It’s 2015, and every week there’s another security breach. We’ve learned that retailers aren’t safe from their HVAC vendors, Seth Rogen can stir an international cybersecurity incident, and not even the venerable OpenSSL can be trusted. The only strategy is multiple layers of security, and so every login box on the Internet needs to be secured and secured again.
That’s non-controversial, but doing so has traditionally introduced substantial user friction. Five years ago, two factor authentication required hardware fobs that were expensive – and truthfully, who wants more hardware on their keychain? And what about email-based verification? No one wants to abandon the app and refresh their spam folder. Security is only as good as its usability – the most secure scheme is rendered useless if users don’t adopt it.
Mobile has provided a great solution to create strong identity verification with reduced friction. For the past five years, Twilio customers have been using our voice and SMS APIs to verify a user’s identity via their phone number. In fact, this year Twilio will perform strong identity verification for over half a billion people across apps like Box, Intuit, Github, and more.
But SMS and voice are only part of the picture – and developers building two-factor authentication and phone verification with Twilio have historically had to re-invent their own TFA implementation using our APIs. Beyond voice and SMS, TOTP (time-based one time passwords) is the new(ish) player on the block, but existing mobile solutions to enable TOTP kinda suck (we’re being truthful, right?). Developers love inventing – but re-inventing is just grunt-work.
At Twilio, our goal is to let you build more with less code. And one of our customers has a great solution for developers seeking easy to implement strong identity verification: Authy.
Authy was born because security only works when end-users choose to adopt it. Since 2012, Authy has been laser-focused not only on the great usability of its APIs, but the also end-user experience – making an API that helps you help your users be more secure.
That is why we’re excited today to announce that the Authy team is joining Twilio, bringing a world-class Strong User Authentication API into the Twilio product mix. Authy’s REST APIs and SDKs implement Two Factor Authentication and Phone Verification as a service – so as a developer looking to verify customer identity, you get to git commit faster than ever before. Their API’s let you incorporate two factor, like an SMS or TOTP verification, into your login flow, as well as phone number verification APIs your mobile app signup / signin experience. You can also finally offer TOTP that doesn’t suck – via the Authy mobile app.
Authy is already built on top of Twilio, and their APIs complement ours fantastically so you can get up and running in no time. Try it out here. In the coming weeks, we will incorporate Authy’s developer portal into our Twilio account portal, and integrate their billing into our own – making the developer experience seamless for you.
Authy already protects over 7,000 web and mobile applications – and we hope to grow that number substantially now that we’ve joined forces. And to address the burning question on every M&A announcement: This isn’t a typical acquisition where the Authy team members will be absorbed into the borg and the product slowly forgotten. Nope. Just the opposite – we love the Authy product and are investing massively in expanding its footprint with developers of all kinds. For strong identity verification use-cases, Authy is a more complete solution than Twilio is today – and we’re excited to get it in your hands.
Please join me in welcoming Authy to the Twilio team, #ahoyauthy!
We can’t wait to see what you’ll build!