In this step-by-step guide, learn how to enable the backup feature in the Authy two-factor authentication app.
Twilio’s Authy is a two-factor authentication app that uses a zero-trust approach to protect users from unauthorized access through compromised credentials and weak passwords.
It does this through an easy to use API with the HMAC RFC algorithm. This is a security algorithm that rotates a six-digit token every 30 seconds. These one-time tokens, also known as push notifications or Authy tokens, are more secure than passwords and allow tracking of individual users who authenticate to Authy servers.
You will need to enter one of them to securely access your Authy account. You can use the app to get the randomly generated token, but if you don’t have access to the app, you can request an SMS to be sent to your cell phone.
SEE: Mobile Device Security Policy (TechRepublic Premium)
If you’re offline or low on data and can’t get SMS or Push authentication on your phone or computer, you can still log in using one of your backup codes.
Once a backup code is used, it automatically becomes inactive. If you lose your codes or think they’ve been stolen, you can create a new set of 10 backup codes. The old set of codes will automatically become inactive.
Authy has other features like encrypted backups which add even more security for users and help with account recovery when they lose their device. This guide explains how the Authy Backup feature works and how to enable or disable backups.
How Authy backup works
It is important to note that the Authy Backup feature is optional. You need to manually enable it in the Authy app settings. If you choose not to enable the backup feature, Authy will work like the Google Authenticator app and store your accounts on your phone instead of in the cloud. This means that you will not be able to recover your data if you lose your phone because without backups Authy cannot sync your 2FA tokens to your new device.
When you enable the Authy backup feature, your phone locally encrypts all data from your existing 2FA accounts before sending it to Authy’s cloud servers for storage. You then need to create a key to decrypt your data. This key is your backup password, and it is stored securely on your phone – never sent to Twilio Authy servers.
Only you have access to your backup password and neither Authy nor anyone affiliated with Authy can decipher your data to see what’s inside. This means that if you lose your backup password, Authy cannot restore your accounts. Therefore, it is advisable to memorize your backup password or write it down immediately after creating it and keep it in a safe.
How to Create an Authy Backup Password
Backup passwords allow you to encrypt and decrypt your 2FA account tokens and access all your tokens on an Authy app on other configured devices. Having a backup password also ensures that you always have secure access to your 2FA account tokens in case you lose access to your devices or your Authy account.
After enabling backups, you will be asked to create a password which will be used to generate a secure key to encrypt your Authy 2FA account tokens. It is advisable to use high entropy passwords, or those that lack order and predictability.
Passwords must be at least eight characters with uppercase letters, lowercase letters, numbers, and symbols. You can use password managers as they are one of the easiest ways to generate a strong and secure password.
Can I recover my lost backup password?
Since the backup password is never sent to Authy or stored on their servers, if you lose your backup password, they will not be able to recover your password. This means that if you buy a new phone or want to replace an old or lost device, you will not be able to decrypt your 2FA tokens from the Twilio Authy servers and access them in the Authy app on your new device.
If you still have access to the original device where you first set up the Authy app with your 2FA account tokens, you can reconfigure your Authy app on your new device.
How to reset your backup password
To reset your backup password, you must ensure that all 2FA account tokens are decrypted on your device. Next, go to the settings menu and tap Change Password under the Backup Password section.
Note that once you have reset your backup password on one device, you will need to enter this new backup password on all other devices with your Authy account.
How to Enable or Disable Authy Backups
If you are using the Authy app on Android or IOS, open the app and click the menu icon in the upper right corner. Select Settings, then tap the Accounts tab to enable or disable backups. You will need to enter your backup password to enable backup and sync options.
If you’re using Authy on the desktop app for Linux, macOS, or Windows, open the Authy Desktop app, then click settings in the lower right corner. Navigate to chrome_Settings.pn, then tap the Accounts tab and select Authenticator Encrypted Backups. You will need your backup password.
Unlike other 2FA apps, Authy has an optional cloud backup option and you can use it on many devices.