Authy authenticator apps for desktop are being discontinued in March 2024
Twilio has announced that it is discontinuing its Authy desktop apps in March August 2024. The change will affect the Authy apps for Windows, Linux and macOS.
Update: Twilio had previously announced that the Authy desktop apps will reach their end of life (EOL) on August 19th, 2024. However, the company has now sent out emails to notify users that it has moved the date up to March 19, 2024. The email which I received does not mention why the date was moved. The apps will stop functioning from the said date, i.e. you will not be able to access or migrate the tokens using the desktop applications. The email also advises users to use the Authy app for iOS or Android to manage the 2FA tokens.
Unlike most two-factor authenticator apps, Authy supports multi-device synchronization. The company says that the 2FA tokens for your accounts are stored in the cloud securely, locked behind your phone number and the password you chose to encrypt the data. Authy for desktop debuted in 2014, and allowed users to log in to services quickly by providing TOTP (Time-based one-time password) directly on PCs, so you could just paste them on to the login page in your browser, instead of typing them manually.
(Image via Authy)
Authy desktop app will reach end of life in March August 2024
Sadly, users won't be able to use this feature when the program is discontinued in August March 2024. However, Mac users with an Apple Silicon processor (M1/M2/M3) will still be able to download the Authy iOS app from the App Store.
The download page for the Authy desktop apps does not have a warning about the end of life. The article that mentions the news on Authy's support website does not carry a date, so it is unclear when the news was announced. I could not find a press release or any social media post about it either. As a matter of fact, the support website itself is scheduled for an end of life. It will be discontinued on January 15, 2024. Users will be able to access Authy Support content on the parent company's portal.
I don't understand why app developers make important announcements publicly. Why the secrecy? The same thing happened with Raivo OTP which was acquired by a company, and the news flew under the radar. I came across the news about the Authy desktop apps randomly while browsing the Bitwarden subreddit. That's why I'm writing this article, to tell you that the Authy desktop apps are being discontinued.
Authy used to be great, but I can't really recommend it after its parent company, Twilio, was breached last year.
Switching from Authy to other authenticator apps
Now, if you want to export tokens from Authy and switch to a different authenticator app, it's going to be a little difficult as Authy does not have an export option. That's because the company believes allowing access to 2FA account tokens is a security risk. That said, there is a workaround, but it requires using the Authy desktop app. Fortunately, you have plenty of time to use the app and export your data from it.
You can follow this guide on GitHub, to use Authy desktop app version 2.2.3 to export the tokens. The download links and the steps are well explained. It might seem like a rather complicated process, but if you take it one step at a time, it's actually quite easy to follow. I had used a similar method a few years ago, when I had to export the 2FA tokens, and used it to move to Aegis.
For those looking to move away from Authy to a different app, there are plenty of good alternatives. Google Authenticator or Microsoft Authenticator are the obvious ones, but I would suggest looking at more privacy-friendly options.
I recommend Aegis for Android, it's perhaps the best authenticator app out there. ente authenticator (Android, iOS) and 2FAS (Android, iOS) are quite good too, they are cross-platform apps, so you can use them on Android smartphone or iPhone. All three apps are free, and open source. They have options to import and export the data from other apps using a JSON file, so you can switch from Authy (or other apps) quite effortlessly.
As for an actual alternative for Authy's desktop app, 2FAS has a browser extension that acts as a companion to the mobile app, allowing you to input TOTP codes quite effortlessly. You could also use KeePassXC for TOTP codes, but the app saves it inside the password database.
Proton Pass, which also supports OTP, has just released a Windows client, in addition to their Android, iOS, Web app, Chrome extension, and Firefox extension. https://proton.me/blog/proton-pass-windows-app
So problem solved! Here’s what I did (needs to be done before March 19):
1. Follow the procedure (as per the article above) to export from Authy to a Bitwarden Advanced json file: https://gist.github.com/gboudreau/94bb0c11a6209c82418d01a59d958c93
2. Make a Proton account.
3. Download and install Proton Pass for Windows: https://proton.me/pass/download
4. Open up Proton Pass.
4. Drag and drop the JSON file and it’ll import all your OTPs.
Can we work around this by installing Authy on an Android Emulator or Win 11 Amazon appstore?
Can we install authy on an emulator? Is it available on Win11 Amazon appstore?
Twilio just announced that the desupport will now happen on March 19.
Looks like Authy silently accelerated the end of life schedule, moving it from Aug to Mar 19. Would have been nice to get an email from them…
I discovered the change when the desktop app forced a software update. The new version has a popup message showing the new date.
Related info here:
https://help.twilio.com/articles/19753631228315-Authy-for-Desktop-End-of-Life-EOL
https://help.twilio.com/articles/22771146070299
I was looking for options and found that Bitwarden offers 2FA, and it syncs between devices. (There’s an app for Android and an app for Firefox which is what I use, on Win and Linux.) Bitwarden is free but it seems you’d have to pay 10 USD/year for access to the TOTP generator – which is fair but I’ll keep looking for a free (gratis) option for now.
OK, can’t believe I missed it but as of last summer (2023), Google Authenticator automatically syncs to one’s Google account. That eliminates the chaos of losing the phone: Get a new one, install Google Authenticator and you’re good to go – I hope.
The risk of losing access to all my accounts was my reason for migrating to another TOTP service a few years ago, but if it’s fixed I may just migrate back to Google. There’s still no desktop support, though.
Cheers.
For desktop use I would suggest using the following authenticator:
https://winauth.github.io/winauth/download.html
Last update in 2016. And Windows only.
I also worry about losing my phone and not being able to access the 2fa tokens. I guess that is why they have recovery keys as a back up solution but nevertheless the problem is stil the same. On a side note, thank you to ghacks.net for providing this type of coverage.
Can’t believe Twilio is pulling the plug. I’ve used the computer version daily for years! Their computer support is one of the features that set them apart from others! I love it because I don’t always have my phone with me! Authy is easy to use. I guess Apple silicon users will have a work around as it can run iOS apps, but Windows 10 users are out of luck, and Windows 11 users will not be able to run the Android app without some tinkering as the Authy app is not on the Amazon App Store!
Is there another WINDOWS authenticator? Plenty of Android and IOS but Authy was the only Windows one that I am aware of.
I’m going thru 10 apps and changing to Google. What a PIA! Thanks for the heads up.
On Authy’s website, it says their app is better then Google Authenticator.
I have the app installed both on my Windows PCs and Android phone
There is no desktop app for Microsoft Authenticator
The main use case for 2FA is not device compromise, but website database compromise. I.E. an attacker gains access to the website backend, dumps all the usernames and passwords and converts the hashed passwords back into plain text. And even if they wanted to cover device compromise as well, they don’t prevent logging in and using 2FA – including SMS – from the same phone.
Therefore, it was always ridiculous that authenticator apps were not available on desktop, which would still prevent the above attack. Even Microsoft didn’t make a Windows/desktop version of their authenticator app.
For this reason, I’ve never used authenticator apps other than experimenting with them. To be honest, I find any 2FA that mandates using a phone a poor solution and while I agree with the benefits of 2FA, I only use it on a very small number of important accounts – as 2FA is too much of a PITA.
Multi-device FIDO credentials (passkeys) is perhaps the only viable future solution, but even that has become too much of a PITA and is not the seemless multi-device version of FIDO2 that was insinuated (unless you’re solely in a single ecosystem and never plan on leaving that ecosystem).
Don’t mention “alternatives” that don’t run on Windows and Android both. Delete them from the article.
When you use Authenticators that only work on the phone, what happens if you lose the phone? The good thing about Authy is that even if my phone was lost or out of battery, I could still have access to everything…
You can export a backup of your tokens, and store them securely on your computer, or a cloud storage service.
The whole point of using the Authy app is that it offers seemless integration of a single MFA solution across all device types via its SYNC and backup features – which made Authy brilliant for its ease of use.
I have 3 phones, 3 Windows devices, a Macbook, and a Linux system. I am not an atypical IT professional. Plus lots of consumers have multiple devices – phone, desktop, laptop, and tablet is normative in this era.
I don’t want to have to reach for my phone every single time I need to use 2FA. It is a real pain when you have 2FA enabled on 40+ accounts as I do, and I use all of them regularly. A phone-only MFA app means constantly having to switch to my phone.
Users have been complaining about this for over a decade at this point and Authy was the only one that listened to them.
The author only says we can export the tokens and save them in case we lose our phone. I’ve been in this exact situation and even with the backup it is a really huge nuisance, and in some cases it does not work.
The author does not provide any real solution that works the same as Authy which supports multiple device token SYNC. This is the key thing that is of utmost importance when a user has many accounts with MFA enabled.
I have read on security forums that exporting tokens from Authy is an iffy process that works for some and does not work for others. So its unreliable at best based upon a lot of user feedback.
I can already tell that I am going to have to disable MFA and re-enable it on all 40+ accounts because there is no way to export and import tokens from Authy to ANY app that is going to offer the same cross device SYNC.