Authy User: A Protected Nashville Geek
Authy: So, Mike. Set the stage.
Mike: My name is Mike from Nashville, @Telomir on Twitter. I have a degree in Computer Science and an MBA in accounting. For the past 3+ years I’ve been a Business Systems Analyst for Smith & Nephew, a global medical technology company with Headquarters in London. I’m a gamer/geek at heart, and I’ve always loved technology and coming up with solutions to technical and business issues. I’m an early adopter as well, so I spend a bit of money on gadgets. My friends all have similar interests and we always compare our setups against each other, from a security and “best tech” standpoint.
What do you spend most of your online time doing?
Online, I spend a lot of time reading reddit and watching streams on Twitch.TV. Although I personally don’t have time to play games anymore, I enjoy watching others play. This is a substitute for cable, as I haven’t watched cable TV in years.
Tell us your online security story.
I initially used Google Authenticator, however, there were several issues I had with it. For one, I hated keeping backup codes in my wallet. And second, I’m a flash-a-holic on my phone (I’ve always purchased Nexus phones). So whenever I would flash a new ROM on it, I would lose the previous instance of GoogleAuth. Anyhow, my wallet was looking beat-up and I decided to change it out before an upcoming business trip. I started tossing receipts and loose papers kept in my wallet and didn’t think about it too much, and as you can guess, I threw out the slip of paper with my backup codes on it. During my trip, a new update for the Android M preview came out and I flashed it with excitement, not thinking about the repercussions with Google Authenticator. Upon reinstall, it asked for my password (which I remembered) but I did not have access to my backup phone number (I forgot to change my GA backup phone number when I got a new one), or the backup codes, or even the authenticator, to get back in. The account was six years old, so old that I had trouble even remembering the answers to verification questions to prove I was the owner. It failed multiple times. Eventually, I had to suck it up and consider it a loss. I was locked out of my own account, and Google wouldn’t help me. I was enraged and vowed to never use Google Authenticator again.
Is that when you first tried Authy?
Yes, Authy was my first choice because it was hyped on reddit and by my peers, and didn’t involve pesky backup-codes.
What Authy features did you appreciate most?
I like the fact that all my 2FA accounts were stored safely somewhere. It was hailed and praised on the internet. The testimonials and the Authy tweets I saw gave me more confidence that I could trust it. It was also flash friendly. If I changed the OS version on my phone, all I had to do was validate my phone number and everything was reloaded instantly! No need to rescan 2FA codes and start over! I could, essentially, keep the same token, which was a huge plus. The primary pain point from GoogleAuth was gone, and then Twitch partnered with Authy for a 2FA solution! Because of my familiarity with Twitch, it was a match made in heaven.
But then we lost you. What happened?
I wanted to be in control of everything locally on Google Drive without relying on third-party servers I had no control of. What if Authy servers went offline or suddenly became unavailable? What if they got hacked? All these scenarios ran through my head and I started having doubts that I made the right decision.
Which security provider did you switch to?
I chose to go with Authenticator Plus. The appeal to me was that you could store the database on your own Google Drive, without relying on third-party servers. Before switching, I spotted a tweet by @jcase about trying out Authenticator Plus, and since he’s a well-known tech and security enthusiast, I figured I could trust him. After I left Authy I tweeted about the switch and @Authy said they’d welcome me back upon my return. Little did I know what this would mean at the time.
And eventually, you did return. What prompted that?
I was with Authenticator Plus for several weeks, and the primary reason why I returned to Authy was because I had updated to the Android N preview for the new OS being released by Google this year. Some of the libraries that Authenticator Plus relies on failed and hadn’t been updated, so as a result, I couldn’t access any of my accounts. I had to email support and they confirmed that nothing could be done until either Google made the changes in an updated preview, or the official release came out. Since I use my 2FA accounts multiple times a week, this was NOT an option. So once again, I was locked out of my accounts and had to re-scan and reset all my 2FA tokens again. I was still following Authy tweets in security related news, noticed the one about Authy’s uptime, and decided to use Authy again. I currently use it for seven accounts.
When I announced on Twitter that “came back home,” @Authy welcomed me back with opened arms. So, if it works, why switch?
How can we improve your Authy experience?
How about a nice web interface to all access codes when you don’t want to take your phone out. Or notifications when anyone attempts to log-in using your phone number. Plus it would be great if you could work with more banks. Seems like most use SMS and it would be nice to have one solution for all.
Thanks, @Telomir from Nashville. It was a pleasure to get to know you a bit better.
That is why I came back to Authy.