Stanisław (Stan) Findeisen

Software Engineer/Architect

I transform complex requirements into elegant software architectures.

Does your 2FA backup work? The case of Authy from Twilio

Ok, so you're one of those security-aware users and you use 2FA for your logins. Great. But what happens, if you loose access to your 2FA device?

Today I learned the hard easy way how to use Twilio's Authy 2FA app properly. This app has over 10M downloads from Google Play alone. Just for the fun of it, I tried to replicate all my 2FA accounts on a different phone and, as it turns out, you'd better have access to your old phone (including the SIM card), or else it can get tricky! Your backup password alone is not enough, even if Authy says all the accounts have been "backed up" (settings → accounts).

Therefore remember: always test your backups!

The right way to use this particular app is to have it installed on 2+ devices and keep them all in sync.