This Authenticator App Did What?


Issue #17

This Authenticator App Did What?

Ahoy there, fellow Netizens! This week, let’s talk about what happened with Raivo, a popular authenticator app for iOS.

Raivo’s nasty surprise

Raivo users had a nasty surprise at the end of May. After updating the authenticator app, they found their 2FA codes had been deleted, locking them out of their online accounts.

Mobime, the company who owns Raivo, announced they found a way for users to restore their codes if they had enabled iCloud backup. Unfortunately, some users reported that this did not work for them. And users who did not have iCloud backup enabled still appear to be out of luck.

To add insult to injury, the update that deleted users’ 2FA codes also appears to have added a paywall to features that were previously free. Not a good look.

I contacted Mobime yesterday to ask if they had any comments about the Raivo situation, but have not heard back.

Raivo's fall from grace

This might make you think Raivo was a shady authenticator, but it had a great reputation in the privacy conscious community and was developed by security researcher Tijme Gommers.

However, it was controversially acquired by Mobime last year. Some users expressed concern about the acquisition because there was little information available about Mobime and the company dodged questions about its plans for the app. This episode suggests users were right to be concerned.

What can you do?

The good news is that there are steps you can take to ensure you don’t get locked out of your online accounts, even if your authenticator app deletes your 2FA codes. However, you’ll need to make sure everything is set up ahead of time.

Here’s what you can do:

  1. Save your backup codes somewhere safe. Most sites will generate a set of backup codes, which are one time use codes you can use in place of your regular 2FA option, when you first turn on 2FA. These codes will save your bacon in a situation like this, so don’t ignore them!
  2. Enable multiple forms of 2FA. Often, sites will allow you to enable more than one form of 2FA. For example, X (formerly Twitter) allows free users to enable both an authenticator app and security keys. If you have both options enabled, then if something goes wrong with one, you can log in with the other instead. However, be wary about enabling weaker forms of 2FA, such as SMS-based 2FA.
  3. If you’re using an authenticator app, save the QR codes you scanned when setting up 2FA. If anything goes wrong, you can use a different authenticator app to scan the QR code and it will generate the 2FA codes for the linked account immediately.

Until next time, stay safe out there!

113 Cherry St #92768, Seattle, WA 98104-2205
Unsubscribe · Preferences

Safe Not Scammed

Subscribe to my weekly newsletter to keep up with the latest hacks, scams and privacy violations, plus what you can do to protect yourself!

Read more from Safe Not Scammed

Issue #18 Why You Can’t Trust Caller ID Image made using Canva Ahoy there, fellow Netizens! This will be the last Safe Not Scammed newsletter for a while, as I’ll be going on hiatus over the summer (and potentially beyond) due to family obligations. Thank you so much for being a subscriber! I hope you’ve found the newsletters useful! Now, let’s talk about why you should never trust Caller ID… What happened to Mark Cuban? Last weekend, Mark Cuban, the Shark Tank star and co-founder of Cost...

Issue #16 Is Recall Worth the Risk? Image made using Canva Ahoy there, fellow Netizens! This week, let’s talk about Microsoft’s latest controversial feature: Recall. Recall is currently available on Microsoft’s AI powered Copilot+ PCs. It allows you to retrace what you were doing on your computer up to three months ago. It does this by taking screenshots every five seconds and storing them locally on your machine, allowing you to explore them later in a timeline format or via search. While...

Issue #15 Be Wary of Google's AI Overview Image made using Canva Ahoy there, fellow Netizens! Today, let’s talk about Google’s AI Overview, which you’ll soon see integrated into Google Search. As its name suggests, AI Overview (previously known as SGE or Search Generative Experience) provides an AI generated summary of the search results for certain queries. And, to make sure you can’t miss it, Google places it right at the top of the search results page. When experimenting with AI Overview,...