If you’re using two-factor authentication (you really should), your mobile phone is probably the second factor, and you copy the security code over to your computer when prompted. Authy eliminates this hassle by putting the security token right on your desktop.
It works as a Chrome app that can be installed on Windows, Mac and Linux (you don’t have to use Chrome as your browser). Any site you can turn two-factor authentication on for and use with Google Authenticator can be added to Authy by copying the code once from Google Authenticator to the app. Then, the next time you have to enter a verification code to one of those sites, you can just copy the code straight from your desktop with the Authy app.
But wait, you say, is this really two-factor authentication and secure if it’s on your computer? Authy’s answer (as you might expect) is yes:
two-factor authentication is still valid regardless of whether the second authentication factor “you have” comes from your mobile phone, your tablet, or right from a desktop app in your laptop. For example, RSA Security, the leader in Two-Factor Authentication also has a desktop application which has been securely deployed at some of the largest and most secure organisations worldwide. What really matters, is that it is something only you can have. When you register your laptop as a new device with the Authy App for PC’s, we use the same secure registration process we use with the mobile app by verifying your identity with your mobile phone number – something only you have access to.
It might feel less secure because you’re not using a separate tangible device, but it’s still two-factor authentication if you’re using multiple “keys”, so to speak, to log in — regardless of where the keys are kept, as long as only you have access to it (for example, some two-factor authentication options send the verification code to your secondary email address — which you might very well access on the same computer you’re trying to log into the site with). With Authy, one of those keys is the computer itself, with the app installed. You’ll only need your phone or other key if you log in on an unregistered computer.
If your computer is lost or stolen, you can deactivate all your tokens using Authy on another device (including smartphones) if you set up the option to encrypt all the local accounts with a master password.
There’s also a Chrome extension that adds phishing protection.
Authy has offered its authentication platform to companies for a few years now, with the aim of making two-factor authentication easier to implement. The new desktop app makes this extra security a bit more convenient for individuals, and could be especially useful for people who don’t have a smartphone. If you’re hesitant, check out Authy’s blog below for possible reassurances (or you could just stick with your phone and its minor inconveniences, of course).