Avoid Authy, use another app instead.
I’m usually a big fan of 2FA when it comes to securing my online accounts because it’s a simple and easy method to do just that.
I recently made an account with Gemini for the purpose of receiving BAT rewards on brave browser, since the service I got with Uphold wasn’t good. Before there was integration with Gemini, Uphold was the only option lots of users on the Subreddit r/bravebrowser would agree when I say Uphold is awful.
So when Brave eventually added integrated support for Gemini on the browser and with all the positive things I had heard about them, I decided to join and get verified.
A phone number is mandatory, I provided one which happened to be in use with an old Authy account that doesn’t have an 2FA tokens since moving to another provider. However, Gemini latched itself to the propitiatory software without a warning or an option to change it.
The other options are SMS or YubiKey, SMS is notoriously insecure as messages can be spoofed using a method called smishing which is similar to phishing, but SMS based, not email. Yubikeys are something I’ve looked at but TOTP does the job just as well and 3x as fast.
Authy requires a phone number and email address both can be compromised, I make sure my passwords are unique and secure but not everyone does.
Gemini automatically pairs you phone number with Authy with no way to change it. Not useful if you only use Authy for one account.
Better alternatives to Authy.
- Bitwarden
- OTP Auth
Use a password manager. Most password managers have the option to add the MFA OTOP secret key and the really good once are open source and free.