Authy, the 2FA app has been hacked and over 30M accounts were compromised. If you’re currently using the app I would strongly suggest you move your codes.
Transcript
I woke up to a report today about an app called Authy being hacked and I think 30 million user accounts have been compromised.
Now Authy is a two-factor authentication app where you get codes.
So you scan the code, it's in the app and when you try to log into a service it asks you for that code and that code changes every 10, 20, 30 seconds or so.
Now there is a two... they also use... I didn't think they did but apparently the telephone numbers of said accounts have been hacked as well.
Which means if you're getting two-factor authentication via SMS which is a really bad idea anyway, those people are really kind of screwed basically.
Now I've been changing... I change apps all the time as you know. I've been changing my two-factor authentication app and I was using Authy and finally now past week
I've been moving stuff out of it.
Luckily I don't use SMS at all in any way for two-factor authentication.
If there's a possibility of me using it or not using it I'd rather not use it because my email is more secure, my email account is more secure than my telephone number.
Because someone can spoof your number, they can then get the SMS code that the app or service is sending you and then they can access your account.
So having your email spoofed is highly impossible. It is possible but it's very doubtful that you can do that. But your SIM card being spoofed or your telephone number being spoofed can happen.
Anyway back to Authy. Now Authy is a great app. As I said I've been using it for years.
They stopped using a desktop app and since then I've been moving my two-factor authentication out of that app.
And now I'm on 1Password and it works great. You just have to be careful of where you store your data.
Whether it's client information, your information, your photos, your data is insanely important.
What's more important, two things that are really important is securing your email account with an insanely hard password.
Don't create password 123 or the dog's name or the time I went to Turkey in 2003. Whatever it is, use a proper freaking password.
So get a password manager. And the second thing is that just get a password manager.
Make sure all your passwords are completely different. Make sure that you do use two-factor authentication when you set up your account. And then you'll be secure. And be careful of emails or SMSs as a phishing attack.
Because basically they look like the app or service or bank account that you own or you use. But in fact they're trying to phish information from you to be able to get into that account.
So those things are three things actually. There's three things that are incredibly important.
The main one I would say is secure an email address, email account with a strong password. Second to that, get a password manager. Third to that is actually two-factor authentication.
So make sure you stop using Authy for now or at least get stuff out of it. Change your app that you're using for two-factor authentication like now. And then you should be fine. And then you can sigh of relief.
Because I went through the rest of my apps in Authy today, this morning. Made sure I moved everything out of it. Anything that's in there is stuff I don't use. Or haven't used for years. So I don't care.
So yeah, that's what I have for you today.
Be safe out there and keep it simple.