-
I installed Authy on another phone as a backup if I killed mine. Do I need to be concerned?
I've never noticed account differences but I don't use PC Authy, only phone.
hippy-
No, the phones are OK.
What freaked me out was installing the desktop client and seeing 8 accounts. Uninstalling and installing on a different desktop and seeing 6 accounts. Did this a few times, different number of accounts each time but a few similarities in that it was some of the oldest accounts I could see.
It's weird... if they encrypted my whole account and delivered it to me as a single file that is decrypted locally I'd expect to always see every account.
But that's not what happened, it looks like an API call to Authy that the desktop client makes which is then returning a non-complete set of accounts.
I don't think the mobile clients use this... so they're OK. But as I have so many accounts I now want peace of mind and to know I've got the master secrets in more than just Authy.
Velocio
Just found myself making a GDPR request to Twilio for Authy to give me the seeds and secrets to my accounts.
Authy has bugs and I've noticed a different set of accounts being listed on the desktop apps than on the Android app.
This gives me anxiety... 35 Authy accounts... I sure as hell don't want to have to reset and regenerate those. Especially as some are things like HMRC and I imagine it to be a nightmare, it's bad enough rotating the Google one.
And yet, there is no export function anywhere in Authy... so even though I can see all of the data in Android, unless I root my phone I cannot access them.
I do have a spare and older Android phone, so could install Authy, root the phone, and then export from there... but frankly, Authy should provide an export function, and lacking one perhaps a GDPR request can achieve the same.