Any and all advice, guides, and reviews are unbiased and based on my personal experience. If you buy through affiliate links, I may earn commissions, which helps support my website. This does not have an impact on posts or my opinion of any reviewed products. If you find this post helpful and want to say thanks, please buy me a coffee or take a look at my book on Amazon. It keeps this page ad-free. Thank you!
If you’re still using Authy for 2FA/MFA, it’s time to stop. While it was once considered one of the better 2FA/MFA solutions, its lack of an export function, security concerns, and service failures make it clear that Authy is a liability. Worse, it’s owned by Twilio, a company with a troubling track record of security breaches and frequent service outages. If you value portability, security, and control, it’s time to move on from Authy and switch to passkeys while you’re at it.
Can You Export from Authy to Another 2FA/MFA Provider?
No, you cannot. Authy does not allow you to export your 2FA/MFA keys to another provider. Unlike other authenticators that offer backup and migration options, Authy locks users into its ecosystem with no official way to transfer authentication codes.
There are detailed reddit threads discussing man-in-the-middle style proxy attack methods as a way to extract Authy keys, with users attempting various technical workarounds to bypass Authy’s restrictions. I tried this myself, and while I’m technically capable, it ultimately became clear that it was easier to start fresh than to fight against a platform that actively prevents exports. Even if you manage to retrieve some codes, there is no guarantee that all accounts will transfer successfully. So you’ll be forced to manually re-create some if not most keys anyway.
Authy’s refusal to allow exports is a deliberate strategy to keep users dependent on Authy, making migration unnecessarily difficult. If you ever need to switch, you’ll have to manually reset 2FA/MFA on every account, a slow and tedious process that could take hours depending on how many accounts you have. Don’t make a mistake of starting with Authy as your 2FA/MFA solution.
Authy’s Lock-In Strategy and Failures
Authy deliberately locks users into its platform by blocking key exports. A secure authentication app should allow easy migration, independent backups, and full control over authentication keys, but Authy does not.
And that’s not its only flaw. On October 16, 2024, Authy’s iOS app was down for an entire day due to a botched update, preventing users from generating authentication codes. Twilio released a fix the next day, but the damage was done. Some of us were locked out of critical accounts for 24 horus simply because we relied on an Authy and there was no way to escape.
Twilio’s Troubling Track Record
Twilio, Authy’s parent company, has repeatedly suffered security breaches and service failures that put 2FA/MFA users at risk.
- August 2022 – Twilio suffered a phishing attack, exposing 209 customer accounts. Twilio Blog
- July 5, 2024 – Reports confirmed Twilio’s insecure endpoint allowed hackers to scrape Authy user phone numbers, creating widespread vulnerability. TechCrunch
Beyond security concerns, Twilio’s SMS and MMS services frequently experience delivery failures, impacting time-sensitive 2FA/MFA logins and verification codes. If Twilio goes down, Authy fails with it, making it clear that Twilio is not a company users should rely on for authentication security.
Better Alternatives to Authy
If you’re looking for a secure and portable 2FA/MFA authenticator, here are better alternatives that allow key exports and independent backups.
- 2FAS (iOS & Android) – No account signup required, open-source, and browser extensions
- Aegis Authenticator (Android) – Open-source, encrypted backups, and full export functionality
- Bitwarden Authenticator (iOS & Android) – Integrated with Bitwarden’s password manager, offering secure 2FA/MFA storage
Why Passkeys Are an Even Better Alternative
Rather than simply switching 2FA/MFA authenticators, consider setting up passkeys alongside your new authenticator. Passkeys provide a phishing-resistant authentication method that eliminates the need for traditional one-time codes, but you should still keep 2FA/MFA as a backup in case a service doesn’t support passkeys yet.
Google, Microsoft, and Apple are pushing passkeys as the future of authentication.
- Google now makes passkeys the default sign-in method for personal accounts. Google Blog
- Microsoft is leading efforts to simplify authentication while promoting passwordless security. Microsoft Security Blog
- Apple has introduced passkey portability, making adoption smoother across devices. Apple Developer
Final Verdict: Ditch Authy, Embrace Portability and Passkeys
Authy’s lack of exports, Twilio’s security failures, and service outages make it clear that it’s time to move on.
Security should be portable and controllable, not locked into a platform with no way to back up or transfer authentication keys. Find a 2FA/MFA authenticator that allows you to export your keys and maintain personal backups, because authentication security should be under your control, not locked behind forced restrictions.
Any and all advice, guides, and reviews are unbiased and based on my personal experience. If you buy through affiliate links, I may earn commissions, which helps support my website. This does not have an impact on posts or my opinion of any reviewed products. If you find this post helpful and want to say thanks, please buy me a coffee or take a look at my book on Amazon. It keeps this page ad-free. Thank you!