Authy Desktop 2FA app shuts down leaving many users in perilous position

Hot on the heels of Twilio co-founder Jeff Lawson announcing he has stood down as CEO as of Monday 8 January, the company has confirmed it is shutting down the Authy 2FA desktop application in August. And that has made me, a long-time advocate of Authy, wonder if I should keep on using it.

In a posting to the dedicated Authy support site, which itself will close on 15 January, the company announced that the Authy desktop apps across operating system platforms will “reach end-of-life in August 2024”.

A brief explanation said the closure of the desktop apps has been decided in order ”to streamline our focus and provide more value on existing product solutions for which we see increasing demand”. And that’s all the reasoning given for this surprise announcement.

The good news is that the closure only affects the desktop applications: the mobile apps for Android and iOS users will continue to be supported. As, so it appears, will the macOS app that is available for download for desktop and notebook Apple Silicon devices.

Why this closure matters to Authy users

So if you use Authy on the mobile, why should you care? Because it removes the main reason that many security-minded folk use Authy for 2FA: the ease by which you can restore your tokens to a new device in case of loss or theft. While those with more than one active device will still be able to use this feature, it dilutes the pool of potential users considerably.

Twilio strongly recommends users switch to the mobile apps now, while also suggesting alternative desktop applications from the likes of 1Password and KeePass for those who are unable to use a mobile device.

Moving away from Authy to another 2FA ecosystem altogether is made harder by the fact that there is no export feature. This means users will need to re-enable 2FA for systems and services one by one in that new application. I have around 50 such services currently being protected by Authy tokens, a number likely to be reflected across many average users.

How to export Authy tokens from one device to another

Someone by the name of Ashwin, writing at gHacks, suggests that there is a workaround available on GitHub. However, this is too complicated for most people and requires your Authy account to be maintained. This only works with 1Password (for OS X, iOS, Android), LastPass, Bitwarden, KeePassXC and KeePass2Android.

Although I have been an Authy evangelist for many years, I will now be giving careful thought as to what my next 2FA platform will be. I am in the unusual position of having active iOS, Android, macOS and Windows devices, so the impact of this closure is minimal (Windows being the only problem).

However, that the Authy product line is being cut back at all leaves me wondering when the mobile apps will be depreciated down the line.

Read next: An IT manager’s guide to passwords