Losing access to Authy leads to another reckoning with Google’s security model.
- Admiral Patrick ( @ptz@dubvee.org ) English34•2 months ago
Wilden offered some hope for a future in which ROMs could vouch for their non-criminal nature to Google
Oh, that rubs me the wrong way! It’s my godd***ed device, I paid for it with my money, and I’ll run whatever I damn well want on it (which is never vanilla Android because I refuse to allow my devices to be ad platforms).
I shouldn’t have to prove anything to anyone let alone have it treated as a “criminal OS” by default.
Google needs to be broken up and both Chrome and Android divested to 3rd party, non-profit companies (as well as being demoted to a minority on both steering committees).
- jet ( @jet@hackertalks.com ) English11•2 months ago
100% agreed.
My similar comment from the same article not cross posted:
https://hackertalks.com/comment/4516322
@downpunxx@fedia.io it would be awesome if you could use the cross post feature in the future so the discussion doesn’t get divided
- ililiililiililiilili ( @ililiililiililiilili@lemm.ee ) English32•2 months ago
This is a non-issue. Why not use Aegis and backup your own credentials? I wouldn’t trust Authy (or any 2FA app that includes cloud backup).
- m-p{3} ( @mp3@lemmy.ca ) English10•2 months ago
Other decent options:
TOTP is an open standard, no need to stick to Authy.
- 𝕸𝖔𝖘𝖘 ( @01189998819991197253@infosec.pub ) English9•2 months ago
Aegis all the way. Looked at authy and hardpassed after reading the permissions it requires. Your job is to calculate the OTP. You don’t need wifi access if you’re an offline OTP calculator.
- Chozo ( @Chozo@fedia.io ) 3•2 months ago
Authy is not an offline OTP. It syncs your tokens across devices.
- 𝕸𝖔𝖘𝖘 ( @01189998819991197253@infosec.pub ) English4•2 months ago
It can, but it doesn’t have to (or at least it didn’t used to). But if you ever choose to leave, you can’t export anything (or, at least you couldn’t). My statement is using old information, at least a year old, since that’s about when I hardpassed on them.
Edit: correct autocorrect
- PenguinCoder ( @Penguincoder@beehaw.org ) English8•2 months ago
I recommend Aegis as well. Does what it needs without shadiness going on.
- shortwavesurfer ( @shortwavesurfer@lemmy.zip ) English24•2 months ago
There are tons of other two factor authentication apps that can be used that are totally open source and available on the fdroid application store. The first 2 that come to mind are KeepassDX and FreeOTP
- Justin ( @jlh@lemmy.jlh.name ) English8•2 months ago
FreeOTP+ is amazing, originally developed by Red Hat before it was forked.
- limerod ( @limerod@reddthat.com ) English22•2 months ago
Authy is the last thing a security minded person should ever have been using. Counting the not so recent security breach and all.
- AmbiguousProps ( @AmbiguousProps@lemmy.today ) English14•2 months ago
The author is implying that Authy is the only option for some reason. It’s not, this is a non-issue.
- The Cuuuuube ( @Cube6392@beehaw.org ) English4•2 months ago
Conspiracy theory: got paid to write a smear piece about a piece of technology the spies of capitalism doesn’t like
- smeeps ( @smeeps@lemmy.mtate.me.uk ) English11•2 months ago
Authy is trash anyway.
- Possibly linux ( @possiblylinux127@lemmy.zip ) English9•2 months ago
Isn’t Authy proprietary?
- The Cuuuuube ( @Cube6392@beehaw.org ) English8•2 months ago
Um… What fucking paradox? Authy is a know security vulnerability. If you’re installing GrapheneOS before switching away from Authy, you’re putting the condom on after getting fucked
- smeg ( @smeg@feddit.uk ) English5•2 months ago
“We don’t want to punish users of alternative OSes, but there’s really no other option at the moment,” Wilden added before his blunt conclusion. “Play Integrity has absolutely no way to guess whether a given custom OS completely subverts the Android security model.”
Bollocks. GrapheneOS even provides instructions on how to use Android’s hardware attestation API which is supported by every Android device on version 8 or newer.
- smeg ( @smeg@feddit.uk ) English1•2 months ago