I completely agree with this, but I would prefer if there was a mechanism to keep offline backups. Currently if I lose my phone I am frozen out of my accounts. 1-time codes do exist but they have issues - either they're very easily accessible in the form of a printed paper or they're very difficult to access like an encrypted backup in the cloud.
I don't have a good solution to this problem - I am mugged while traveling and I lose my phone and wallet. If anyone could share how they tackle this problem I'd be grateful.
What is 2FA? It's 'something you have'. It's not 'one single thing on one device only'. It's just 'something you have'.
'Something you have' relies on physical security, so if you have the same physical security for both your laptop and phone, there's no reduction by having a 2FA token on each device.
From reading the Authy docs, it sounds like all your Authy data is encrypted before leaving the device, so if the encryption works, it should be pretty secure. You can also turn off the multi-device support and backup, if you don't want those features. But tome, the risk of losing my single device and being locked out of my accounts is too high without it. I just wish Authy was open source so it could get more security review.
I'm also very interested in whether Authy will be usable on Linux after Chrome Apps go away, or what viable replacements exist.
I experimented with migrating from Chrome to Firefox 57 when that launched. It's a very capable browser and I could easily use it as my main browser, but Authy was the main thing which stopped me dropping Chrome for work use. There were other things (like Netflix Chromecast support) which were stumbling blocks for home use, but I can always keep Chrome around for those.
I would avoid Authy's desktop app. It's a 144MB app (due to Electron) to show OTP keys. Kind of ridiculous...
For standard OTP, I use 1Password. It integrates well, syncs with my devices, and is still locked behind a secured central password (or fingerprint, in the case of my mobile device). It's secure enough for my needs while still being performant and encouraging of good habits, such as randomized, unique passwords.
Do you have a smartphone? I have the Authy app for iOS, and while the interface for switching between sites to get tokens for is odd, it works fine otherwise. (I didn't even know there was a "desktop" version of Authy, but now that I do, I'm not going to bother installing it.)
Anyone have any suggestions for a replacement for Authy?
It's a 2FA Chrome App that syncs your 2FA tokens across devices.
They have a 'desktop app' now available for Mac and Windows, but of course nothing for Linux (surprise surprise).
So any equivalent that will work cross platform and sync too?