Authy 2FA VM Qube

Im sure most of you use 2FA, the more savy would already be using Authy over google authenticator. I thought of the idea of making a dedicated Authy qube that once setup has no network access, creating a secure, isolated way for me to generate 2FA codes, and act as a backup if ever i lose my phone.

Setup:
im using a fedora minimal template

sudo dnf install snapd
sudo ln -s /var/lib/snapd/snap /snap

restart to update pathways

sudo snap install authy

refresh applications & add to shortcuts.
launch app.
enter password for decryption.
shutdown VM.
set network VM to none.
Done.

i allocated only 600mb ram, & 1CPU, a little slow to boot, but find once running operates fine. If you do add more accounts to Authy on your phone, i guess you would just enable network temporarily sync them to your Authy VM qube.

Im sure the even more security minded of you probably rock Yubikeys, and i think the same will be possible using the Desktop Yubico Authenticator which also installs via snap. I havent tried this yet though as all my keys are in authy and im too lazy to change atm.

Otherwise we can use a KeepassXC file dedicated to that :slight_smile:

1 Like

@paskalo wasnt aware of KeePassXC, also looks like a nice option.

I’m a former Authy user. It took me a long time to escape from the Authy ecosystem as you can’t reliably export your keys from their closed system. Beware that you’re swapping one closed system (Google) for another (Authy).

I put my keys in an encrypted StandardNotes note with their TokenVault add-on. You can save all the QR code images and the secret keys so you have a master list.

Another option would be BitWarden.

It’s probably better to use an open-source 2FA manager that lets you move your keys (like KeepassXC).