Authy User: Two-Factor Authentication Evangelism in Argentina

August 13, 2019
Written by
Authy
Twilion

Close-up of a Nikon camera screen showing a man’s face, beside a red logo with a speech bubble.

Authy User: Two-Factor Authentication Evangelism in Argentina

Not long ago, Authy was made aware of some very informed blog posts and tweets on topics like identity, two-factor authentication, cybersecurity, content security, and on-prem, cloud, & hybrid infrastructures. What caught our eye is that the tweets were always so helpful, often going much further than typical 2FA and security recommendations you see on Twitter. 

Turns out that the author of those tweets is blogger Pablo Alejandro Fain, an IT professional based out of Argentina who is also an avid Authy advocate. Pablo can be found alerting people about the benefits of our two-factor authentication service simply because he himself is a fan. We asked if he’d tell us more about his experiences with 2FA and he recently took time out of his workday to chat with us.

AUTHY:  First off, what exactly is it that you do?

For the past eight years, I’ve been a Microsoft Certified Solutions Expert in Productivity, which means I work to help others work and collaborate more efficiently. I’m currently in the process of transforming my role to dedicate myself 100% to Information Security. 

And you’re based in Buenos Aires? 

I mostly work remotely, but I also like to go to the Ernst & Young offices here in Buenos Aires office two or three times a week to meet with other people. My team is distributed worldwide, so it’s challenging to meet them in person, but I like to meet people from other teams, and see how I can help them with my knowledge, etc.

Working with a global team can make in-person networking a bit difficult.

It’s true, but I find that Reddit helps me exchange information and experiences with other people with my same interests. And Twitter is a great place to meet colleagues, and to help non-IT people get involved in the privacy and security fields. I truly believe it’s necessary for people to understand the importance of staying protected online.

So you’re kind of a cybersecurity evangelist!

I was always interested in the security field. Every time I talk to a person — no matter if they’re IT or non-IT — I try to see how they protect their online accounts, and what the industry can do better to help them stay secure.

Which poses the question “How do you stay secure, and how did you come across Authy?”

At the time I started with Google Authenticator, 2FA wasn’t mandated by anyone. In fact, only a few online services had 2FA capabilities. However, I recall that I had to switch between Android devices and lost every security token associated with my device. It was then that I started to investigate other options and came across Authy. With Authy, I’ve switched from Android to iOS, then between multiple iOS devices, and never lost a thing.

How long ago did you move from Google Authenticator to become an Authy user?

I’ve been using Authy for about six years now, ever since I discovered Google Auth couldn’t migrate my seeds from one device to another. I use the Authy iOS app in combination with my YubiKey devices. Whenever I associate my primary YubiKey to a service, my golden rule is to also associate a second key (which is kept safe at home) and also Authy.

So you take cybersecurity very seriously. 

I do. And I keep track of the sites and services where each 2FA form is enabled through tags in 1Password. So far, I have 85 accounts protected by Authy 2FA. Here are some of the sites where I have Authy currently enabled:

1Password, Adobe, Amazon, Atlassian, Azure AD, Bitbucket, WordPress, Buffer, Cloudflare, Devolutions, Digital Ocean, Discord, DNS Made Easy, Dropbox, Enom, Evernote, Facebook, Gandi.net, GitHub, GoDaddy, Google Accounts, Hootsuite, Instagram, MailChimp, Mercado Libre, Microsoft Accounts, Namecheap, PayPal, Sendgrid, and WordPress. 

That’s a pretty impressive 2FA list. 

It’s huge, right? Oh, and LinkedIn, too, this is a new one! The list continues and, in addition to those I just mentioned, I have some cloud servers that I use for personal stuff (like hosting my blog, a Unifi cloud controller, and a VPN server) that I also protect with Authy using your API.

Can we ask what Authy security features are your favorite?

Probably the most important is the combination of 2FA Backups and the Multi-Device feature for when I need to switch between and old and a new phone.

Any suggestions on how we can improve Authy two-factor authentication?

Sure. I’d like to be able to upload my own icons for the accounts that are not Authy-enabled, or for those that you don’t provide a custom logo. And personally, I’d like to see better support for the Apple Watch app, which I need to reinstall every time I add or remove an account.

We’ve got some feature improvements in the pipeline that I’m sure you’ll appreciate and your suggestions will certainly be passed to the Authy engineering team. Anything else?

If I can give readers three recommendations, those will be:

  1. Use a password manager.
  2. Secure your accounts with 2FA.
  3. Backup all your stuff.

Good advice. Thanks, Pablo!