I’m moving from Authy to more private options, and my question now is should I disable/re-enable my keys or just find a script and export them and add them to the new 2FA App ? Does it help with my security to do the longer process ?
I’ve considered both options and I don’t mind doing either. Will be long process anyway since I have so many accounts for work/personal usages.
When I switched to a hardware key, I had to recreate all my 2FA keys.
Are you sure you can import the keys?
Most secure MFA system don’t allow you to import or export keys for security reasons.
You can import/export with TOTP. You only had to recreate them because you were moving to a hardware key so it was a different type of 2FA
You should be fine importing/exporting.
However, I believe Authy stores the 2FA Secrets on the cloud, so they could have been hacked already. So you may wish to generate new ones. Although I wouldn’t recommend doing it in one go, you can just do one or two each day until you do them all
Don’t really see why it matters if it TOTP, hardware keys also handle TOTP, the problem with exporting the keys is not the algorithm.
If you can export the keys, anyone with access to the device can do the same. I assume you see the problem.
I don’t see the problem.
Also, all TOTP apps (at least that I know, Aegis, andOTP, etc) allow you to import are export your 2FA secrets.
@alex It’s mot of “Authy” issue.
If you referring to Authy storing 2FA secrets on the cloud, that is an Authy issue. Most apps don’t sync your 2FA secrets
I’d probably just do them all from scratch considering Authy’s structure. You don’t really know for sure where they’re storing the secrets and how they’re being kept. This way you guarantee the 2fa secrets are fresh and secure on your end.
I recall Authy not letting your export your secrets.
But as it stores them in the cloud (for some unknown reason) I belive that you would be better by generating new ones using an app like Aegis.
What app are you moving to? I think Authy is fine because they backup your TOTP keys, and the backup is end to end encrypted by your password.
If you believe your keys may be compromised, then doing the longer process of getting new TOTP keys for codes will improve your security. Since you want maximum security, you should disable 2FA and then enable to get new keys, in the event that your TOTP codes are compromised.