authy - device does not meet integrity requirement

locked

You don't have an android device that you can install Authy on to restore your account? Then individually log into each one of those accounts, and reset 2FA this time importing into Aegis. I left 'these people' (Authy) probably 5 years ago. They are as competent as a box of rocks AFAIC.

horde

https://arstechnica.com/gadgets/2024/07/loss-of-popular-2fa-tool-puts-security-minded-grapheneos-in-a-paradox/

Just use https://getaegis.app/ it is more secure https://discuss.privacyguides.net/t/security-and-privacy-failures-in-popular-2fa-apps/18220 than any authenticators out there.

Using Authy adds more attack vector to GrapheneOS users https://www.androidauthority.com/authy-2fa-api-hack-3457429/

matchboxbananasynergy

horde It's missing the point of the article, though. It's not about Authy, though I imagine some people are forced to use it by their work environment etc.

The larger issue here is apps doing this in general, not any one app in particular. Play Integrity itself needs to change or be regulated out of existence.

studog

matchboxbananasynergy

You should absolutely get in contact with them and complain.

I just did this, and was forced to register a Twilio account before being allowed to contact Twilio/Authy Support.

I've abandoned Authy for Aegis.

studog

Oggyo

I used my old rooted phone where I installed both apps.

I don't have an old rooted phone. I just went account by account, remove old TOTP, add new TOTP in Aegis. Took some time but I'll never have to do it again as Aegis has proper import/export functionality.

[deleted]

matchboxbananasynergy Is the GrapheneOS team optimistic about the future regarding Play Integrity?

Murcielago

[deleted]

You may find this post on Mastodon helpful:

https://grapheneos.social/@GrapheneOS/112878070618462132

By the way, there is also a discussion that is about the topic you asked about:

https://discuss.grapheneos.org/d/14585-action-against-google

[deleted]

Murcielago Thank you bro!

csrcsr

I have another potential work around that worked for me. I setup Authy in an Android Emulator called Genymotion. It is naturally rooted (I had already installed Authy a while back, so I don't know if it can be installed now - but I will check on that when I am ready to delete Authy, and try to reinstall it). Within the emulator, I installed Aegis and imported the Authy codes. From there I exported to any app of choice like Ente, or keep with Aegis. However once on Ente, it can sync to your other devices right from the emulator.

The emulator is good to have on your PC as another way to access the synced codes without needing your phone (since many of these apps are only mobile apps and not web based or work on PCs).

cr7

csrcsr But how did u get the Authy codes to import them to Aegis? I only had Authy on desktop version

angela

de0u

"I suspect Authy (which recently experienced a breach)..."

🤣🤣🤣🤣🤣🤣

treenutz68

cr7

Here are some options:
https://help.ente.io/auth/migration-guides/authy/

However, I'd suggest the best way to do it (albeit a little time consuming) is to log into each service, turn off 2fa, and turn it back on using Aegis (or another 2fa solution).

csrcsr

cr7
I installed the android version of authy within the emulator.

fid02

I agree with treenutz68 on this one. Migrating MFA codes by signing in to each service in turn is annoying, but likely the safest way (and, ignoring the security aspect for a second, might also take less time than acquiring another device and rooting it?). I migrated manually, it was a slight pain but at least I only had to do it once.

hyrieus

I have always made a copies of the QR codes and kept them with the backup codes everytime I signed up for 2FA, I keep these in an encrypted vault. When ever I wish to switch auth apps or reinstall I just reuse the original QR codes and I am back up and running, its an easy way to install on several devices and the codes generated are an exact match as its the exact same "shared secret". I adopted this strategy long ago thanks to Leo Laporte. I keep these up to date when I change anything.....a good backup strategy is everything.

Oggyo

hyrieus
Aegis can generate QR codes based on the secrets. It's a similar strategy you described - ensure you have a secure copy of its exports/backups. It works very reliably for me.

rjrizzuto

I'm looking for a replacement to Authy. I want like Authy that works on both Android and IOS, and has cross-platform cloud sync. These don't fit the bill:

Aegis - not available on IOS
Bitwarden Authenticator - available on both Android and IOS, BUT cloud sync currently uses the OS cloud sync, so no syncing between the two environments

It looks like Ente is multi-platform, and has OS-agnostic cloud sync. I'll work on migrating my 19 TOTP codes over to it, assuming it works on GrapheneOS.

matchboxbananasynergy

rjrizzuto Ente Auth will work fine on GrapheneOS.

rjrizzuto

matchboxbananasynergy

Thanks, I'm in the process of migrating. I have verified that the cloud sync works between my grapheneos phone and my stock android tablet. I used to have an iPhone, but do not at the moment, but I feel pretty certain that will work fine.

This is my third attempt to migrate to grapheneos. Third time seems to be a charm - so far I have not hit any insurmountable issues.

« Previous Page