Some users chose Authy precisely because of the desktop app. Phones can be lost / stolen / unresponsive / out of battery, and it was nice to have a second option for 2FA.
------
A list of alternatives they provide:
> Authy Desktop Alternatives
> If you are unable to use the Authy mobile apps, we recommend you look in to alternative desktop products such as the following suggestions:
> Please be aware that Twilio Authy does not have any affiliation with the companies creating these apps, so be mindful of potential risks and exercise your own judgment when selecting the app.
> Note: The Authy app lacks an export feature, therefore you have to re-enable the 2FA method and re-add the token in your new application with the steps here.
Interestingly, due to how Apple has developed its app ecosystem, it looks like you can still have it on a Mac Apple silicon desktop if you install it via the app store.
When you click on "Learn more" on the notice in the desktop app you get this:
"The Authy Desktop apps for Windows and MacOS that are available or were previously downloaded from authy.com/download as well as those for Linux will now reach their End-of-Life (EOL) on March 19, 2024. These apps were previously scheduled to EOL in August 2024."
I have several sites using Authy. I've started migrating some of them to 1Password. However, migration has been a pain due to disabling/re-enabling 2FA.
Does anyone have comments on storing both passwords and 2FA in the same app (such as 1Password)? It seems like this would be less secure than having 2FA in a separate app.
But you have if your password manager is compromised, because now they have the password and the TOTP codes.
The act of just mashing in a six digit code doesn't make anything more secure by itself. It's the origination, separation, and temporal nature that makes it useful.
I think it is less secure - for the single case of the password manager being compromised). But I think it is still 2-factor - the thing you know (the password) and the thing you have (proof that you had control of the device (or eco-system) the TOTP seed was created on).
So if you've memorized an uncrackable password for a password manager whose architecture you trust is secure, and use a third party TOTP provider (or a hardware key) for the password manager login I think its as good as using a 3rd party TOTP provider for everything. And a lot more convenient.
Why in gods name have they decided to do this I don't want to manually type in codes. Or have to recreate 10+ accounts. Why can't I pay money to keep using it?? Has anyone tried any of the alternatives?
I've just read the ios part though and how it will work on the m1 macs so are they just sunsetting desktop support for intel? is that more accurate?
------
A list of alternatives they provide:
> Authy Desktop Alternatives > If you are unable to use the Authy mobile apps, we recommend you look in to alternative desktop products such as the following suggestions:
> https://authenticator.cc/ > https://steptwo.app/ > https://secrets.app/ > https://keepassxc.org/ > https://support.1password.com/one-time-passwords/
> Please be aware that Twilio Authy does not have any affiliation with the companies creating these apps, so be mindful of potential risks and exercise your own judgment when selecting the app.
> Note: The Authy app lacks an export feature, therefore you have to re-enable the 2FA method and re-add the token in your new application with the steps here.