By Dan Moren
November 19, 2015 7:54 AM PT
Authy manages all your two-step codes
Maybe you’re interested in getting started with two-step authentication, having read my post about Amazon from earlier, or maybe you’re just sick and tired of having to deal with all those text messages with six-number authentication codes in them. Either way, what you probably need is an app to manage all those codes. Let me recommend Authy.
I’ve been using Authy for several years now, and it’s the easiest way I’ve found to manage two-step codes for a variety of online services, including Google, Facebook, Amazon, Slack, and more. There are other apps out there—Google Authenticator is kind of the bare-bones industry standard, and 1Password recently added built-in support as well—but Authy is, for the moment, still my favorite. 1
Like those other apps, Authy comes out to play whenever you’re enabling two-step authentication for a site. See a QR code? Authy can scan that code for you and create a corresponding two-step authentication password. Then, whenever you need to log in to that account, you bring up the entry in Authy, and type in the code it displays there.
There are a few particular niceties that make Authy my app of choice. It offers PIN-based security, which is definitely nice, but it also supports Touch ID, which is great, especially with the iPhone 6s’s faster fingerprint sensor. The interface is pretty streamlined, with easy-to-read codes, and a “dock” of the accounts that you need to access the most. There’s also an Apple Watch app, though I rarely find it faster than using my phone, and a desktop version, though it’s a web-based Chrome app which, while functional, I don’t find particularly great.
Most importantly, though, Authy backs up your codes, which is super handy when you get a new phone and need to transfer them over, and allows for syncing between multiple devices, so you can easily set it up on your iPhone and iPad, say, without the need to re-enter all your codes.
Now, that may provoke concern in some folks that a third-party is now involved in storing and sending those account security codes. However, Authy encrypts your data locally on your phone before backing it up to its servers, so it shouldn’t be able to access it, and as the company states on its own site: “We make money from protecting your privacy and security. We don’t sell or otherwise profit from your data.”
That’s not to say there’s no risk at all, but in all of these cases, you have to decide where you’re willing to accept, and where the tradeoff is between convenience and security. For me, the ability to quickly and easily access my codes on multiple devices, and to restore them to a new device without going through the rigmarole of setting them up again is worth the risk. And if it turns out that Authy isn’t the best solution? Well, then I know there are always other options I can switch to.
There are only a handful of services I use that don’t support Authy (or other generic authenticator apps): Twitter, which insists on using SMS; iCloud, which uses Apple’s own homegrown system; and my bank, which uses a different authentication app. That makes the whole process a little more annoying, but that’s a tradeoff I’m willing to make for securing all of those accounts. ↩
[If you appreciate articles like this one, help us continue doing Six Colors (and get some fun benefits) by becoming a Six Colors subscriber.]