The Authy app for iOS and Android devices allows users to create a 4-digit Protection PIN to restrict access to the app. This guide will cover the Authy app Protection PIN and recovery.
How PIN Protection Works
When the Protection PIN is enabled in the Authy app on iOS and Android devices, users are prompted to create a new 4-digit PIN code or setup biometric check (fingerprint, Touch ID, or Face ID on supported devices) for locking the Authy app. We have a walkthrough for the Protection PIN enable and disable process here: Authy Mobile App Protection PIN for iOS and Android.
The Protection PIN is never sent to Authy. This helps to ensure that no one will be able to access your tokens without passing the PIN or biometric check you created, even in the unlikely event that our servers are compromised.
Since the Protection PIN is never sent to Authy or stored in our servers, Authy support is unable to recover your PIN.
2FA Account Access Options
If you ever forget your Protection PIN, we recommend taking the following steps to regain access to your 2FA accounts:
- Check any Authy installations on other devices (if available) to see if your tokens are present.
- Use the recovery codes provided by the service(s) during 2FA setup to regain access to your account.
Unable to Recover PIN
If you are unable to recall your Protection PIN, this installation can’t be recovered. However, you can still regain access to your Authy account. If Authy Backups are enabled, and you know your Backups password, you can also recover your encrypted 2FA account tokens.
Authy Multi-Device Enabled: If you have Multi-Device enabled, but your device is PIN-locked, you can uninstall and re-install the Authy app to regain access to your account.
- Uninstall the Authy app on your PIN locked device.
- Download and install the Authy app on the same device.
- Once installed, enter your phone number to add this installation to your account.
- Approve this access via SMS or a phone call.
- Select an encrypted token and enter your existing Backups password to decrypt it.
Authy Multi-Device Disabled: If you don’t have Multi-Device enabled, you can start the Account Recovery Process here: https://authy.com/phones/reset/?proceed=true
Notice: This process takes 24 hours; it cannot be rushed due to security protocols. If backups are not enabled, you will lose your 2FA tokens.