• maryjayjay@lemmy.world
    link
    fedilink
    English
    arrow-up
    0
    ·
    edit-2
    4 months ago

    You can, though. But not through their app. Someone reverse engineered their protocol and wrote a program that connects like a new client, which you then approve, and it dumps all your random seeds into a text file. I then put them all into Keepass.

    Edit: Unfortunately, the author has deprecated the project as Authy has added some attestations to their API, seemingly for this exact issue. https://github.com/alexzorin/authy?tab=readme-ov-file

    • Todd Bonzalez@lemm.ee
      link
      fedilink
      English
      arrow-up
      0
      ·
      4 months ago

      People keep acting like Authy is betraying them by not having an export feature, but why exactly are you leaving Authy to begin with? Because they are a security risk?

      You’re gonna leave Authy a copy of your seeds? That defeats the purpose.

      Re-key your MFA codes on the way out. Security isn’t necessarily convenient.

        • Todd Bonzalez@lemm.ee
          link
          fedilink
          English
          arrow-up
          0
          ·
          4 months ago

          I can’t even begin to stress what a terrible idea that is. You absolutely don’t want to make bulk-rekeying possible unless you like getting all of your accounts compromised at once.