/plushcap/analysis/twilio/twilio-how-the-authy-two-factor-backups-work

How Authy 2FA Backups Work

What's this blog post about?

Authy offers a backup feature for its two-factor authentication (2FA) tokens, which is an opt-in service that encrypts the accounts before uploading them to the cloud. The password used for encryption is not stored anywhere in their cloud service and must be remembered by the user. Backups are executed through several steps, including salting and running the password through a key derivation function called PBKDF2, using a secure hash algorithm, and encrypting each authenticator key with AES-256 in CBC mode along with a different initialization vector for each account. Restoring Authy keys involves confirming ownership of the original account, receiving a OneCode notification on another device, syncing keys, and providing the backup password to decrypt the keys.

Company
Twilio

Date published
Dec. 17, 2018

Author(s)
Authy

Word count
810

Hacker News points
None found.

Language
English


By Matt Makai. 2021-2024.