Level up your Twilio API skills in TwilioQuest, an educational game for Mac, Windows, and Linux. Download Now
Build the future of communications.
Start building for free

two-factor authentication posts

  • By Kelley Robinson
    Best practices for managing retry logic with SMS 2FA best practices for managing retry logic with SMS 2FA

    Humans are impatient creatures, so while SMS verification or two-factor authentication (2FA) codes may come through quickly in most parts of the world, we always recommend building retry buffers into verification workflows. This helps prevent:

    • Accidentally spamming a user with repeated text messages
    • Hitting API rate limits
    • Toll fraud or unnecessary spend

    While the best practices in this post are written with the Twilio Verify API in mind, many apply regardless of your 2FA provider. Combined with other best practices like building an allow list of country codes to verify, these steps can help make sure your user verification workflow is as seamless as possible.

    Launch a demo application with SMS retry best practices

    This project is also available to Quick Deploy on the Twilio Code Exchange -- no code required!

    I built an application that shows off the best practices outlined in this post. The application is quick to …

    Read More
  • By Phil Nash
    HTML-Attribute für eine bessere Benutzererfahrung bei der Zwei-Faktor-Authentisierung HTML-Attribute für eine bessere Benutzererfahrung bei der Zwei-Faktor-Authentisierung


    Hallo und Danke fürs Lesen! Dieser Blogpost ist eine Übersetzung von HTML attributes to improve your users' two factor authentication experience. Während wir unsere Übersetzungsprozesse verbessern, würden wir uns über Dein Feedback an help@twilio.com freuen, solltest Du etwas bemerken, was falsch übersetzt wurde. Wir bedanken uns für hilfreiche Beiträge mit Twilio Swag :)

    Es gibt viele Reibungspunkte, die sich auf die Benutzererfahrung bei der Anmeldung auswirken können, vor allem bei der Eingabe eines Codes für die Zwei-Faktor-Authentisierung. Unsere Aufgabe als Entwickler ist es, Anwendungen zu erstellen, die zwar die Kontosicherheit im Auge behalten, aber nicht die Benutzererfahrung beeinträchtigen. Manchmal erscheint es einem aber fast so, als ob sich diese beiden Anforderungen ausschließen.

    In diesem Blog betrachten wir uns das bescheidene <input>-Element und die HTML-Attribute, die zu einer besseren Erfahrung unserer Benutzer bei der Zwei-Faktor-Authentisierung führen können.

    Die Standarderfahrung

    Wenn wir eine Zwei-Faktor-Authentisierung für eine Webanwendung implementieren, vielleicht sogar …

    Read More
  • By Luís Leão
    Como usar a API Authy com o Google Authenticator (ou qualquer app autenticador compatível) Como usar a API Authy com o Google Authenticator (ou qualquer app autenticador compatível)

    TOTP, ou Time-based One-time Password (senha de uso único), é uma maneira de gerar tokens de autenticação de curta duração que são comumente usados para autenticação de dois fatores (2FA). O algoritmo de TOTP é definido no RFC 6238, o que significa que o padrão aberto pode ser implementado de forma compatível em vários aplicativos. Você pode estar familiarizado com a TOTP de aplicativos como o Authy ou o Google Authenticator, mas há muitas outras opções, incluindo o Duo e o Microsoft Authenticator.

    Fazer com que os usuários habilitem a 2FA é metade da batalha para melhorar a segurança da conta. Portanto, recomendo dar flexibilidade aos clientes para que eles escolham o app autenticador de sua preferência.

    A API Authy (conectado a, mas diferente do app Authy) tem como padrão inscrever o usuário no Authy App mas esta publicação mostrará como a API pode permitir que seus clientes usem …

    Read More
  • By Kelley Robinson
    5 raisons qui prouvent que l'A2F par SMS est encore là pour un moment 5 raisons qui prouvent que l'A2F par SMS est encore là pour un moment

    Chaque solution de sécurité représente un équilibre délicat entre la protection de quelque valeur et la fourniture d’accès utilisable aux bonnes personnes. Nous sommes tous constamment en train d’évaluer les compromis et de calculer les risques dans le but de trouver le bon équilibre entre sécurité et facilité d’utilisation. Quand il y a plus d'enjeux, les gens sont prêts à ajouter des frictions et protections supplémentaires. Dans le monde physique réel, cela se traduirait par un appartement personnel qui n’est protégé que par un simple verrou, alors qu’un magasin de bijoux investit dans un système d’alarme.

    Pour les affaires en ligne, l’authentification par SMS est depuis longtemps un choix populaire pour sécuriser les comptes des clients. C’est un canal facile et familier à déployer, et l’usage de l’Authentification à Deux Facteurs (A2F) a connu une croissance de 9% au cours des deux dernières années. Tandis que les canaux SMS soulèvent …

    Read More
  • By Kelley Robinson
    5 reasons SMS 2FA isn't going away 5 reasons SMS 2FA isn't going away

    Every security solution is a delicate balance between protecting some kind of value and providing usable access to the right people. We're all constantly evaluating the tradeoffs and calculating risk in order to find the right balance of security and usability. When there's more at stake, people are willing to add additional friction and protections. In the physical world that could mean a personal apartment has a simple deadbolt while a jewelry store invests in an alarm system.

    For online business, SMS authentication has long been a popular choice for securing consumer accounts. It's an easy and familiar channel to deploy and SMS two factor authentication (2FA) usage has even grown 9% in the last two years. While the SMS channel has legitimate security concerns, businesses should consider their threat model and offer a spectrum of 2FA options. Offering more secure channels like authenticator apps and push authentication is especially …

    Read More
  • By Joseph Udonsak
    Implement Two-Factor Authentication With Symfony and Twilio's Authy App and API Implement Two-Factor Authentication With Symfony and Twilio's Authy App and API

    The username and password are dead! Well, not really. But considering the times we live in, it’s dangerous to rely on them alone. Computers are getting faster and better at guessing our passwords. And there are numerous databases containing stolen passwords roaming the web. Consequently, you also need to use Two-factor Authentication (2FA) in order to keep your account safe.

    In this article, I will show you how to implement Two-factor authentication in a Symfony application using the Authy app to add an extra level of authentication to the traditional login form.

    Prerequisites

    Let's get started

    To get started, create a new Symfony project, named 2-fa-demo, and switch to the newly created project’s directory using the commands below.

    symfony new 2-fa-demo
    cd 2-fa-demo
    

    Next, you need to install …

    Read More
  • By Kelley Robinson
    Understanding push authentication understanding push authentication

    Push authentication is one of the most secure and easy to use forms of user authentication. When a company issues an authentication challenge, the user only has to tap allow or deny when they receive the push notification on their phone—much easier than typing in a one-time password (OTP).

    push authentication gif showing a user logging in on desktop, receiving a notification on their mobile phone, tapping approve, and the desktop login succeeding.

    Using push authentication means a company can also add useful context about the authentication event. Think of things like payments: instead of just sending a code, the authentication request can include information about the payment like the amount and recipient. Even better, because it's one of the few forms of authentication that lets the user deny an authentication attempt, companies can take advantage of that information to identify real time phishing attacks or other malicious activity.

    Push authentication also uses public key cryptography under the hood to link a single device (like a user's phone) to their identity. That makes it …

    Read More
  • By Kelley Robinson
    Comprendre l'authentification Push Comprendre l'authentification Push

    L’authentification Push est l’une des formes d’authentification utilisateur les plus sécurisées et faciles à utiliser. Lorsqu’une compagnie émet un défi d’authentification, l’utilisateur n’a qu’à appuyer sur allow (autoriser) ou deny (refuser) lorsqu’il reçoit la notification push sur son téléphone - bien plus simple que devoir entrer un mot de passe à usage unique (One-Time Passcode, OTP).

    gif d&#x27;authentification push montrant un utilisateur se connectant sur le bureau, recevant une notification sur son téléphone mobile, appuyant sur approuver et la connexion au bureau réussissant.

    Utiliser l’authentification Push signifie qu’une entreprise peut aussi ajouter un contexte utile sur l’évènement d’authentification. Pensez à des actions comme des paiements : au lieu de simplement envoyer un code, la requête d’authentification peut inclure des informations à propos du paiement comme le montant et le bénéficiaire. Encore mieux, parce que c’est l’une des rares formes d’authentification qui laisse l’utilisateur refuser la tentative d’authentification, les compagnies peuvent prendre avantage de cette information pour identifier les attaques de phishing ou autres activités malveillantes.

    L’authentification Push utilise aussi sous le capot une cryptographie de clé publique …

    Read More
  • By Nabeel Saeed
    Introducing Verify Push beta Verify Push Header

    We're excited to announce that we have expanded our Verify solution to include a Push channel. Built using trusted Public Key Cryptography, Verify Push enables customers to validate users during sign up, login, and transactions without the risks, hassles or costs of One-Time Passcodes (OTPs). This end-to-end API service allows customers to add a low-friction, secure, cost-effective, “push verification” factor into their application flows.

    Verification simplified

    Companies use a One-Time Passcode (OTP) sent via SMS or Voice to confirm possession of a phone. With widespread prevalence of mobile phones capable of receiving an SMS or voice call, companies have for many years used these channels as primary options for a second factor in verifying user identity. Email is another great option for verifying users. With almost universal reach, it can supplement SMS and Voice as a verification channel.

    Since its inception in 2015, Twilio Verify has been working with companies …

    Read More
  • By Kelley Robinson
    How to use the Authy API with Google Authenticator (or any compatible authenticator app) How to use the authy api with google authenticator

    The Verify API now supports TOTP. The TOTP channel is in Pilot, which means that:

    1. We're actively looking for early-adopter customers to try it out and give feedback. That could be you!

    2. You'll need to contact sales to request access to the API.

    This blog post focuses on the older Authy API, which is GA maturity. Once Verify TOTP reaches GA maturity we will encourage use of the Verify API over the Authy API. Please get in touch for additional questions around timelines and support.

    TOTP, or Time-based One-time Passwords, is a way to generate short lived authentication tokens commonly used for two-factor authentication (2FA). The algorithm for TOTP is defined in RFC 6238, which means that the open standard can be implemented in a compatible way in multiple applications. You might be familiar with TOTP from apps like Authy or Google Authenticator, but …

    Read More
  • Newer
    Older
    Sign up and start building
    Not ready yet? Talk to an expert.