Authy: Does multi-device mode imply that all keys are stored on their servers?

At least in the latest versions of Authy's Android application authenticator tokens, such as your Gmail TOTP, are sent to api.authy.com only after being encrypted using an AES key derived from your backup password and a randomly generated salt using PBKDF2.

According to this source information sent from the API to your mobile phone has the following format:

 {
 "account_type": "gmail", 
 "encrypted_seed": "UZNL+UPVK+5RYUoBlhkuQzCcOb3nMdYxKGFmHEZ4TMxTX7MOPJUayQAMDVJ", 
 "name": "My Gmail Account", 
 "original_name": "Google:[email protected]", 
 "salt": "N2QqyJrn7cOHBqTY32uY1cL4IHCANm", 
 "unique_id": "0000000000"
 }, 

In other words, your Gmail TOTP secret seed should be safe with Authy even if they get compromised and the database is leaked.


First, remember that Authy allows you to use any TOTP token (like Google authenticator), but they also offer their own proprietary 2FA method. In Authy's method, the account provider must integrate Authy into their authentication mechanism, not just implement the TOTP standard. In this method, Authy issues the seeds, and this also allows them to support push notifications when you are trying to sign into one of your accounts that uses this method.

So for multi-device using the Authy method, the seed does not have to be shared because they can just issue a new one. But for a TOTP account, they can't issue a new seed--the account provider has to do that. So their solution is to store those for you in their servers, encrypted by what they call your backup password.

(This is also what allows you to recover your tokens if you lose your device.)

So see, they were storing those anyway if you had backups enabled. If you don't want them to store those seeds, then you can have backups and multi-device turned off, but then what's the point of using Authy over Google Authenticator? Even if Authy's servers are compromised, you're still the only person who knows your backup password (which is hopefully unique). It's a pretty good system IMO.