Authy Backups Password Retrieval

For greater security, Authy does not store a copy of your backup password anywhere on our server. When you input the password, Authy checks it by generating a hash with the local copy of the tokens on the app which are encrypted using SHA-1, and checking that hash against the backed up and encrypted copies of the tokens on our server. Conclusion: only you know the password. If you have forgotten your Authy backups password, you will not be able to retrieve your tokens data unless you have a backed up image / restorable copy of the mobile app on your operating system or cloud backups.

Authy backups are designed so that only the person with the password can access them. There is no way to get back to your accounts without the backup password, short of using an account recovery process for each website (typically a phone verification, one-time backup code, or contacting their support).

If you are stuck on an error saying "you must decrypt your tokens" this means you must enter your password before adding more accounts. This is to make sure all copies of your tokens are using the same encryption password. If you forgot the backups password, you'll have to delete all the accounts in Authy (one by one) and re-scan your data. You may need to contact support services of any sites you are locked out of, but often, services like Gmail and Facebook will allow SMS login as a backup if you still have your old phone number. In other cases such as Evernote, only the "recovery codes" given during 2FA setup will allow access - their support team probably will not be able to help. Authy has no way of contacting providers who only offer QR code two factor authentication.

Have more questions? Submit a request