How Authy 2FA Backups Work
Authy offers a backup feature for its two-factor authentication (2FA) tokens, which is an opt-in service that encrypts the accounts before uploading them to the cloud. The password used for encryption is not stored anywhere in their cloud service and must be remembered by the user. Backups are executed through several steps, including salting and running the password through a key derivation function called PBKDF2, using a secure hash algorithm, and encrypting each authenticator key with AES-256 in CBC mode along with a different initialization vector for each account. Restoring Authy keys involves confirming ownership of the original account, receiving a OneCode notification on another device, syncing keys, and providing the backup password to decrypt the keys.
Company
Twilio
Date published
Dec. 17, 2018
Author(s)
Authy
Word count
810
Hacker News points
None found.
Language
English