I use KeePass as main TOTP app but migrated from Authy to Aegis (open source, great app) years ago which I use as sort of secondary backup, which also allows you to create backups and import/export data. I sync those off my phone using Syncthing. There is absolutely zero reason to use Authy for standard TOTP these days.
It's pretty obvious that you should be backing up the actual TOTP secrets not relying on an app to manage it. I use 2FAS Auth which allows export. The other alternative is to use multiple devices for each 2FA account (the original intent?)
Just got off Authy. They've done everything to trap customers into their broken platform, primarily by never allowing the user to export their tokens, either to file, or to another MFA application.
They also stopped supporting their desktop app, forcing users back onto a single point of failure: the mobile app.
If Twilio isn't going to support Authy in good faith, they should stop holding their remaining users hostage.
Tarsnap should partner with Apple and Google to offer a per-app minimal important data backup API/service to offer revisioned backups (not just replication) of critical data. This is something Tarsnap could offer app developers as an SDK at first, but then gather momentum to be integrated into mobile/dekstop OSes.
Google Authenticator did this to me once before, way back in 2013 [1].
After that, it was vaults that were easily exportable and backed up all the way (like most password managers).
I switched to Ente Auth back when Twilio screwed ppl over by eliminating the desktop application. Literally everything about Ente Auth has a better experience than Authy ever was, even before the incident.
Highly recommended by a highly satisfied user.
I am so glad I stopped using Authy and (painfully via the desktop extension and some hacking to get my TOTP keys) migrated to Aegis. I eventually moved from Aegis to keeping everything in Bitwarden + self-hosted Vaultwarden.
If not for a backup on the very old, insecure phone, Authy would cut me off from my codes.
They refuse to start the app on GrapheneOS literally because they cannot be arsed, offloading the claim of security of the handset to Google (which says an old handset not patched in the last 8 years is secure, but the most recent, best patched OS is not).
When the shit hit the fan Authy even removed the way to export the seeds from the desktop version of the app. Big FU to customers.
Never again.
I thought we all moved to Bitwarden a decade ago?
buried lede IMO
> Authy was sold to Twillo in 2015
tl;dr
> Much to my surprise, when checking the App Store page, I saw that an update to the app had been approved by Apple only 14 minutes prior. I downloaded the update, tapped upon one of the previously "locked" items, and entered my backup password. Boom, the previously locked 2FA codes were now unlocked and restored, ready for use.
Authy did this with me years ago, too, destroyed my tokens, I had different lists of tokens on different devices, too - that's why I kept an old phone as it had some of my accounts in there. Do not touch that steamy pile even with a 10-foot pole! It's unfortunately that some providers recognized by your phone number that you have Authy and for you to use it!