type it in before the time expires.
With all the conveniences of the service, however, there two cons I should mention.
The first is that there are some notible services that Authy is not currently compatible with, such as Twitter and iCloud. The reasons for this isn't immediately clear for Twitter - which boasts OpenAuth for applications wishing to associate themselves with a particular account - but it appears that Apple (per usual) has created a proprietary authentication system that isn't likely to be compatible with any third-party 2FA respository any time soon.
While Authy can hardly be blamed for Apple's malevolency, they should be more forethcoming about services planned in the immediate future or at least explain why services aren't available at the moment. I stopped using Authy shortly after creating an account due to the fact that it doesn't offer compatibility with all of the services I use. However, I quickly realized that was short-sighted and I was putting my own hubris ahead of the security of my online accounts. I started using it again and enabled those pesky SMS notifications for my accounts not currently supported in Authy.
The second issue is a bit more minor and should only impact users who eschew the Authy Chrome app in favor of something a bit more lightweight. In using Authy Bluetooth. The app is the native OS X toolbar extention which enables the copy/paste feature on your Mac. I found that the Bluetooth connection does not automatically reconnect your mobile device to your Mac, like turning on a wireless keyboard or mouse would. Instead, you have to click on the icon in your toolbar and choose the option to reconnect your previously-paired iPhone. The added inconvenience is that in order for the re-pair to work, you also need to open the Authy app on your iPhone for the Bluetooth connection to be successful. This can complicate matters if you're sitting in a cramped environment such as an airplane or packed coffeehouse and you can't dig into your pocket to pull your phone out. It appears that the official response from Authy currently is to use the Chrome app, however this leaves Safari and Firefox users with a choice: switch browsers or be left out in the cold.
Given the added convenience and security that Authy provides and subtracting the two most obstructing negatives I've previously mentioned, I can only recommend the service for three types of people:
- Early adopters who are comfortable working with products not fully battle-tested and exhibit noticeable flaws
- Chrome users who will receive all of the benefit with little-to-none of the negatives
- Those, like me, who can tolerate and find workarounds for the bumps in the road that inhibit productivity
If you find yourself answering "no" to all three of the above categories, then you might not want to use Authy.
I really like what Authy promises to to be. However, in the light of day, it seems that Authy has a little more polishing needed to make it the stronger choice when compared to Google Authenticator. The only thing keeping me to use the service is the fact that it is free. I could not justify paying for a service that forces a workflow change (using Chrome) and offers malfunctioning Bluetooth connectivity. Authy will have to clean up it's act quite a bit for me to advocate it's use to the average user.
Please keep moving, there's nothing to see here.