Twilio Authy desktop replacement? #108159
-
Select Topic AreaQuestion BodyAbout a year ago I started using Twilio Authy desktop 2FA on my laptop (Windows 10) to secure access to GitHub. Today, Twilio announced that they are dropping the desktop capability in a month (way to give lead time, guys!) and supporting only mobile. I don't have cell service where I live out in the woods and can't switch to their mobile app. So, I need to switch 2FA ASAP.
Don't tell me to "join the 21st century and get cell service" -- not physically possible! No, I'm not Amish or a Luddite. Don't tell me to ditch Windoze and use Linux instead -- Linux is great, and I love it, but a very small market compared to Win, and for other reasons I need to be on Win anyway. Thanks! |
Beta Was this translation helpful? Give feedback.
Replies: 7 comments 5 replies
-
So far, I'm not seeing any super awesome options on linux desktop apart from "Bitwarden TOTP" (which I haven't tried); OR, modifying authenticator.cc to use remote storage for TOTP coefficients. At least authenticator.cc is open-source, so easily reviewed for security. |
Beta Was this translation helpful? Give feedback.
-
Well, here's the thing, some authenticator (TOTP) apps work offline! So if your concern is that you won't have a good cell service connection, it's still viable to install authenticator apps on your mobile devices. My personal mobile choice is Google Authenticator. If for any reason you would prefer a desktop solution, though, password managers are a good choice. KeePassXC (free), 1Password, and Bitwarden all have TOTP integration features. There are also other options in the form of desktop apps and even browser extensions. Another option is to set up a passkey, which is a one-step login flow that fulfills two factors (therefore, it skips TOTP authentication), where your computer is quite literally a key to your account. Your computer may or may not support the technology, though, and you'll probably have to set a Windows Hello PIN to use it. However, you can also store passkeys on mobile devices. |
Beta Was this translation helpful? Give feedback.
-
OK, I have been fighting for over three solid days now to get this damned thing to work. I ended up installing "2fast" b/c it works from the desktop, and it appears have installed OK. I can log into it and click on GitHub, and it generates a 6 digit code. It's a different code than Twilio Authy generates, if that means anything. However, if I use 2fast's code for the 2FA in GitHub sign-in, it tells me "2FA has failed". How do I tell GitHub to stop using the Twilio-generated key and use 2fast's instead? It only says in Settings that I'm using TOTP application, and doesn't say which one or that more than one is available. I don't have enough hair left to keep tearing it out -- what do I do now? Twilio ends some time tomorrow! |
Beta Was this translation helpful? Give feedback.
-
If you're having some trouble, I'd at least recommend setting up a passkey or having recovery mechanisms (like recovery codes) ready in case you lose access to your authenticator app, while you figure out a more permanent solution. |
Beta Was this translation helpful? Give feedback.
-
That's more or less what I ended up doing (switching to SecureKey). I think it's working properly (was able to sign on with it). I'm not sure if I missed a step or something on 2fast -- all the instructions are so oriented towards phone use, and desktop is always an afterthought (you too, GitHub!). Thanks everyone for the suggestions and help. I don't know why 2FA has to be so bloody complicated and difficult for someone who can't use a phone for it (no cell service out here in the boonies). Recently I had to process some financial estate documents, and the firm insisted that I had to sign digitally via a smartphone app. They looked at me with pity as some sort of Amish or Luddite when I told them I couldn't... I must have tried at least a half-dozen 2FA desktop apps before finding SecureKey. Fingers crossed that it keeps working (and doesn't suddenly get withdrawn, as Twilio did with Authy). I just love several apps that promised, "Yes, we support Windows desktop," and the first thing they ask when you try to download is, "Do you want the Android or iOS version?" Sigh. Or even, "Sorry, desktop version not yet available," (despite claiming yes, it's available). This is more complicated than it needs to be. I wish that GitHub didn't require 2FA for open source (public) projects, but I guess it's easier to have everything under one roof to protect private repositories. |
Beta Was this translation helpful? Give feedback.
-
Check out OneAuth from Zoho! Long time user of OneAuth! It’s available on Windows, macOS, Android, iOS and also supports watchOS and WearOS! I have been using it on my iPhone, Apple Watch and MacBook Pro! Works like a charm and it’s feature rich! E2E Encrypted with your own passphrase having Zero-Knowledge Architecture and syncs well with all my devices! For more details: refer their website: https://zurl.to/9a2N Their recent blog regarding Authy EOL: https://www.zoho.com/blog/accounts/authy-alternative-zoho-oneauth-app.html And found this related page for Authy alternative as well: https://www.zoho.com/accounts/oneauth/authy-alternative.html |
Beta Was this translation helpful? Give feedback.
You should be going into the GitHub "settings", and then "Password and authentication". Then scroll down to Two-factor Authentication. Find the row labelled "Authenticator App" in the Two-factor Methods section. On the right-side, click on the 3 dots and select Edit. It will then open to a bigger section and present you with a QR code. You should configure your "2fast" app with this QR code. Then enter a token from the "2fast" app under the QR code and click Save.
Alternatively, you can disable the Authenticator app, then just re-add a new one.
Note: this will configure a new TOTP which will not match whatever you previously had and will generate different codes.
Hopefully you have previo…