How to set up Authy (an alternative to Google authenticator)

[GenTeal 4]

How do you set up Authy with Evernote?  I have an iPhone with the Authy app installed.  I have a Mac desktop that I also need to sync.  Do I only need the Authy app on the iPhone to sync to the Mac?  Where do I find the QR code for Evernote?

BTW, I only use the Evernote app on the Mac and iPhone (I don't usually log into the actual website).  Do I even need an authenticator if I only use my phone app or desktop app?anyway?

All the new changes in Evernote has been such a time waster for me.  I'm not a tech person, and they don't make this intuitive or straightforward.  I also don't want Google authenticator.

[PinkElephant 8,174]

Just follow the instructions, pretty easy.

https://help.evernote.com/hc/en-us/articles/208314238

One of the advantages of Authy is that you can install and use it on different devices.

You can use the same device to run the authenticator app - but the idea is that the additional factor is provided by a different app. This creates the additional security layer of 2FA.

Don‘t forget to print and store the backup keys provided during setup. Don’t store them in your EN account.

[GenTeal 4]

Thank you.

The backup keys...are those the ones that Evernote provides?  If I lose my phone or can't access Authy for some reason, can I still access Evernote using those backup codes and bypass the authenticator?

I did find the EN QR code, and set up a cloud backup code within Authy.  I'm not sure if I did everything correct, or what to look for when logging in, in the future.  I'm still logged in to all the EN apps, I'm just nervous about logging out and if I did it right.  

For future log ins, do I still need to scan QR codes or enter the tokens manually?

[PinkElephant 8,174]

You get 4 rows of numbers from EN during the setup. Each one is a code that can be used if the code generating device is broken or not available.

You need to enter one of them during setup to prove you have gotten them, and taken them out. This will not consume this code - usually it does.

On logging in you first enter user and PW, and on the next screen it asks for the one time cipher. Enter it, and if ok it shows the account.

You can decide to trust this client for 30 days, if you don’t want to enter a fresh code every time.

[GenTeal 4]

Is the one time cipher one of the EN backup codes?  if so, then, how does its normally look when using Authy?  What can I expect?

thank you

[PinkElephant 8,174]

No, the one time cipher is generated by the app. It is based on a „shared secret“ (wrapped into the barcode) plus the exact world time.

Since the secret is stored encrypted, it can’t be read out easily (the apps have different handling procedures for this). The time need to be precise, the code is valid for 30 Seconds and will change after this time. It remains valid for 30 more seconds.

The usual 1-time-cipher-code are 6 digits. You can copy it from the app into the field EN presents.

The long codes are not changing, so they need to be longer. They are only to be used when the changing codes are not available. They are consumed when used.

You can generate new ones, by disabling 2FA, and set it up again.

[VincentC 272]

Also, take a look at Youtube.  I don't use Authy, but I just did a quick search on YouTube for Authy, and YouTube found a half dozen videos showing how to set up Authy.  I find videos like these to be a very helpful addition to written text... maybe one of these will help you.  (I needed to use a YouTube video to help me set up Google Authenticator for my system.)

 

Vinnie