Migrating from Authy to Aegis for 2FA

Disclaimer: This is another potentially incomplete article. I just want to share my knowledge and keep personal notes.

Context and background:

I love Multi-factor Authentication (MFA/2FA). I use it whenever and wherever I can. For most cases, I prefer using TOTP, as they are universal. I also love my YubiKey – but to me, that has slightly fewer use cases and is slightly less universal (since the backup method involves physically maintaining multiple keys – which I happily do, but prefer not to do all my 2FA through them). I use my YubiKeys primarily for U2F web-apps.

Anyway – Since I work in various capacities across multiple organizations, I have numerous (over 100) 2FA accounts that are currently in Authy. All the ‘migration’ techniques I found were insufficient at that scale.

REMINDER: Reasons to switch from Authy

Steps:

  1. Follow the guide(s) here to get Chrome Console output. (https://gist.github.com/gboudreau/94bb0c11a6209c82418d01a59d958c93#gistcomment-3240205) (https://gist.github.com/gboudreau/94bb0c11a6209c82418d01a59d958c93#gistcomment-2224133) (https://gist.github.com/gboudreau/94bb0c11a6209c82418d01a59d958c93)
  2. Once you have that output, modify the script to remove the QR code generation, by removing the last few lines of the pasted JavaScript `
		let url = (new QRious({value: totp_uri, size: qr_size})).toDataURL();
		console_image(url, qr_size);

3. Copy all that to a text file

4. Run the following Bash script against the output to generate the otpauth links that can be easily imported into Aegis via their “plaintext” importer.

#!/bin/bash
input="/path/to/file"
while IFS= read -r var
do
  if [[ $var =~ ^TOTP\ URI.* ]]; then
   otpauth=$( echo -n $var | cut -c 11- )
  echo "$otpauth"
fi
done < "$input"

5. Import the resulting text/file into Aegis, and be happy! (execute script, cat to file, import file into Aegis)

Leave a Reply

Your email address will not be published. Required fields are marked *