Introducing Authy For Your Personal Computer
Never manually type a token again.
Authy lets you use “something you know” paired with “something you have” to log in securely into your accounts using two-factor authentication. Up until now, however, what you “have” was either your cellphone, your smartphone or your tablet.
But now, with our goal in mind to provide secure and seamless two-factor authentication to users everywhere, we are excited to announce the Authy App is now available on Windows, Mac, and a browser agnostic version. (I know what you’re thinking, is this secure? Is this still two-factor authentication? Yes, and we’ll explain more below.)
You usually log in to your accounts from your desktop or laptop, right? And now, using Authy for PCs, you’ll be able to access your two-factor authentication tokens directly from your computer screen without the hassle of copying them over from other devices. Simply put, you’ll never have to type a token manually again.
We were able to build a great multi-platform app that not only is very easy to install, but it also feels and looks native across different operating systems. So, if you’ve been using Authy on your smartphone, Authy for Desktop works just as great as the Authy mobile app. If you don’t own a smartphone, this app provides a better alternative to text-messages and phone calls, and we think you’ll love it.
So is this still Two-Factor Authentication if I am using the same device?
The short answer is yes, two-factor authentication is still valid regardless of whether the second authentication factor “you have” comes from your cellphone, your tablet, or right from a desktop app on your laptop. For example, RSA Security, the leader in Two-Factor Authentication also has a desktop application that has been securely deployed at some of the largest and most secure organizations worldwide. What really matters, is that it is something only you can have. When you register your laptop as a new device with the Authy App for PCs, we use the same secure registration process we use with the mobile app by verifying your identity with your cellphone number – something only you have access to.
So what if someone steals my computer?
This is a valid concern, however the same can be said for your RSA secure token or your smartphone. Two-factor authentication was never designed to protect against device theft. There are many other security technologies that are meant to defend against this, for example, full-disk encryption.
However, we recognize that most people don’t use these protections, so we built encryption right into our app. Authy for Desktop makes it easy for you to encrypt your local accounts using a master password – simply enter a password and we’ll take care of all encryption/decryption for you. The password also blocks access to the application when you are idle by automatically encrypting all accounts, which also protects you in case your laptop is lost or stolen.
Also, because of the way we built the Authy platform, if your laptop is ever lost or stolen you can automatically deactivate your tokens using another Authy device, like your smartphone or tablet.
So what about malware, can malware steal my Two-Factor tokens?
Yes, but that’s the wrong way of looking at it. If there is local malware on your computer it doesn’t really matter whether you are using 2 separate devices to log in with two-factor authentication. To illustrate the threat, let’s take a look at the following authentication scenario where the user uses a RSA Hardware Token and see why even in this scenario, two-factor authentication cannot prevent the attacker from gaining access to your account.
Once you successfully log in to a site, your browser locally stores a unique identifier for your session, called a session cookie. This cookie is then used to inform the site on subsequent requests that you have already authenticated, so that the site doesn’t ask you to log in again. What this basically means is that there’s no point for the malware to steal your credentials or two-factor token when it can simply steal your authenticated sessions.
Protecting against the most common threat – Phishing Attacks.
However, there is a great security advantage of running on the same device. Most of the attacks we see today on our customers are advanced real-time phishing attacks. On these attacks, users are redirected via a fake email, or some other means, to a fake page that looks and feels exactly like the authentic site. Once a user is on the phishing site, he is deceived into entering his login credentials, including his two-factor authentication token, and thus giving away access to his account.
These attacks are so well-orchestrated that even the most proficient users were being tricked. So we knew we had to do something about this. And today we are finally taking the first steps towards making phishing attacks obsolete.
And this is only scratching the surface. We are actively working on some really cool technologies to finally solve this problem. Soon we’ll also maintain a blacklist of known phishing sites (updated in real-time) that will further protect all of our users and customers from falling victims to this attack.
So if you are looking for an excuse to use Authy on your desktop, this is it.
With Authy for Desktop, we’re going a step further to make two-factor authentication a truly seamless experience and to bring the power and security of strong authentication to users everywhere, anywhere. Authy for PCs not only provides more convenient and secure access to two-factor authentication tokens, but it goes the extra step by keeping your tokens safe on your computer, and by offering protection from phishing attacks.
The Authy App forDesktop is a simple and great way to access your two-factor tokens fast, conveniently and securely from your desktop or laptop.