Authy supports iOS, Android, and BlackBerry mobile devices, as well as Windows, Mac OS, and Linux.
You need a smartphone to get started with Authy, but once that task is accomplished you can install Authy on other smartphones, tablets, or desktops, and sync data between the devices. You could do the same with Dashlane 3 ($199.00 at AT&T Internet) (Opens in a new window). That means you can protect your LastPass account using Authy, and then go on to use Authy for two-factor authentication of your other secure sites. LastPass 3.0 and LastPass 3.0 Premium ($199.00 at AT&T Internet) (Opens in a new window) both support Google Authenticator.
Use a strong passcode, or biometric authentication, and turn on Authy's PIN protection (iPhone users can upgrade to Touch ID authentication). As with the strictly device-based security used by oneID, you need to secure your device thoroughly. Of course, if a hacker with pocket-picking skills manages to obtain both your password and your authentication smartphone, you could be in trouble.
It works much the same on Android and iOS, though I observed that the iOS edition displays a circular progress bar with a label counting down seconds while the Android edition just uses a simple progress bar. Tapping one brings up the current authentication code for that site, along with a countdown timer that shows how much of the code's 30-second lifetime remains. Your registered sites appear across the bottom of the app's window. Over 10,000 other websites and applications, large and small, use Authy directly for authentication, with no connection to Google Authenticator. Digging into the app, I found that it directly supports at least two dozen popular sites, among them Gmail, Facebook, Outlook, Lastpass, Evernote, and WordPress. Snap the QR code with Authy and bam! You've got two-factor authentication. At that point, the site displays a QR code. However, for most sites you'll follow the prompts until you get a chance to select Google Authenticator.
The exact technique for setting up two-factor authentication varies from site to site. Getting started on my Apple iPhone 6 ($199.00 at AT&T Internet) (Opens in a new window) took almost no time.
You install the Authy app on the phone, give it your phone number, and either click a verification link or enter a verification code. Setting up Authy to use your smartphone as a token is simple. Why would you switch to Authy? There are quite a few reasons I'll go into detail later. Since 1982, PCMag has tested and rated thousands of products to help you make better buying decisions. ( Read our editorial mission (Opens in a new window) & see how we test everything we review (Opens in a new window).)Īuthy and Google Authenticator both build on TOTP, and in fact you can use Authy on any site that supports Google Authenticator. A malefactor who somehow plucks that one-time password out of the ether will find it useless within 30 seconds. You log in using your regular password, then enter the current one-time password from your device, and you're in.
By convention, each TOTP is good for 30 seconds. Both the device and the server can generate a time-based one-time password by processing that key along with the current time. When the user registers a TOTP-supporting device with a secure website, a unique shared key is created. In 2011, the Internet Engineering Task Force released a standard for Time-based One-Time Passwords (TOTP) (Opens in a new window). A hacker who steals or guesses your password will be foiled by the authentication step that requires that token. Authy turns your smartphone into a physical token that's needed for login, along with the password. A password manager lets you use tough-to-remember passwords, but in a data breach it doesn't matter if your password was "* " or "password." You can vastly enhance your security by using a two-factor authentication scheme, and Twilio's Authy makes two-factor authentication easier than ever.Įxperts divide authentication factors into three types: something you know (a password, for example), something you have (a physical object), and something you are (a fingerprint or other biometric trait).