Level up your Twilio API skills in TwilioQuest, an educational game for Mac, Windows, and Linux. Download Now
Build the future of communications.
Start building for free

"authy" posts

  • By Brian Iyoha
    Sending One-time Passwords in WhatsApp using PHP, Laravel, and the Twilio API for WhatsApp Send One Time Passwords using Twilio API for WhatsApp

    WhatsApp is often contested as the world’s most popular messaging app, allowing its users to communicate securely and in real-time. As a business owner, you can build upon the speed and security provided by WhatsApp to engage with your customers, send alerts and notifications, provide customer support, or even send One-Time Passwords (OTPs) to your customers.

    In this tutorial, you will learn how to send WhatsApp notifications to your users by sending out one-time passwords (OTP) via WhatsApp using the Twilio API for WhatsApp during registration.


    To follow through with this tutorial, you will need the following:

    Project Setup

    This tutorial will make use of Laravel, so the first step is to generate a new Laravel application. Using the Laravel Installer, generate a new Laravel project by running the …

    Read More
  • By Miguel Grinberg
    Push Two-Factor Authentication in Python with Twilio Authy Push Two-Factor Authentication in Python with Twilio Authy

    Two-Factor Authentication (2FA) is one of the most effective ways to increase the security of online accounts and consequently reduce online identity theft. The 2FA implementation used by most applications is based on the Time-based One-Time Password algorithm, which requires users to read a numeric code from a hardware token generator or smartphone app and enter it on an application’s website to confirm their login attempts.

    Unfortunately, many users find this extra login procedure tedious and inconvenient. There have been efforts to simplify the 2FA flow with the goal of increasing adoption.

    A new method that is gaining popularity is Push Authentication, where instead of expecting a numeric code, the application server sends a push notification to the user’s smartphone. The only action for the user is to tap a button in this notification to confirm that the login attempt is legitimate.

    In this article, I will go …

    Read More
  • By Brian Iyoha
    Securing a Laravel PHP Application with 2FA using Twilio Authy Securing a Laravel PHP Application with 2FA using Twilio Authy

    In this tutorial, you will learn how to secure your Laravel application with Two-factor authentication using Twilio Authy.


    Completing this tutorial will require the following:

    Getting Started

    Create a new Laravel project using the Laravel Installer. If you don’t have it installed or prefer to use Composer, you can check out how to do so from the Laravel documentation. Run the following command in your terminal to generate a fresh Laravel project:

    $ laravel new twilio-authy

    Next, you will need to set up a database for the application. For this tutorial, we will make use of MySQL database. If you make use of a database administrator like phpMyAdmin for managing your databases then go ahead and create a database named twilio-authy and skip this section. If not, install MySQL from …

    Read More
  • By Nabeel Saeed
    Staying Safe on CyberMonday authy-blog-image

    Online shopping doesn’t wait for Cyber Monday. Walmart started dropping prices on October 25th, a full month before Black Friday — the day after Thanksgiving — and consumers were ready for them: 45% of respondents in a recent survey said they already made plans to start holiday shopping before November. In fact, 54% of those surveyed said they intend to shop online during the five days between Black Friday and Cyber Monday.

    The popularity of Cyber Monday, combined with the availability of public Wifi and the simplicity of one-touch mobile transactions, gives cybercriminals and hackers with bad intentions a perfect opportunity to take advantage of unsuspecting consumers. As with every year, there are sure to be plenty of bogus websites and phony emails intent on separating you from your money — or worse — your identity. So, if you’re planning on post-Thanksgiving shopping from your laptop or mobile device …

    Read More
  • By Nabeel Saeed
    Authy trust-chain for added devices Authy-Header.png


    Lately, we've seen a number of news items concerning SIM swapping. That's where hackers take advantage of limitations in mobile devices and SMS-based communications to commit identity theft or account takeovers. There have even been some questions about whether authenticator apps that don't rely on SMS for token delivery are also susceptible. Or whether or not a SIM swap would enable a hacker to assume control of a phone number and install an authentication app to gain access to an already-protected online account.

    Twilio is now providing tools to help our authentication customers address this  issue. Working together, the Authy authentication API and the free Authy 2FA app create a chain of trust that allows Twilio/Authy customers to determine which end-user apps to trust for authentication. They record uniquely identifiable numbers assigned to every installed app, as well as the sequence of app installs and the methods of installation. Through …

    Read More
  • By David Lowes
    Building Blocks for a Modern and Conversational IVR modern_ivr.png

    Many IVRs expect too much from customers - they lack customizability and require your customers to patiently learn how to use the IVR. What if you could replace this with a natural conversational IVR? What if you could add security and personalized customer data and deploy this using multiple channels? 

    Well, you can! In this two-part blog post, we’re going to use Twilio APIs as “building blocks” to build an IVR for our pseudo-business, Signal Hardware. Here is the stack:


    Layer 1 - Studio and Autopilot

    In the first Layer of our IVR we’re using Twilio Studio and Autopilot to give us structure, flexibility and control of our workflow.

    Studio is a virtual application builder. It allows you to rapidly create communication flows using pre-built widgets. Autopilot is our Natural Language Processing and Machine Learning platform. Where Studio creates our structure inside of a UI, Autopilot allows us to have …

    Read More
  • By Josh Staples
    Elevated Authentication with Authy Elevated Authentication with Authy


    Account security is difficult. Make the requirements too onerous, and no one will adopt your solution; make it too simple, and fraudsters will surely be able to circumvent any protection you provide. In this post, we’ll discuss how to use the Authy product to provide solutions for both regular and high-value users using features present in the Authy product suite. Before we outline that approach, it is best to understand how the current Authy user model and multi-device feature both work.

    Authy User Model

    There is a one to one correlation between a user’s phone number and their Authy ID. The user’s Authy ID is created or provided when you register the user with your service’s workflow. This Authy ID is core to how the Authy API interacts with end-users. 

    If you’re initiating two-factor authentication (2FA) via any of Authy’s authentication channels, the Authy ID is the only piece …

    Read More
  • By Simon Thorpe
    Improving user privacy for two-factor authentication Improving user privacy for two-factor authentication

    While it is generally agreed that two-factor authentication (2FA) is an increasingly important means of adding security to your user accounts, you’ve probably heard of stories where the phone number used to enable 2FA ended up part of a data breach or was misused by the website. This has led to an unwillingness with some people to provide their phone number.

    To address this, we updated Twilio’s Authy API to allow 2FA to be implemented on websites without having to collect the phone number from the user.

    Why Authy asks for the phone number

    Before we look at the new change, it’s worth understanding how Authy was designed to use your phone number. There are two elements to the Authy solution, the API which businesses use to integrate 2FA into their applications, and the Authy app which consumers use to generate 2FA codes. The phone number ties the two …

    Read More
  • By Ugendu Ositadinma
    Detect Cellphones and Verify Phone Numbers in Laravel PHP using Authy Detect Cellphones and Verify Phone Numbers in Laravel PHP using Authy.png


    There may be times in building your app that you will need to send an SMS to the phone number of a user. Wouldn't it be awesome if you could confirm that the number supplied is actually a cellphone? Or maybe you want to only send SMS to verified users. With Twilio's Authy API, these use cases are easy to implement. This tutorial is aimed at helping developers to build a phone number validator to verify users phone numbers in any PHP application and check if a number is a cellphone or landline before sending an SMS. 

    Technical Requirements

    For this tutorial, it is expected that you have basic knowledge of the following:

    • Composer
    • Are familiar with Laravel
    • Understand PHP 5+
    • Have a Twilio account

    NOTE: Don’t forget to craft a Laravel project for this purpose. Here’s a link to a guide on the installation process for installing …

    Read More
  • By Josh Staples
    Fraud Prevention with Twilio Account Security Lookup + Verify for Account Security Best Practices


    Twilio helps a variety of customers in combating fraud. From banks to dating apps, customer use-cases and approaches to addressing fraud can vary, but there are certain best practices that are almost universal. Below are a few of the suggestions we make when engaging with customers.

    Number Format Standardization

    There are a number of ways phone numbers can be formatted. But in order to ensure that each device has a globally unique number, you’ll want to save them in a format referred to as E.164. You can check if the number is valid as well as correctly formatted with the basic Lookup API call. This basic Lookup API is a simple wrapper around the world-renowned libphonenumber library.

    Using basic Lookup is a free, programmatic way to prevent obviously fake and invalid numbers from signing up to your service.

    E.164 Format

    Country Code


    Subscriber Number



    US …

    Read More
  • Newer
    Sign up and start building
    Not ready yet? Talk to an expert.