When the Heartbleed security exploit came to light last year, I realised just how terrible my password management was.
- I frequently used the same passwords,
- kept many for a long period of time,
- they were often easily to break
- and I was only using single factor authentication.
All these factors combined meant that if anyone had got hold of one of my passwords from this security break (or one of the other recent security issues) then I was in big trouble. I set about changing my security measures and Authy was one of the key apps for that.
Before I get into the app review, I just want you to think about the important data and security issues for your church, ministry and family life. Imagine if someone hacked into your bank account, cloud storage system or church database. This is something that we should be aware of especially if we are stewarding other peoples information.
What is Authy
Authy is a third party application that enables two factor authentication across a range of different services. It supports many different operating systems and many different services.
Just to clarify, most people are familiar with “one factor” authentication. That is where to prove you are who you say you are, you need one piece of data. Usually a password. So your username says who you are, the password proves it. 1 factor.
Two factor authentication adds a second set of data to prove who you are. This could be an additional password, secret question or other set piece of data, but more commonly it is a onetime password. A special password that can only be used once for added security. That is where Authy comes in.
Authy can generate these special one time passwords and store them on your device (behind a password or touch id lock). The real power of Authy is that this can also be backed up and you can keep multiple passwords in one app rather than having a variety of different apps for different services.
The Good
Obviously, Authy is a great tool in that it provides an extra layer of security over traditional single factor authentication. It’s not unbreakable, it may be possible to work out what the security generating code is and so generate one time passwords, but it is much harder to break.
Authy can also sync between devices, so if you are tired of having to grab your phone and type out your code every time, Authy can show you the same passwords on your desktop which you can simply copy and paste.
Authy also has a back up option, so if your device dies, you can regain all your two factor passwords rather than being blocked out of your account forever.
The Bad
But Authy isn’t perfect, it still has issues that you should be aware of.
Although having remote backups is very handy and helps you in case your device breaks or you want to use multiple devices, it also means that you have an increased security risk of the backup being broken into. Now in Authy’s defense, they claim to use top encryption and security akin to banks and the NSA. Still, this is another point of potential failure in security. Luckily, you don’t have to backup or use multiple devices. You can stick to just the one device and so not have that security issue.
Also, as I pointed out before, these one time passwords can be broken, especially if they use TOTP. So this could provide a false sense of security that doesn’t actually exist. As such, you’ll still need your hard to break passwords as well.
Alternatives
Wrapping Up
Authy is a well designed and beautiful app that runs on many different operating systems to suit a wide user base. It provides a valuable service of increasing your security, and while it isn’t perfect, it is an improvement over not using two factor authentication.
— Design Four stars
— Features Four stars
— Performance Five Stars
— Value for Money Five stars
Authy supports Chrome, iOS, Android and Blackberry OS.
Eric Dye says
VERY interesting…