Authy desktop error must decrypt
Then you have to enter your password or biometric scan when you use the app, as an extra layer of security on your device. When you set up the app, it asks if you want to encrypt the local database, and you can choose no encryption, biometrics, or a password. I think that's just an FAQ to answer why someone can't use the biometrics on their particular phone. Their system is certainly better than most others. So it's just a minor quirk, I think apps should make the risks more clear. Of course, I suppose it's an option and it's up to the user to allow biometrics anyway.
Some devices have buggy implementations of this feature, resulting in the error displayed to you by Aegis in an error dialog.
AUTHY DESKTOP ERROR MUST DECRYPT ANDROID
For this purpose, we generate and use a key in the Android Keystore, telling it to only allow us to use that key if the user authenticates using their biometrics first. In short, since you're not entering your password when using biometric unlock, Aegis needs some other way to decrypt the vault. Why doesn't Aegis support biometric unlock for my device, even though it works with other apps? I'm not using it so maybe I misunderstand, but from what they explain it's more than just unlocking the app (FAQ on their Github): The biometrics play no part in the authentication between parties, just add an extra hurdle for someone having physical access to your phone, over reading a confirmation texted code. Sure, but that's an extra level of authentication on top - to unlock the app itself. That's where 2FA is a great idea pretty much everywhere, and these buggers know that very well. Then, both parties can agree on codes based on their key and the current time, without communicating at all. The idea of that app is that the two systems - you and the system you're logging into - don't need to communicate or know anything about each other, as long as you have exchanged encryption keys. There are completely open source solutions ( like Aegis) that work using a system called TOTP.
AUTHY DESKTOP ERROR MUST DECRYPT VERIFICATION
Texting a verification to a phone number is actually a terrible way of doing 2FA. The thing is, in principle it is great for security… but it can be implemented in a disingenuous way that is also about getting valuable identifying information, like your phone number. There's a bit of debate around 2FA, with some saying it's a scam, and others saying that's stupid FUD, because it's great for security.
With that Twatter story, just to add to that a bit about 2FA (2 factor authentication), because that's how they got these phone numbers by making a texted authentication necessary for "security".