Authy Delivers Two-Factor Authentication Security in Minutes With Twilio SMS

Daniel Palacio, Founder of Authy

Daniel Palacio decided to found Authy in the spring of 2011 following an onslaught of headline-making password breaches. “People’s accounts were compromised, their e-mails and photos stolen, their social profiles spammed, and their bank accounts drained,” he recalled.

As a member of Microsoft’s Windows security team, Palacio knew that the risk of account takeovers was much higher than it needed to be. One simple way to protect consumers is to bolster passwords with two-factor authentication. In addition to typing in a password, with two-factor authentication a user is required to enter a unique code that is sent to his or her mobile device.

Palacio was determined to make it easy for website administrators to add two-factor authentication. Most admins knew their sites would be safer with two-factor authentication, but they were concerned about the burden that administering a password-protection program would have on their IT staffs so they delayed taking any action.

Authy’s solution is to turn two-factor authentication into a cloud service. Rather than implement two-factor authentication and administer it themselves, companies simply connect to Authy’s API. Authy authenticates customers with a secure token whether they are logging in from a regular website or via any mobile app.

From the start, Palacio planned to build a world-class service, which meant he needed a robust way of sending of sending SMS messages. “I chose to use the Twilio’s cloud communications platform because it is simply the best communications platform out there,” Palacio said. Thanks to Twilio’s industry- leading uptime and international reach, Palacio knows that the unique security codes, also known as tokens, necessary for two-factor authentication will be reliably delivered to customers via text message or voice.

“Twilio’s API is really, really good,” Palacio said. “We were able to build robust services that deliver carrier-grade reliability without investing in expensive telecommunications infrastructure.”

In addition to being reliable, Palacio said Twilio’s ease of use couldn’t be beat. “We implemented Twilio in a weekend,” Palacio said. Even better, he said, he didn’t have to touch the code again, even as Authy’s customer base increased by an order of magnitude. “Twilio makes it so easy to scale—all we need to do is let our service grow,” Palacio said.

Palacio said he also appreciates that Twilio continues to lower its prices and add new features. “When I first started using Twilio, it didn’t support international SMS,” Palacio said. In July 2012, Twilio announced a new global expansion. Now Authy can offer service to billions of people in 150 countries and in multiple languages. “That means I don’t have to worry about changing providers as Authy itself adds services and expands internationally,” Palacio said.

  • Pete

    We looked at both Duo Security and Authy for two-factor recently for our company and decided to go with Duo. Authy has easy APIs (like Twilio!), but seems to lack the maturity and backing for a real enterprise integration and rollout.

    • Twilio

      Going with what works for your company is important. As Authy is powered by Twilio, we know the ability to scale for enterprise solutions is possible. Overall, glad to hear you are implementing two-factor, it’s great security for you and your users.