© Towfiqu barbhuiya

Moving away from Authy

One year ago Authys desktop app was shut down. Their mobile app still works, but is literally a dead train. It was about time to move to some alternative - and there are not plenty.

2FA/Mutifactor developed to be a common thing over the last couple of years. Event non-technical persons understand the importance. While hardware keys, such as Yubikey (U2F, Universal Second Factor), are the better option¹, using apps to generate TOTP² are widely used. With this is mind, I thought there must be plenty of alternatives in the market.

While looking around in Reddit, on Google and checking out Privacy Guides³ to collect recommendations, I stumbled upon the ever same repeating lack of features for the 2FA apps out there. Features I expect from the new 2FA app:

• Desktop (macOS, Linux) and mobile app (iOS)
• Sync with multiple devices
• Open source would be a big plus

The last point is funny, as Authy was closed source. I decided to not go this way again, and switch to a more transparent solution. If at this point you might think to develop your own TOTP solution would be possible - it is. There is nicely written article by Hendrik Erz⁴ on how to generate the codes.

While in the research process, I discovered that Authy codes cannot be easily transferred to a different application, meaning there is no export functionality. WTF?! Although I do not have hundreds of accounts, the migration is going to take some time, for all accounts to be manually changed. But it is what it is - there is no way around.

I had a quick look at these apps

• 2FAS
• ente auth

and in the end went for ente auth. It ticks all the above mentioned boxes for me and has very nice UI on top.
2FAS does also have all the features I wanted to see in a Multifactor app, but… they are not listed on Privacy Guides, they launched some crypto token⁵. Both points weren’t trustful, especially not the second one, to go for this app.