Is the Authy Extension for Chrome Safe to Add to Brave?

bug

#1

Description of the issue:
The Authy Two-Factor Authentication application is available as a Chrome Extension. When I go to the Chrome Web Store (via my Brave Browser on MacOS), find the Authy Extension, and click on the “Add to Chrome” button, a Brave pop-up warns that this extension has not been reviewed by Brave and may be malicious. I want to know if this review is planned; if so, when will it be done; and if not, what risks would I be taking if I ignored the warning.

Steps to Reproduce (add as many as necessary): 1. 2. 3.

  1. In Brave, go to the Chrome Web Store, and find the Authy Extension: URL https://chrome.google.com/webstore/detail/authy/gaedmjdfmmahhbjefcbgaolhhanlaolb?hl=en
  2. Click on the blue “Add to Chrome” button on the upper right corner of the page.

Actual Result (gifs and screenshots are welcome!):
See screenshot.

Expected result:
Now that I have seen the warning, I don’t know what to do about it. Should I just wait (possibly forever) until Brave reviews this particular extension? Can I safely ignore the warning and proceed anyway? Or should I just give up on the hope of ever using Authy from within my Brave browser?

Reproduces how often:

Every time

Brave is up to date

Version 0.58.18 Chromium: 71.0.3578.98 (Official Build) (64-bit)

Reproducible on current live release (yes/no):
yes

Additional Information:


#2

tl;dr: Authy is probably fine. We’re not actively reviewing through the backlog of unreviewed extensions.

Hello, we know that this warning is a little extra. We’re trying to walk the fine line between not telling you that you’re about to do something potentially-dangerous, and getting in your way. Sorry that it’s confusing.

If you know the extension developer, you might reasonably expect that the extension isn’t malicious. For Authy, that’s probably the case. They’re an established security-focused company with a good record. That doesn’t guarantee that nothing’s amiss, but it’s a good bet.

Brave isn’t currently in the process of reviewing all the extensions on the Chrome Web Store. Our current plan is to automatically analyze the most-popular extensions for various sorts of badness, and only show this notice for extensions which haven’t been scanned or where the scan is inconclusive.

Still — installing extensions is one of the most common ways of reducing the security, privacy, and integrity of your browser. So that’s the mindset you should be in whenever you install an extension.


closed #3

This topic was automatically closed after 30 days. New replies are no longer allowed.