Comment by SanityInAnarchy on 07/05/2019 at 07:18 UTC

1 upvotes, 0 direct replies (showing 0)

I'm a fan of two-factor generally, but not a fan of TOTP (let alone SMS) now that U2F exists. Unfortunately, Reddit still doesn't support U2F.

And I feel that Authy's backup defeats the purpose of two-factor; if the data is stored in the cloud, what secures that cloud? Possible answers:

If it's just another password, then what you really have is one factor with extra steps.
If it's TOTP stored in Authy, then you don't really have a cloud backup, since how will you access that cloud to restore Authy without already having Authy?
If it's U2F, then this is an elaborate and inconvenient workaround for the site in question not supporting U2F directly. (Reddit, please!)

Replies

There's nothing here!