Back to Blog

Understanding Authy 2FA’s Multi-Device Feature

How Many Devices Do You Use?

We don’t need to tell you that the world no longer connects to the internet through just a laptop or desktop. In fact, 80% of internet users today own a smartphone. On an average day, smartphone users look at their device 46 times and, collectively, Americans check their smartphones over eight billion times per day.

And while accessing the internet from a variety of devices—a secure network desktop computer at work, a wi-fi ready laptop on the road, a smartphone or tablet at home—the idea of actually protecting all those devices, and all your professional and personal accounts, is mind-boggling.

One of the features that sets Authy apart from other authentication services is that you can keep many devices in sync, so if a device is lost or stolen, you won’t lose access to all your Authy-protected accounts.

This is also why we’ve built our app for iOS, Android, and for desktops via a Chrome browser application. We know you might use Authy in various contexts: mobile phone at home, Chrome extension at work, etc. And now you can link them all together!

Multi-Device: Simple & Powerful

The Authy feature that makes all this possible is called “Multi-Device.” You can find it under “Settings,” then “Devices,” then “Allow Multi-Device.”

What the Multi-Device feature does is pretty simple:

  • When enabled, Authy allows you install new apps and add them to your Authy account.
  • When disabled, you cannot install another instance of the Authy app for your account (although any existing devices with Authy installed will remain active).

When you first install the Authy app on a device, such as your mobile phone, we encourage you to install it again on another device, such as a tablet or desktop, as a backup. When you install, you can use SMS/voice to authenticate the new device, or you can use the existing device.

In some instances, you might find that SMS/voice is disabled and you must, therefore, use other devices for the approval. The reason for the lack of SMS/voice capability is because you might be using Authy with a cryptocurrency vendor such as Coinbase or Gemini. Due to security issues with SMS/voice, we disable them when your account is used for bitcoin access.

Inherited Trust

We call this ‘inherited trust,’ where an already trusted device can extend this trust to another device. This means that you can authorize any other device to access your accounts, and the new device can further extend trust to other devices.

Authy is then accessible on all devices you’ve authorized, and you can enable as many devices as you desire. But after installing the Authy app on more than one device, we strongly recommend disabling Multi-Device. Why? Having a single device means that the attack surface is smaller. When you have multiple devices, you have multiple surfaces that can be prone to attack. But with Multi-Device disabled, no one can hack into your account and add a rogue device, even if they’ve deviously and illegally tapped into your device to access SMS or voice calls.

Have Just One Device?

The only reason you might want to keep Multi-Device enabled at all times is if you keep just one device—say your mobile phone—with the Authy app. If you lose your phone, and Multi-Device has been disabled, you won’t be able to easily install the app in the replacement phone. And again, cryptocurrency users won’t be able to install with SMS/Voice and will need to go through a 24-hour account recovery process.

We know what you’re thinking: you’re too diligent, too careful to lose your phone. But phones drop, fall, and break all the time. And many device losses are the result of simple carelessness. Phones slip, fall, and break. And some just die on their own. Maybe you’ve never had a smartphone slip out of your backpack while enjoying stadium seating at the movies, or left it in the seat-back pocket after a red-eye flight, but it happens to the best of us. Just ask Uber or JetBlue about abandoned smartphones.

So Remember:

  • Install Authy on at least two devices and then disable “Allow Multi-Device” after that.
  • Stay Safe!

 

MORE:

About the author Simon Thorpe

Simon works in the product group at Authy and has over 15 years of experience in the security and identity management space. Working at companies like Oracle, Microsoft and Okta, he has spent a lot of time understanding and architecting solutions to secure all sorts of information. At Authy he works closely with the whole team to deliver a world class solution for developers to build security into their applications.

We can text you a link to get started:

Close