Friday, December 13, 2024

Twilio discontinues Authy’s desktop capabilities, instantly logging out all users.

Twilio discontinues Authy’s desktop capabilities, instantly logging out all users.

Twilio has officially discontinued its Authy for Desktop application, prompting the immediate logout of all users from the software.

By January, Authy announced that its desktop apps for Windows, macOS, and Linux would reach their end-of-life milestone on March 19, 2024, and will subsequently be discontinued in August 2024.

While desktop applications functioned as usual until March, upon opening, a notification emerged, cautioning that the system had reached its end-of-life and urging users to transition to mobile versions immediately.

Authy for desktop warnings

After a 13-day hiatus, Twilio’s sudden move forced users to log out of their Authy accounts on desktop devices, effectively locking them out from re-accessing their profiles using phone numbers.

Authy for desktop users forcibly logged out

Despite numerous warnings, users who persisted in using Authy for Desktop have found themselves unable to access their 2FA accounts until they resync them with a mobile device previously linked.

Despite these efforts, some individuals who synchronized their desktop applications with mobile counterparts discovered that a handful of their affiliated accounts were no longer accessible.

In June, threat actors exploited an exposed Authy API, potentially enabling them to verify whether a phone number was linked to a genuine account.

Hackers exploited a vulnerability in an application programming interface (API), injecting tens of millions of phone numbers that allowed them to create detailed profiles, which were subsequently published on a notorious online forum for cybercriminals.

Twilio promptly addressed the issue by strengthening its API security and introducing a newly updated mobile app framework. Some users may be experiencing issues logging into their Authy accounts on desktop due to the app’s failure to incorporate the latest API fix, which was recently rolled out.

Despite this, Authy unveiled model 3.0 in June, claiming it would be the definitive desktop release, leaving little room for a subsequent iteration.

As part of its planned end-of-life strategy for Authy’s desktop applications, Twilio notified BleepingComputer that affected users were automatically logged out.

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles