
Authy: One token to rule them all - dcu
http://blog.authy.com/authenticator
======
spindritf
I may be dense but if you back up the tokens and protect that online backup
with a password, don't you eliminate the second factor?

Now the attacker just needs to get two passwords (to the backup at Authy and
to whatever account) so it's reduced to just something you (may) know.

~~~
danielpal
Not at all. The attacker would need to get the encryption key and also access
to the Authy Backup. Then they also need the password for your account. That
said, backups are optional, you can skip them and your account will remain on
your phone only.

~~~
Firehed
How are you encrypting the backups? You recommend a passcode of at least 8
characters, which is only 64 bits. Are you at least running it through some
sort of key strengthening algorithm like PBKDF2 to generate the actual
encryption key?

~~~
danielpal
We're not using PBKDF2. Were using AES-256, we pad the extra bits and use a
random IV for each account. However you can enter a 32 character encryption
key and you will get a full 256 bit key for encryption.

~~~
Firehed
Ok, please don't take this the wrong way, but you guys don't seem to know
enough about security to be running this kind of service. Being able to access
your MFA token from multiple devices defeats the purpose of it being a second
factor (since it's must exist only in a single place to be "something you
have"), and now you're recommending a backup passcode with less security than
WPA2 - a passcode to a backup that _by definition should not be allowed to
exist_.

It's bad enough that Google's TOTP keys are too short (80 bits, below the
required 128 and recommended 160+), especially given the clarity of the spec
and the size of their organization, nevermind being the first large-scale
rollout. It's also unfortunate that they half-assed their Authenticator app,
which hasn't seen an update in over two years. At least they've had the good
sense to improve the workflow of regenerating a token for a new device.

I appreciate the problem you're trying to solve and am aware that there tends
to be a lot of headache in additional security, but doing this kind of thing
provides a false sense of security if not outright lowering the security of
what already existed. If I can get access to my MFA tokens by typing in a
password, then it's a knowledge factor and not a possession factor. That's
one-factor auth with two passwords, like the "security" questions on many
banks.

~~~
dcu
You don't access the token from multiple devices, just one(your phone).

Google's secret keys are weak but Authy's ones are 256 bits.

And finally, Daniel was wrong about the key derivation, we are actually using
PBKDF2. Sorry for the misunderstanding.

------
mannkind
Looks like the someone from Authy is reading this thread so here goes...

Feedback:

* Registration is a bit complex; all texts to my phone (with the exception of the registration code) are completely useless as the _real_ info is sent to my email address

* Why is my backup encryption key in plain text? A dual-password field with sameness-checks would be better.

* Restoring from backup is... painful.

\- I cannot just reregister my phone, I have to go through a reset process
online. Ok, fine. I got texts to my phone instantly but the reset email took
almost 15 minutes to reach me.

\- The app crashes tapping any "GA" item other than the first one.

\- I have to type in my encryption key for each "GA" item and the app crashes
each and every time.

\- The _first_ time I tried to restore authy, after typing in my encryption
key to recover the first "GA" item, the app crashed and wouldn't let me
recover any of the other items... I had to do the whole process all over
again.

* Aside from the above, the app _looks and works_ so much better than Google Authenticator on my iPhone (5). Especially considering I'll be able to recover my tokens when switching phones -- Google Authenticator completely screws this up (broken phone? Get a replacement phone from Apple? Upgrade? All your tokens in Google Authenticator are lost, even if you recover from backup).

~~~
kmfrk

        All your tokens in Google Authenticator are lost, even
        if you recover from backup
    

So restoring from an iCloud back-up won't save my bacon in this case?

~~~
danielpal
If you use Google Authenticator App this is true. If you use Authy App without
backups, this is also true. But if you enable Authy Backups then you will
always be able to get your accounts back, no matter what.

~~~
chimeracoder
This isn't true on Android - if you've done a full backup, you can restore
Google Authenticator without disabling and re-enabling the service.

~~~
mannkind
I wish it worked that way on iOS; I'm not sure what Google is doing with the
app that prevents it ... other apps+accounts work just fine after restoring
from backup.

~~~
X-Istence
It works without issues for me when doing it locally using iTunes, not sure
what would be different about iCloud based backups ...

~~~
bonzoesc
iCloud backups don't include all keychain items, while iTunes encrypted
backups do:
[https://ssl.apple.com/ipad/business/docs/iOS_Security_May12....](https://ssl.apple.com/ipad/business/docs/iOS_Security_May12.pdf)
page 12.

------
bcambel
You better replace your development error pages with proper 404 Take a look at
<http://blog.authy.com/feed>

~~~
danielpal
Thanks!. We're using Blossome, a blog engine I wrote for developers:

<https://github.com/danpal/blossome>

I've been meaning to add lots of features, I jsut haven't had the time. This
holiday vacations I am going to the beach, so I'll be hacking on Blossome
there a lot.

~~~
nacs
Bottom of the error page says "You're seeing this error because you have
enabled the show_exceptions setting."

Might want to just turn that off now and hack around with Blossome in-depth
later ;)

------
SCdF
This is interesting, I've never considered using an alternative app for google
2fa tokens.. mostly because the app Just Works. It's literally one tap and it
shows the token I need to type into the website, I'm not sure how it could get
any simpler.

Since the authy guys seem to be around, if the only 2fa I have is on my Google
accounts, what is the advantage of using Authy over the standard Google
Authenticator app (on Android, fwiw)?

------
scottmp10
Is this "condoned" by Google or does Authy just emulate the algorithm that
Google uses? If they are just implementing their own version, then what secret
info do they need for the algorithm?

~~~
danielpal
Both Authy and Google are based on open standards:

Specifically: <http://tools.ietf.org/html/rfc6238>

So you can add support as long as you support the standard.

When you scan the QR Code with you camera we read a secret key and store it
inside your phone securely.

~~~
dtjohnnymonkey
I'm reading RFC 6238 and it looks like it's based on a single shared secret:

> Basically, the output of the HMAC-SHA-1 calculation is truncated to > obtain
> user-friendly values: > > HOTP(K,C) = Truncate(HMAC-SHA-1(K,C)) > > where
> Truncate represents the function that can convert an HMAC-SHA-1 > value into
> an HOTP value. K and C represent the shared secret and > counter value;

Does that mean it's formally/theoretically equivalent to simply having two
separate passwords?

~~~
danielpal
Absolutly not. It's one secret seed but you use the time to generate different
One Time Passwords every 10 seconds, which means you never reuse passwords.

This would be the equivalent of having 2 passwords, one of which you change
every-time you use it and it's fully random.

~~~
dtjohnnymonkey
So just to rephrase it to make sure I understand, it's more secure because
even if the OTP is compromised, the entire system is not compromised, is that
correct?

However, if the original secret is compromised (K), then could an attacker
easily generate OTPs?

------
asfdfdasfafdsss
There is only one semi-reliable auth method: deep body scan + DNA +
mitochondrial RNA + retina scan fuzzy match. Passwords and 2 factor auth suck.
And so will embedded/mark IDs, which I will never, ever use.

This is a good idea- everyone worth their salt wants a third-party single auth
service, perhaps one that we pay an annual fee for, however this ain't it yet.
You should not piggyback. Don't.

------
seanponeil
Looks like the back button is broken on the Android app. I can't hit the back
button and leave the app from the registration Activity.

------
kmfrk
I don't know if likening yourselves to Sauron will assuage our caution to
adopt your tool. :)

------
nbashaw
Just FYI, the images look terribly stretched on my iPhone

~~~
danielpal
Hm, which iPhone do you have? Is it a 3GS? We use very detailed images etc
that just don't look great on non-retina display. Retina images will look
great.

------
TylerE
<Insert XKCD cartoon about new standards here>

~~~
lazerwalker
Authy, Google, and Dropbox all adhere to the same pre-existing open standard.
This just lets you generate different auth keys for different tokens from the
same app, instead of having to have multiple native apps (Dropbox, Google
Authenticator, etc) to each generate their own key using the same algorithm.

~~~
drivebyacct2
Not to discredit Authy here, given they're admirably embracing the open
standard, but Google Authenticator happily takes any OTP code.

~~~
shinratdr
But their iOS app is 1000x uglier. Swapped my Google Auth credentials into
Authy as soon as I realized I had the option.

------
freshhawk
Seems like a complicated way to turn two factor off while leaking information
to yet another 3rd party.

------
cynix
Now if it can import all my RSA key fobs...

------
martinced
What could possibly go wrong when using a device that is connected to the
Internet as a 2nd form factor?

That's not just a criticism of this app: all the apps that advertize a device
that is connected to the Internet as a "2nd form factor" is using deception to
lure people in.

There's no way this is "Two-Factor" in the same way that a physical RSA token
is "Two-Factor".

~~~
SCdF
I'm not sure what you mean here. Everything is stored locally, so it's not
like it's going off to a website to get your token.

Are you saying that because the device is networked it is by definition
vulnerable to hackers and so cannot be a high quality 2FA device?

If so I completely agree, except to point out that if I use a couple of banks
(some are better for cards, some are better for savings), and Google and I
play WoW and I (insert other service that uses 2FA here) then that's going to
be a _lot_ of physical doo-dads I have to keep track of. It's an unfortunate
reality, but having all these things attached to one 'smart' device is the
only real way of making them viable after you get more than one.

------
asveikau
Can someone put a moratorium on startup names that end in "-y" or "-ly"? After
a few of these it gets irritating. Maybe the next one will be called
"obnoxiously".

~~~
geuis
Feel free to get started on that. You already have.

~~~
asveikau
Got some downvotes pretty quick. Didn't expect such a negative reaction so
fast. I'm relatively new on this site; now I have some idea of how well the HN
community takes this kind of humor. So thanks.

~~~
marshray
Hmmm, I wonder if "downvotely.com" is available ...

