Jump to content
Login new information ×
Login new information
  • Security & Privacy News

    Twilio kills off Authy for desktop, forcibly logs out all users

    Karlston

    By Karlston,
    Published Date:

    • 374 views
    • 2 minutes
     Share
    • 374 views
    • 2 minutes

    Twilio has finally killed off its Authy for Desktop application, forcibly logging users out of the desktop application.

     

    In January, Twilio announced that the Authy desktop apps for Windows, macOS, and Linux would reach the end of life on March 19, 2024, and will ultimately be discontinued in August 2024.

     

    While the desktop apps continued to work past March, when opened, they showed an alert warning that the program had reached end of life and that users should switch to the mobile versions immediately.

     

    Authy for desktop warnings
    Authy for desktop warnings
    Source: BleepingComputer

    This ended about thirteen days ago when Twilio forcibly logged all desktop devices out of their Authy accounts and no longer allowed them to log back in with their phone numbers.

     

    Authy for desktop users forcibly logged out
    Authy for desktop users forcibly logged out
    Source: BleepingComputer

    Those who have continued to use Authy for Desktop, even after all the warnings, have found that their 2FA accounts are gone unless they had previously synced them with a mobile device.

     

    However, those who synced their desktop apps with the mobile versions have discovered that some of their tokens did not correctly synchronize, making their associate accounts inaccessible.

     

    In June, threat actors found an unsecured Authy API that could be used to verify if a phone number was associated with a valid account.

     

    The threat actors fed millions of phone numbers into the API, allowing them to build profiles of 33 million phone numbers on Authy, which were then leaked on a hacking forum.

     

    Twilio fixed the bug by securing the API and releasing an updated mobile app version. Some believe that Authy desktop users cannot log in because the desktop app has not been updated with the new fix for the API.

     

    However, in June, Authy released version 3.0, stating it would be the final desktop release, so we will unlikely see another one.

     

    Update 8/1/24: Twilio told BleepingComputer that users were logged out as part of the planned end-of-life plans for Authy desktop apps as described here.

     

    Source

     

    Hope you enjoyed this news post.

    Thank you for appreciating my time and effort posting news every single day for many years.

    2023: Over 5,800 news posts | 2024 (till end of July): 3,313 news posts

     Share
    Go to news

    User Feedback

    Recommended Comments

    There are no comments to display.



    Join the conversation

    You can post now and register later. If you have an account, sign in now to post with your account.
    Note: Your post will require moderator approval before it will be visible.

    Guest
    Add a comment...

    ×   Pasted as rich text.   Paste as plain text instead

      Only 75 emoji are allowed.

    ×   Your link has been automatically embedded.   Display as a link instead

    ×   Your previous content has been restored.   Clear editor

    ×   You cannot paste images directly. Upload or insert images from URL.

    ×

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...