I use Authy and it does this too. I like that I can get the code on my phone or ...

jeroenhd · 2024-12-20T13:29:10 1734701350

The trick with Authy is to disable multi-device access unless you're in the process of adding another device, so hackers and scammers can't add their own devices to your account without your aid. If you leave the setting enabled, someone may get your TOTP secrets from Authy before you can stop them.

mannykannot · 2024-12-20T16:00:49 1734710449

If there is a trick to doing something securely, then that is already an automatic fail.

tasuki · 2024-12-20T15:29:10 1734708550

No. That's not "the trick". As soon as it's in the cloud, it's over, it's gone, you've lost the game.

criddell · 2024-12-20T17:00:40 1734714040

I've been using Authy for around ten years now, so I lost the game a decade ago and the consequences have been nothing and the benefits have been something. Not a bad loss IMHO.

tasuki · 2024-12-22T14:11:00 1734876660

Good for you. Just wait and see...

Natfan · 2024-12-20T15:18:50 1734707930

You can just decode the QR code and use whatever secret is in there to generate the OTP codes. TOTP isn't that complicated, it's really just a second password that the system generates.

nilamo · 2024-12-20T19:26:34 1734722794

While true, I haven't yet seen an authenticator app that let's you just dump the topt code yet...

kibibyte · 2024-12-20T21:00:34 1734728434

1Password can show the whole URI with the seed, and I have used it in the past to tediously restore seeds to my other 2FA apps.