One of the main reasons why Authy was able to lead our list of the best two-factor authentication apps was its ability to transfer access to a new device. This feature ensures that you do not lose your tokens each time you receive a new phone. However, if the process does not work properly, you can make your account vulnerable.
With Authy, you do not have to worry about losing access to important online accounts just because your phone is lost, broken or stolen. You can either transfer access from one phone to another, or keep your account accessible on two devices, making it even easier for you to access your tokens. Both options have similar procedures, differing only by one step I outline below
: Download Authy on the new phone
Obviously you need Authy on the new phone to get started. Go to the Play Store or App Store and download Authy.
To transfer access, you must enable Multi-Device, a feature that is disabled by default. Open Authy on your old phone and select "Settings" (on iOS) or the three vertical dots and then "Settings" (on Android). The next page will look different depending on the operating system of your device.
For iOS, select the Devices tab at the bottom of the screen. For Android you will find the same tab at the top of the screen. Under the "Allow multi-device" tab, select to enable switching.
On your new phone, when you open Authy you will see a page asking for your phone number. Authy uses your phone number as a way to store your account for easier retrieval. When you're done, a new prompt will appear asking you to confirm your account in three ways: with your old device, by phone, or by text message. Since using an existing phone is the simplest and safest method, we'll start with it.
Select "Use Existing Device" to display a new prompt prompting you to wait for the permit. A notification appears on your old phone asking you to approve the new device. Select "Accept" and a new pop-up will appear asking you to enter "Yes" (for iOS) or "OK" (for Android). Enter the text and select "OK", and after a few seconds, your new device will have access to your account.
If you do not have the old phone (because it's broken or stolen), you can still use "SMS" or "Phone Call" to enter the code. If you select "SMS", the system sends you a text message with your code, which you enter in the displayed area. For "Phone Call," Authy calls your phone number and reads the code you need to enter. Once the code is entered correctly, you can see all your accounts.
You may have noticed that all your accounts have a small red padlock next to their name. This icon indicates that these accounts are encrypted and that a password must be entered before you can access them. Select an account to go to the "Decrypt Accounts" page. Enter your password (the password you created when you first logged in to Authy) and click the button.
Once you've got it right, you will not see the red padlock anymore and you can see every token for your accounts.
After you successfully transfer your accounts, you can restore the protection. First, if you get rid of your old phone or plan to keep it, make sure somebody else can not access your account with just your password.
Because phone number spoofing is possible, you must prevent a potential hacker from adding your device to the list of connected devices. Therefore, you should disable the "Allow multi-device" option (which you enabled in step 2). Disabling this feature will prevent a hacker from transferring access to their device.
Second, if you sell your old phone or it's lost or stolen, you should remove its access for someone to use it. Devices can not access your tokens. Enter "Settings" and under "Devices" select a device under the grouping Other connected devices . Tap the "Remove Device" button and choose "Yes" in the pop-up window.
Now it has been removed, a few things are happening. All Authy-powered tokens (using authy push notifications to send tokens) no longer work on the new device. Backup and sync no longer work and prevent permanent changes to your token. The remote device will also be unable to add new tokens or authorize new devices.
You should know that it does not block access to tokens that are not operated by Authy (which is probably the most accounts). Use a password manager for these accounts to strengthen your other defense layer.