You are reading a single comment by @Velocio and its replies.
Click here to read the full conversation.
-
Authy encrypts on the client.
It is plausible that with centralised storage that a state-level attacker could use secret legal processes to gain access, and super computers to attack the crypto... so in that respect he's right.
The question is whether you really think that is plausible and even the weakest link.
I very much doubt any hack is going to do it though... they sensibly use client side encryption using the master key you provide. This is why they put you through the process of forcing you to remember your backup password... if you lose it, there's nothing they can do to help you.
Velocio
@Velocio apologies for the summoning, but a friend was spouting some anti-Authy drivel related to all the data being stored on their server, suggesting one hack and all the data is compromised. Since I know you recommend Authy and I assumed you wouldn't if they had a serious flaw like he was suggesting I was wondering if you could spare a couple of mins to tell me why he's wrong.