Hacker News new | past | comments | ask | show | jobs | submit login

Authy wants to 'make data available to nearby bluetooth devices' and – even if you don't allow for it – asks for Bluetooth to be turned on. What's the reason for this requests?

I'd appreciate an application directly in the app. In doubt, I simply deny such requests.


http://i.imgur.com/jTC5msY.png http://i.imgur.com/seytfhy.png

Authy has a desktop client that can request tokens from your phone via Bluetooth, so you don't need to generate a token and type it in manually.


Good, so when the user requests a bluetooth connection you ask for permission or tell the user to turn bluetooth on

Don't ask the user to approve something he: doesn't know what you want to do with it and the thing screams "don't do it" at the particular situation


It gets even more confusing:

Authy asks me for my mobile phone number – once to 'securely identify' me and once to create an account, apparently with Authy.

Why is an account necessary for such an app? Can't I use Authy without an account?

Authy is first and foremost its own 2FA system based around ownership of a phone number. Where most phone based 2FA systems just send you a SMS message with a code you need to enter, Authy installs an app on the phone in question that fingerprints the phone. The fact that you can also use Authy to store other 2FA codes as well is just viewed as a bonus feature by Authy.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact