Level up your Twilio API skills in TwilioQuest, an educational game for Mac, Windows, and Linux. Download Now
Build the future of communications.
Start building for free

"authy" posts

  • By David Lowes
    Building Blocks for a Modern and Conversational IVR modern_ivr.png

    Many IVRs expect too much from customers - they lack customizability and require your customers to patiently learn how to use the IVR. What if you could replace this with a natural conversational IVR? What if you could add security and personalized customer data and deploy this using multiple channels? 

    Well, you can! In this two-part blog post, we’re going to use Twilio APIs as “building blocks” to build an IVR for our pseudo-business, Signal Hardware. Here is the stack:


    Layer 1 - Studio and Autopilot

    In the first Layer of our IVR we’re using Twilio Studio and Autopilot to give us structure, flexibility and control of our workflow.

    Studio is a virtual application builder. It allows you to rapidly create communication flows using pre-built widgets. Autopilot is our Natural Language Processing and Machine Learning platform. Where Studio creates our structure inside of a UI, Autopilot allows us to have …

    Read More
  • By Josh Staples
    Elevated Authentication with Authy Elevated Authentication with Authy


    Account security is difficult. Make the requirements too onerous, and no one will adopt your solution; make it too simple, and fraudsters will surely be able to circumvent any protection you provide. In this post, we’ll discuss how to use the Authy product to provide solutions for both regular and high-value users using features present in the Authy product suite. Before we outline that approach, it is best to understand how the current Authy user model and multi-device feature both work.

    Authy User Model

    There is a one to one correlation between a user’s phone number and their Authy ID. The user’s Authy ID is created or provided when you register the user with your service’s workflow. This Authy ID is core to how the Authy API interacts with end-users. 

    If you’re initiating two-factor authentication (2FA) via any of Authy’s authentication channels, the Authy ID is the only piece …

    Read More
  • By Ugendu Ositadinma
    Detect Cellphones and Verify Phone Numbers in Laravel PHP using Authy Detect Cellphones and Verify Phone Numbers in Laravel PHP using Authy.png


    There may be times in building your app that you will need to send an SMS to the phone number of a user. Wouldn't it be awesome if you could confirm that the number supplied is actually a cellphone? Or maybe you want to only send SMS to verified users. With Twilio's Authy API, these use cases are easy to implement. This tutorial is aimed at helping developers to build a phone number validator to verify users phone numbers in any PHP application and check if a number is a cellphone or landline before sending an SMS. 

    Technical Requirements

    For this tutorial, it is expected that you have basic knowledge of the following:

    • Composer
    • Are familiar with Laravel
    • Understand PHP 5+
    • Have a Twilio account

    NOTE: Don’t forget to craft a Laravel project for this purpose. Here’s a link to a guide on the installation process for installing …

    Read More
  • By Simon Thorpe
    Improving user privacy for two-factor authentication Improving user privacy for two-factor authentication

    While it is generally agreed that two-factor authentication (2FA) is an increasingly important means of adding security to your user accounts, you’ve probably heard of stories where the phone number used to enable 2FA ended up part of a data breach or was misused by the website. This has led to an unwillingness with some people to provide their phone number.

    To address this, we updated Twilio’s Authy API to allow 2FA to be implemented on websites without having to collect the phone number from the user.

    Why Authy asks for the phone number

    Before we look at the new change, it’s worth understanding how Authy was designed to use your phone number. There are two elements to the Authy solution, the API which businesses use to integrate 2FA into their applications, and the Authy app which consumers use to generate 2FA codes. The phone number ties the two …

    Read More
  • By Josh Staples
    Fraud Prevention with Twilio Account Security Lookup + Verify for Account Security Best Practices


    Twilio helps a variety of customers in combating fraud. From banks to dating apps, customer use-cases and approaches to addressing fraud can vary, but there are certain best practices that are almost universal. Below are a few of the suggestions we make when engaging with customers.

    Number Format Standardization

    There are a number of ways phone numbers can be formatted. But in order to ensure that each device has a globally unique number, you’ll want to save them in a format referred to as E.164. You can check if the number is valid as well as correctly formatted with the basic Lookup API call. This basic Lookup API is a simple wrapper around the world-renowned libphonenumber library.

    Using basic Lookup is a free, programmatic way to prevent obviously fake and invalid numbers from signing up to your service.

    E.164 Format

    Country Code


    Subscriber Number



    US …

    Read More
  • By Oluyemi Olususi
    Verify Phone Numbers in Symfony 4 PHP with Authy and Twilio SMS Copy of Generic Blog Header 3-2.png


    One of the most appropriate ways to ensure that your application’s database contains only valid phone numbers stored against each user, is by properly verifying the phone number during the registration process. This amongst other things will ensure sanity in your application, reduce the number of false or fraudulent registrations and easily convert this data for marketing purposes.

    In this tutorial, I will show you how to verify phone numbers in a Symfony 4 project by leveraging Twilio’s Verfiy API. Together we will build an application that will capture users’ phone numbers and use Twilio to send a 6 digit code through SMS. After receiving this code, the user will be required to enter it for proper verification.

    Once we are done with the step-by-step process of implementing this feature, you will have learned how to structure a proper registration flow that takes phone number verification into consideration. …

    Read More
  • By Kelley Robinson
    How to use Authy for Offline, Transaction Specific, PSD2 Compliant Authentication IUQz0LthtKSeMEB696SdzuWIk7cICH4sWkbTsXyU8Ea2tfSErofayxwYCm1YxPcy4_LfIAcrVFaG0xjk23I9foPpIoLA_-3rfakSeBOtsjBxs7Jto25FloIAkuCjPON1dbb8FPf_

    One of the best features about using Soft Tokens or Time-based One Time Passwords (TOTP) for authentication is that they are available offline. The European Payment Services Directive (PSD2) regulation requires Strong Customer Authentication (SCA) for all transactions over €30 by September 2019. Part of the regulation requires that SCA ties transaction-specific information to the authentication, called Dynamic Linking.

    This post will show you how to use a new feature of the Authy API and application to implement a compliant offline solution for your application. For more detail on PSD2, SCA, and dynamic linking, check out this post. You can also build SCA with push authorization or SMS, which we show in this blog post.

    Getting Started

    To code along with this post, you’ll need:

    Read More
  • By Nabeel Saeed
    New Authy API Features for PSD2-compliant authentication Authy-Header.png

    From 14th September 2019, millions of European consumers will experience a change in the way they complete online payments. A new European banking law, PSD2, will mandate a stronger form of two-factor authentication (2FA) for all online and over-the-phone payments. This extra layer of friction will impact conversion and sales for online businesses. 

    Twilio has been hard at work to help businesses navigate this massive change and minimize impact. We’ve updated both the Authy API and our free Authy app to help you meet all the requirements of Strong Customer Authentication (SCA) and be PSD2-compliant.

    What’s new?

    PSD2 introduces authentication requirements that go above and beyond typical 2FA:

    1. Each authentication code must be specific to the transaction amount and recipient, and
    2. Both the payment amount and recipient must be made clear to the payer when authenticating.

    The Authy API has several methods for completing authentications. Push authentication meets all …

    Read More
  • By Maciej Treder
    Building Expedited Two-Factor Authentication into Angular Apps with Authy Angular and Twilio logos

    Two-Factor Authentication (2FA) provides web applications with an important additional layer of security, but 2FA requires the user to perform an additional action each time they log in. This extra step can be wearying for users who sign into an application frequently. Is it possible to maintain the security provided by a second factor while making an application convenient for repeat visitors? It is with Angular, Node.js, and Twilio Authy.

    Implementing a “remember me” checkbox on the login page is a convenient way for a user to indicate they are going to be a repeat visitor. Behind the scenes, an encrypted security cookie is a convenient mechanism for identifying a user who has previously checked the “remember me” box and logged in successfully from a specific machine.

    With Twilio Authy and an encrypted cookie, such as a JSON Web Token (JWT), you can make the sign-in process fast and …

    Read More
  • By Kelley Robinson
    What I Learned About Security from Calling 35 Contact Centers 0N_vQj4WWOs80HMrBU48yW3yOn7kzg37I_ILFKy5ifNW0R29Yzlx77PnmLQzENxj2uTf9xk8zGASigas5mL3un8biIBMF4UkBlDVE3dEnzzCqfnsf4uBNnLFV-_YK0F1rw_4PP-R

    Web applications often have secure login systems—maybe even 2FA—but what happens when a customer calls the customer support phone number? Security teams and app developers have thought a lot about online authentication, but haven't applied the same rigor to designing systems for authenticating over the phone.

    At Twilio, product and engineering teams have spent the last year thinking about this problem and how to make the experience better for both the customer and the call center agent. In that time, I've called dozens of contact centers to learn about how everyone from startups to Fortune 50 companies attempt to identify and authenticate the end user. This post will take a look at that research and outline best practices to use in call centers.

    🔍Research Parameters

    To test the over-the-phone authentication, I made a list of companies where:

    1. I have an existing account
    2. There is personal info tied to my account …
    Read More
  • Newer
    Sign up and start building
    Not ready yet? Talk to an expert.