They already answered on these comments with regards to their already functioning revenue model. Banks pay them for securing their sites. They're a YC startup. You're on HN and you're afraid of trying out new technologies because they're offered by new startups?

No. I'm not afraid at all. Indeed I have accounts with most of the projects that are being shown off here. Some paid, some just trials. Some I still use, some I don't. However, I'm very cautious with entrusting my phone number or authentication related applications to a startup.

That's all I said. I'm not saying nobody should trust them. I'm not saying they aren't trustworthy in general.

I just said that I don't trust them with my phone number (or gmail HOTP secret for that matter).

Especially in matters of authentication services that require more private information than what's strictly needed leave a bad taste in my mouth.

Maybe its just me, but I never pick up numbers I don't have in my phone book. I just let them leave a voice mail or assume its not important.

Never quite understood the HN fetishism about keeping emails and phone numbers private. I hand them out like candy and haven't felt a price for it.

Cellphone numbers can very easily be abused to steal money (premium SMS), to steal my identity, to spam me in the middle of the night, to pull me out of the "zone" by calling me/messaging me during work hours, to track my location while roaming and probably a lot more stuff that's not currently apparent to me.

Also, my phone number is known to some identity providers I trust. If they sent me an SMS asking me to click a link, I might be inclined to follow that link. This is quite right despite the sender being very easily spoofable because nobody but these identity providers know my phone number.

No. I'd rather be very careful with that number.

It is ridiculous to think that your number is private and even moreso to think that someone can steal money with just your cellphone number.

Of course you could be phished or tricked by SMS but to expect your number to be private is to expect everyone ever who you give the number to go to extreme to keep it private as well.

If you ever gave your number to someone who downloaded an app which has permission to contacts your number is no longer private (Facebook has taken big advantage of this, I'm sure there are less than reliable apps that took bigger advantage).

I think it's not so much "stealing money" as it is "I get charged per SMS and those bastards just texted me a dozen times and cost me three bucks."

Do any services charge for receiving SMSs?

I get charged 15 cents for incoming SMSs. I'm with Telus in Canada.

Holy cow, that's crazy. I guess they're really trying to encourage you to sign up for $6/month messaging plan that includes unlimited receiving.

It's actually fairly easy in some cases. If the user is with Virgin mobile, their 6 digit password can be bruteforced in a couple of minutes, and then every text and call they've ever made is public. I've made a fuss to them about this quite a few times, but they've never done anything to fix it.

This is a fair point - not the flakiness or otherwise of Authy, but giving out a phone number. I hand it out like confetti, it being, well a phone number. But now it is the key to my google account.

It's not hard to pluck SMS out of the air and sooner rather than later that's going to be a new attack.

Great one more thing to worry about.

This doesn't seem to be a lack of a revenue model to me: https://www.authy.com/developer/pricing

Only one of your reasons has to do wih your inability to see a revenue stream.