-
The seeds for Authy codes are registered on the server, and Authy charges companies for running their TOTP. TOTP is trivial, but Authy thrived on companies being intimidated by the idea of running this in a reliable way, and so companies pay them. The lock-in is huge as for companies to change their system they need to get every customer to update.
For Coinbase, it's just a lookup on the database for the Authy seeds to know who is still using an Authy 2FA. Once you update it, the seed changes and it's all good.
NB: Authy uses a 7-digit TOTP, but actually so could all of the others because the length is merely a truncation of the actual value and most people settled on 6-digits as it's complex enough and easy to remember when you have to copy and paste it mentally... Authy merely chose 7-digits as a differentiator. This has actually proven useful because it's enabled companies to run 2 systems through the same UI... 7-digits entered? Check Authy, else 6-digits entered, check the standard TOTP. Normally it's the seed that identifies the TOTP function to use, but Authy made it possible to use the input to identify the function... accidentally giving customers a migration path away from Authy.
You are reading a single comment by @cyclotron3k and its replies.
Click here to read the full conversation.
Velocio
@cyclotron3k
Well, either way, I deactivated 2FA then re-enabled it again, and this time Coinbase seems blissfully unaware that I'm using Authy.