Their code is not open-source, which means no one can verify that they are handling the data securely.
They use SMS to authenticate users/devices. Not everyone has a phone number and a phone number is personal. A solution to this while not changing much, is to switch to passwordless authentication with email.
I do enjoy the idea behind Authy. It is really nice that people are really trying to promote security.
On a note, you could make email based authentication very secure with PGP. Only people who are crypto geeks would do it this way.
But overall, I think Authy could be going down a slightly better path. But either way, I think it's better having Authy than no multiple factors of authentication.
I would not trust Authy to handle my OTPs.
Their code is not open-source, which means no one can verify that they are handling the data securely.
They use SMS to authenticate users/devices. Not everyone has a phone number and a phone number is personal. A solution to this while not changing much, is to switch to passwordless authentication with email.
I do enjoy the idea behind Authy. It is really nice that people are really trying to promote security.
On a note, you could make email based authentication very secure with PGP. Only people who are crypto geeks would do it this way.
But overall, I think Authy could be going down a slightly better path. But either way, I think it's better having Authy than no multiple factors of authentication.
Oh my god, I have no idea what happened to my comment. I fixed it though. I swear that wasn't there when I posted it.