Authy review: an awesome app for two-factor authentication
Christine Ottoni • May 17, 2018if( has_post_thumbnail( $post_id ) ): ?>
Set up 2FA quickly and easily with our Authy review
Authy | Android | iOS | is an app that lets you easily set up and store two-factor authentication tokens for multiple accounts like your Google, Facebook, Twitch, Amazon and more. We’ve previously covered 2FA for the Google Authenticator app here on the Ting blog, and in this Authy review, we’ll talk a bit about how it’s different, and why you might pick one over the other.
Two-factor authentication or 2FA
What is two-factor authentication? Well, two-factor authentication or 2FA works like an added layer of protection for your accounts. When you set up 2FA, you’ll be required to log in with your original password as well as a unique code that’s never the same twice.
You might have been prompted to sync your phone to an account like your Gmail in the past and received a two-factor authentication code over text. Authy cuts this process out and works like a vault where you can retrieve your 2FA codes on your phone, tablet or desktop.
What is an Authy token?
If you’ve used 2FA before, you’re probably familiar with those codes sent via text or through an app. An Authy token is just the app’s terminology for this code, the secondary password you enter after you’ve enabled 2FA. With an Authy token, you need three things in order to log in to your account: Your username, your password and your Authy token.
The Authy app
The Authy app facilitates the process of getting 2FA set up. Most online services offer 2FA and once you log into your Facebook, Amazon, Google or whatever, you’ll be able to add 2FA to your login process. Typically, you can Google “how to enable 2FA for” as well as your account you’d like to keep secure and you’ll find a helpful, step-by-step process on how to get started. Authy also provides helpful how-to enable 2FA guides for major accounts.
Services will provide a QR code to be scanned into the app (in this case, Authy) that you’re using to use to store your 2FA codes. From there, Authy will connect to your account and generate unique codes for you to use whenever you need to log in.
Access your codes from multiple devices. You can also encrypt your 2FA data and backup to the cloud and Authy even works offline.
Is Authy secure?
When you’re using Authy, you can easily enable Touch ID, PIN protection and passwords to protect access to all your 2FA tokens in the app. You can enable backups and set a password for decrypting data on your device. Authy never stores your decrypted data in the cloud.
Because Authy is stored in the cloud, you’re never locked out if you lose your phone.
Use Authy across multiple devices
One standout feature of Authy is the ability for users to access their data across devices. Authy encrypts your data and stores that information in a cloud, with decryption always taking place on your device. Your actual tokens are never stored in the cloud. This makes it safe to pull your codes from multiple devices.
Authy vs Google Authenticator
When it comes down to it, both Google Authenticator and Authy offer a secure place to keep all your 2FA tokens. They do have a few differences that might make you lean towards one over the other.
If you’re after a user experience that’s easy on the eyes, Authy has a better look and feel hands down. Google Authenticator is definitely bare bones and more utilitarian in its approach.
Probably the biggest difference between Authy vs Google Authenticator is that Authy works across multiple devices and syncs in the cloud. This means you can grab your tokens on your computer, tablet or phone and if you lose your phone, you’re not locked out. Google Authenticator, on the other hand, is tied to your phone. If you lose your device, you lose your codes.
Take security seriously
We’ve covered a bunch of security topics here on the Ting blog, from how to set up 2FA with Google Authenticator to opting out of Facebook Messenger’s contact uploading feature. It’s important to take your online security seriously. A good place to start is our tip list for catching phishing schemes.