But wouldn’t it defeat the purpose of 2FA if your codes are within the same place as your passwords.
If a hacker gains access to your password manager they have access to all your accounts.
At least with a separate 2FA you have more protection.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Authy Is Sunsetting Its Desktop Authenticator Apps on March 19, 2024
- Thread starter MacRumors
- Start date
- Sort by reaction score
If a hacker gains access to your password manager they have access to all your accounts.
At least with a separate 2FA you have more protection.
You can use it with anything that works with 3rd party authenticators, ala Authy, google authenticator, etc.
Not cross platform… you do realize there are more platforms than just Apple, right?
I also see way too many people locked out of their Apple ID on Reddit. You’re locked out of your Apple ID, you’re locked out of your passwords and MFA.
You know Ravio sold to some shady company and isn't open source anymore right?
This definitely works, and was pretty straightforward to do. Even generating QR codes works, as an added bonus.
The Authy iPad app is still available via Apple Silicon.
It turns out I was using this app and didn't even realize it.
It turns out I was using this app and didn't even realize it.
I'm struggling to find information about this. Can you provide any documentation about how to set this up?
Because Apple's versions have been playing catch-up feature-wise forever. What you think are great new additions to Apple's versions have been available in third-party apps for many years.
It wasn't that long ago you couldn't even view the Keychain's secure notes on iOS and iPadOS.
YIKES. I had no idea. F me.
Time to go find another standalone authenticator that isn't Google ...
Just got into the passwords section of the phone/mac, and, to add 2FA, click/tap "set up verification code" under the account options section. From there it will prompt you to scan a QR code or enter the code provided by the place you're adding 2FA.
A nice side perk is that whenever you're logging into said service later, it'll autofill the 2FA after authenticating you through TouchID/FaceID.
Thanks, however unless I'm misunderstanding then this isn't going to do what I want. "Account Options" only appears once you go into a specific website. I'm hoping to replace Microsoft Authenticator, which I need to use when I open apps like Teams or Remote Desktop (i.e. not websites). Is the Apple one not going to do the trick here?
Very true but I'll argue that 2FA always has a backdoor no one talks about and that is human engineering. How often do people lose phones, have to reset their phones, and lose authenticator tokens? Google Authenticator used to not have any backups for years and years. People had to constantly email customer support and request 2FA resets.
The fastest way for anyone into your account is to simply reset all your 2FA credentials once they have your password. And really once someone gets into your email, your strong 50 character password, 2FA, YubiKey, etc all goes out the window. Resetting passwords / emailing support is the easiest way in for a lot of hacks.
So yes it's better to have 2FA separate, but it's not a huge barrier.
I wasn’t even aware there was a desktop app for Authy and that’s probably a big reason they’re sunsetting that app. Most people didn’t know it existed or cared because we’ve become so mobile centric with our computing needs. A lot of young people rely solely on their mobile devices. I expect more desktop apps to be sunsetted as companies find ways of reducing costs which means taking a hard look at the number of people using the desktop app versus the mobile app. If less than 15 percent of your users are using the desktop app, is it still worth the extra expense to maintain a desktop app? I don’t know what the percentage is with the desktop version of the Authy app, but I wager it’s really small. I’ve used the iPhone version of the Authy app for several years and I’ve been happy with it. It gets the job done.
Good thing FileMaker Pro and Access weren’t written by software developers! 🤔
Because using Apple software on a pc is a less than desirable experience. I use LastPass as a password manager to use my passwords on Apple devices and work computer. If you have all Apple devices, keychain is all you need. iCloud on PC is clunky
I’ve found that every app that suggests Authy or Google Authenticator also works with the iCloud Keychain authenticator.
If you’re talking about the notes in macOS Keychain I’m not aware this was possible.
Or are you talking about the password protected notes in the Notes app? Or the encrypted notes section at the bottom of each iCloud Keychain password card?
Thanks to being prompted by this thread (and I wasn't aware that Authy had a desktop version either) I finally went through my Authy accounts and either deleted them completely or switched to 1Password for 2FA. Not as hard as I thought, and I like the workflow for signing in with 2FA using the 1Password app on my phone - as easy as Authy, if not somehow better.
There's a Windows app for iCloud that integrates keychain into Edge. It's what I use when I'm on Windows.
As krakenrelease says it's not a perfect UX but it works fine. The only inconvenience is I have to type a PIN in to unlock it most times I go to use it (probably because I don't use it often). The PIN shows up in the bottom right of the screen so it's very easy to type in, it just feels weird copying a number from one part of the screen to another - makes you think "why isn't this just done automatically behind the scenes?". Probably some technical security reason.
So yeah, it's slightly clunky, but entirely usable. I wouldn't use it if I was mostly Windows based, but that goes without saying really doesn't it - why would you use the Apple solution if you weren't predominantly Apple-based. For the odd times I need it on Windows it's fine.
A hacker would need access to both your iCloud password, and one of your authenticated devices. You're outside the realms of what an ordinary person has to worry about there - that's a hardcore, targeted attack with physical intrusion. If you're at risk of that then you need some serious security, not consumer grade stuff.
The Windows App requires Windows Hello. Windows Hello requires that you are physically on the device and auto disables over RDP. So you can dislike what I said but it's true. Apple isn't the only company that has created this problem Bitwarden similarly has this issue.
I do 90% of my browsing over RDP to a locked down machine. iCloud passwords will let me use passwords but if I need to make any changes, I have to do it from my iPhone and hope it syncs up in a timely fashion or manually type out a twenty plus character password. If I am setting up a new account, I usually end up having to stop, set it up from my phone, then let it sync to Windows.
My Virtual Desktop is two factor with a large password. Apple and others have decided instead of allowing users to protect their own stuff, they rely on Hello to determine security which means I can't use their solutions.
Last edited:
And for Android and Linux? I also use Firefox on all of my computers and devices.
Because I need to disconnect my work password/MFAs from my personal ones.
I do not want personal credentials to leak to work equipment and similarly do not want corporate credentials on my personal devices.
In the enterprise, besides, it's not guaranteed everyone I will need to share passwords with will have an Apple account, or indeed that they will want that Apple account to be associated with work equipment.
I don't think that's the point of 2FA. 2FA was to help save you from the company's password database getting compromised somehow (via social engineering or otherwise). The person trying to break into your account via the website doesn't have your computer/phone or access to your OTP generator.
Now, keeping your passwords and associated OTPs in the same vault (locked with the same password) is higher risk. That I will agree with. Some services let you use multiple vaults for different things. I personally use 2 completely different services - one for passwords and one for OTP... but having them on the phone vs the computer makes no difference.
If anything, storing them on my computers only would probably be safer. I use a long password and almost never use my computer in public places. By default something like 1password unlocks with face id, so somebody could steal your phone and then coerce you into unlocking your vault by holding it in front of your face.
Of course the chances of that are quite low. lol.