CRW

Home Wiki

Authy

View on consumerrights.wiki ↗

Work in progress
This article has been flagged for additional work. Treat its claims as provisional.
Stub
This article is a stub. The wiki community is still building it out.
Verification concerns
Editors have raised concerns about the verifiability of one or more claims.
Contents8
  1. Consumer impact summary
  2. User Freedom
  3. User Privacy
  4. Incidents
  5. Data breach (July 2024)
  6. Removing Desktop App (August 2024)
  7. See also
  8. References

Article Status Notice: This Article is a stub

This article is underdeveloped, and needs additional work to meet the wiki's Content Guidelines and be in line with our Mission Statement for comprehensive coverage of consumer protection issues. Learn more ▼

Issues may include:

  • This article needs to be expanded to provide meaningful information
  • This article requires additional verifiable evidence to demonstrate systemic impact
  • More documentation is needed to establish how this reflects broader consumer protection concerns
  • The connection between individual incidents and company-wide practices needs to be better established
  • The article is simply too short, and lacks sufficient content

How you can help:

  • Add documented examples with verifiable sources
  • Provide evidence of similar incidents affecting other consumers
  • Include relevant company policies or communications that demonstrate systemic practices
  • Link to credible reporting that covers these issues
  • Flesh out the article with relevant information

This notice will be removed once the article is sufficiently developed. Once you believe the article is ready to have its notice removed, please visit the Moderator's noticeboard, or the Discord (join here) and post to the #appeals channel, or mention its status on the article's talk page.

Authy
Basic Information
Release Year 2008
Product Type Security, Software
In Production Yes
Official Website https://www.authy.com/


Authy is a free mobile app that generates random six-digit tokens to enable two-factor authentication (2FA) for online services. Authy was acquired by Twilio in 2015.

Consumer impact summary

Overview of concerns that arise from the conduct towards users of the product (if applicable):

  • User Freedom
  • User Privacy
  • Business Model
  • Market Control

Add your text below this box. Once this section is complete, delete this box by clicking on it and pressing backspace.


User Freedom

Inability to export tokens

Authy does not allow the user to export their 2FA tokens to another service in order to "maintain security for our users".[1] This makes it harder for users to switch to another 2FA application, in return forces them to delete all their 2FA tokens and manually add set them up again in a new app.

User Privacy

The user account is linked to a mobile phone number.

Incidents

Data breach (July 2024)

On July 1, 2024, it was disclosed by Twilio that unauthorized actors accessed customer data "due to an unauthenticated endpoint", but stressed "Authy accounts are not compromised".[2] It would be later discovered the hacker group ShinyHunters breached Authy servers and had access to 33 million phone numbers from Authy.[3]

Removing Desktop App (August 2024)

Popup message on March 19, 2024

On March 19, 2024, Authy would no longer support their desktop app.[4] Previously, the EOL date was August 19, 2024, however it was moved to March in order to "streamline our focus and provide more value on existing product solutions for which we see increasing demand".[5] It was noted by TheVerge that M1 and M2 Macs can download the iOS version of the app, though Windows and Linux computers are left unsupported.[6]

See also

References

  1. "Export or Import Tokens in the Authy app Not Supported Objective". Twilio Help Center. Archived from the original on 2026-02-17. Retrieved 2026-03-06.
  2. Authy (2024-07-01). "Security Alert: Update to the Authy Android (v25.1.0) and iOS App (v26.1.0)". Twilio. Archived from the original on 2026-03-03.
  3. Kovacs, Eduard (2024-07-04). "Twilio Confirms Data Breach After Hackers Leak 33M Authy User Phone Numbers". SecurityWeek. Archived from the original on 2026-02-13.
  4. "User guide: End of Life (EOL) for Twilio Authy Desktop app Overview". Twilio Help Center. 2024-01-01. Archived from the original on 2026-02-08.
  5. Karthik, Ashwin (2024-01-08). "Authy authenticator apps for desktop are being discontinued in March 2024". ghacks.net. Archived from the original on 2025-07-24.
  6. Roth, Emma (2024-01-08). "Authy is shutting down its desktop app". TheVerge. Archived from the original on 2026-03-09.
Filed under