How to use Authy: A guide for beginners
It’s becoming more common for users to enable two-factor authorization when accessing their various accounts on the internet. The addition of 2FA over a simple password provides an increased layer of security and protection from hacking and phishing attacks.
The popular Authy app has become the choice for many when handling their 2FA authentication. Below we’ll look at how to use Authy and get it up and running quickly to provide your accounts with an extra layer of security.
Using the Authy mobile app and desktop version
Authy works on both mobile and desktop with the ability to sync your various devices together. This means that once synced, you can use either the mobile version or your desktop when logging into any site that requires 2FA.
SEE: Password breach: Why pop culture and passwords don’t mix (free PDF) (TechRepublic)
To begin, install the mobile version. To do this, go to the iOS App Store or Google Play Store and download Authy as you would with any other app. Make sure to download the official version by Twilio.
Once downloaded, launch the app and you will be greeted by the main setup screen. This screen will ask you for your country code and phone number (Figure A).
Figure A
Enter the phone number for your device, then confirm. At this point, Authy will then need to verify your phone number by either sending a text message or an automated call. Once you receive the confirmation via SMS or voice call, enter it into the field provided.
Authy is now installed on your phone and you are ready to start adding accounts for 2FA authentication.
Setting up your accounts to use Authy for 2FA
Now you will want to start adding specific login accounts that you want protected by Authy. This process will vary slightly between different platforms and websites, but ultimately it’s the same across all sites.
In this example, we will be using GitHub, but almost any web account works the exact same way.
In GitHub — or whatever account you choose to protect — go to the Settings area for your account (Figure B). This is usually accessed via clicking on your account name or the three horizontal lines indicating a menu drop-down.
Figure B
From there, click on Passwords and Authentication (Figure C). In some menus, this option will be called Security.
Figure C
On the next page, select Enable Two-Factor Authentication (Figure D).
Figure D
At this point, most sites will ask if you want to use an app such as Authy or use SMS (Figure E). In this case, we will select Authy.
Figure E
You will then be presented with a QR code (Figure F). This is the code you will scan from the Authy mobile app to link the two applications.
Figure F
Return to the Authy mobile app. If this is a new install, the app will only display a + icon. Click this to add a new account. Otherwise, click the top right menu and select Add Account (Figure G).
Figure G
The app will then tell you it’s ready to scan the QR code. Click the blue bar that reads Scan QR Code (Figure H).
Figure H
Then simply use your phone’s camera to scan the QR code on the screen. Authy will recognize the QR code and present you with a six-digit PIN code to enter into the website (Figure I).
Figure I
Enter this code and you have completed the process of enabling two-factor authentication with Authy. Whenever you log in to that account, you will be required to enter the six-digit PIN provided by Authy.
This is a constantly changing PIN and resets every 15 seconds. The next time you log in, you will need to enter the new PIN provided by Authy before the code resets. If it resets before you log in, just use the next code presented by the Authy app. Never share this PIN with anyone.
Using Authy on desktop and syncing devices
Now that Authy is set up on your phone, you’ll want to add your desktop computer so that you can log into sites without the need to always have your phone handy.
Begin by clicking the top right corner in the mobile app and clicking Settings. You will then want to click Enable Multiple Devices (Figure J).
Figure J
Once done, go to the Authy website on your desktop browser and click the download link at the top of the page. Then select your operating system — either macOS or Windows. Once downloaded, you will install the program as you do with any other application on your computer.
Authy will then load after being installed and the screen will be virtually identical to the mobile version you just installed earlier.
At the first screen, once again enter your phone number. Make sure it’s the same one you used to set up the mobile Authy app (Figure K).
Figure K
Once entered, the Authy app on your phone will be notified and alert you that a new device wants to be synced to the account (Figure L).
Figure L
You will be asked to confirm this sync by manually typing OK. Do this and then you will receive a confirmation page. The process is now complete and your desktop Authy is synced with your mobile version.
All accounts added with one device will be instantly shared across all devices you add.
Remember to enable backups for Authy
There is another crucial step when using Authy that is sometimes not enabled by default. This is to enable a backup password. This is one of the most important steps, because if your phone or device is lost or damaged, there will be no other way to retrieve your accounts other than using this password.
To enable this feature, go to the top right corner of the mobile app and select Settings. From there, click on Enable Backups (Figure M).
Figure M
Note: On some new Authy installs, the prompt to enable password backups may appear when attempting to add your first website account. In this case, simply create your password at that time.
This password is very important, so make sure to write it down, verify it’s correct and then store it in a safe place. There is no way to retrieve or recover this password. So if you lose it or forget it and your devices become inoperable, you will be unable to gain access to your website login accounts.
Once you have your backup password set up, that’s everything there is to using Authy. If you add new accounts or devices in the future, the process will be exactly like the previous examples outlined in this guide.