Level up your Twilio API skills in TwilioQuest, an educational game for Mac, Windows, and Linux. Download Now
Build the future of communications.
Start building for free

Authy 2FA posts

  • By Joseph Udonsak
    Implement Two-Factor Authentication With Symfony and Twilio's Authy App and API Implement Two-Factor Authentication With Symfony and Twilio's Authy App and API

    The username and password are dead! Well, not really. But considering the times we live in, it’s dangerous to rely on them alone. Computers are getting faster and better at guessing our passwords. And there are numerous databases containing stolen passwords roaming the web. Consequently, you also need to use Two-factor Authentication (2FA) in order to keep your account safe.

    In this article, I will show you how to implement Two-factor authentication in a Symfony application using the Authy app to add an extra level of authentication to the traditional login form.


    Let's get started

    To get started, create a new Symfony project, named 2-fa-demo, and switch to the newly created project’s directory using the commands below.

    symfony new 2-fa-demo
    cd 2-fa-demo

    Next, you need to install …

    Read More
  • By Michael Okoko
    Secure Sensitive Laravel Routes With Two-factor Authentication Using Authy Secure Sensitive Laravel Routes With Two-factor Authentication Using Authy

    Sometimes, you want your application to confirm user identities even when they are logged in. This is especially useful for sensitive routes and actions like deleting a user-owned resource, updating a delivery address, or completing a financial transaction where you want to be sure that the user’s session hasn’t been hijacked. This process is called re-authentication and is supported by the Laravel framework out of the box with the password.confirm middleware.

    In this tutorial, we will implement a new Laravel middleware that asks users to verify themselves before allowing them to access select routes. Our sample application is a notes application where we need to confirm a user’s identity before they can delete an existing note. The verification is done using a code sent to their Authy application, though you can replace that with a regular SMS if you so chose.

    Jump directly to the Implement the Verification Middleware section …

    Read More
  • By Nabeel Saeed
    Introducing Verify Push beta Verify Push Header

    We're excited to announce that we have expanded our Verify solution to include a Push channel. Built using trusted Public Key Cryptography, Verify Push enables customers to validate users during sign up, login, and transactions without the risks, hassles or costs of One-Time Passcodes (OTPs). This end-to-end API service allows customers to add a low-friction, secure, cost-effective, “push verification” factor into their application flows.

    Verification simplified

    Companies use a One-Time Passcode (OTP) sent via SMS or Voice to confirm possession of a phone. With widespread prevalence of mobile phones capable of receiving an SMS or voice call, companies have for many years used these channels as primary options for a second factor in verifying user identity. Email is another great option for verifying users. With almost universal reach, it can supplement SMS and Voice as a verification channel.

    Since its inception in 2015, Twilio Verify has been working with companies …

    Read More
  • By Miguel Grinberg
    Push Two-Factor Authentication in Python with Twilio Authy Push Two-Factor Authentication in Python with Twilio Authy

    Two-Factor Authentication (2FA) is one of the most effective ways to increase the security of online accounts and consequently reduce online identity theft. The 2FA implementation used by most applications is based on the Time-based One-Time Password algorithm, which requires users to read a numeric code from a hardware token generator or smartphone app and enter it on an application’s website to confirm their login attempts.

    Unfortunately, many users find this extra login procedure tedious and inconvenient. There have been efforts to simplify the 2FA flow with the goal of increasing adoption.

    A new method that is gaining popularity is Push Authentication, where instead of expecting a numeric code, the application server sends a push notification to the user’s smartphone. The only action for the user is to tap a button in this notification to confirm that the login attempt is legitimate.

    In this article, I will go …

    Read More
  • Newer
    Sign up and start building
    Not ready yet? Talk to an expert.