- cross-posted to:
- technology@lemmy.world
- cross-posted to:
- technology@lemmy.world
Losing access to Authy leads to another reckoning with Google’s security model.
You must log in or register to comment.
“We don’t want to punish users of alternative OSes, but there’s really no other option at the moment,” Wilden added before his blunt conclusion. “Play Integrity has absolutely no way to guess whether a given custom OS completely subverts the Android security model.”
Then don’t. Allow the user to choose what to do with their device and shut the fuck up and get out of the way. You are punishing users for using alternative OSes. That is exactly what you are doing.
Lol, what a fucking joke of a toolbag.
Play IS insecure, full of malware, and is itself malicious.
Fuck that douchebag with a pineapple.
Can you get that on video?
They do, kinda. But they also choose to not let their software interact with it, then.
Which puts us in this weird position countries like the US AFAIK have no laws for, the EU is just starting to employ gatekeeping-laws for technology forms in a big way. Play Services is Google’s piece of software, legally they have every right to refuse to let it run on hardware whatever. It’s their software after all. But, they have such a market-controlling situation that it’d be unfair of them to specifically exclude company X, Y or Z.
This is a non-issue. Why not use Aegis and backup your own credentials? I wouldn’t trust Authy (or any 2FA app that includes cloud backup).
Other decent options:
TOTP is an open standard, no need to stick to Authy.
Aegis all the way. Looked at authy and hardpassed after reading the permissions it requires. Your job is to calculate the OTP. You don’t need wifi access if you’re an offline OTP calculator.
Authy is not an offline OTP. It syncs your tokens across devices.
It can, but it doesn’t have to (or at least it didn’t used to). But if you ever choose to leave, you can’t export anything (or, at least you couldn’t). My statement is using old information, at least a year old, since that’s about when I hardpassed on them.
Edit: correct autocorrect
Just another reason not to use them. Non-synced tokens cannot be leaked.
I recommend Aegis as well. Does what it needs without shadiness going on.
There are tons of other two factor authentication apps that can be used that are totally open source and available on the fdroid application store. The first 2 that come to mind are KeepassDX and FreeOTP
FreeOTP+ is amazing, originally developed by Red Hat before it was forked.
Authy is the last thing a security minded person should ever have been using. Counting the not so recent security breach and all.
Aegis is still good
The author is implying that Authy is the only option for some reason. It’s not, this is a non-issue.
Conspiracy theory: got paid to write a smear piece about a piece of technology the spies of capitalism doesn’t like
Authy is trash anyway.
Isn’t Authy proprietary?
Um… What fucking paradox? Authy is a know security vulnerability. If you’re installing GrapheneOS before switching away from Authy, you’re putting the condom on after getting fucked
“We don’t want to punish users of alternative OSes, but there’s really no other option at the moment,” Wilden added before his blunt conclusion. “Play Integrity has absolutely no way to guess whether a given custom OS completely subverts the Android security model.”
Bollocks. GrapheneOS even provides instructions on how to use Android’s hardware attestation API which is supported by every Android device on version 8 or newer.
