Twilio has a collection of account security APIs, SDKs and pre-built mobile and desktop apps that allow you to address three important steps in the lifecycle of user accounts in your application:
- Verify. Ensure real humans are behind new account requests while reducing fraud and spam.
- Authenticate. Either add a second factor to the username/password with 2FA or replace a password entirely.
- Recover. Make it easy to re-authenticate users when they forget a password or lose a trusted authentication device.
Not sure which product to implement? We've written up the most important best practices to follow and things to consider in our Choosing Your Account Security Implementation guide.
With our RESTful APIs, you are able to integrate account security features deeply into your application. You'll keep control over branding, flow and user experience while avoiding the hassle of building the security logic and scaling the platform. The APIs are:
- Twilio Lookup API - Real-time data on phone numbers to filter out high-risk accounts.
- Twilio Verify API - Phone verification via SMS & voice using API calls.
- Twilio Authy API - Fully featured 2FA API supporting SMS, voice, soft tokens and push authentication.
For authentication, while SMS and voice is widely available for most users, it's advisable to go with the more secure options of app-generated soft tokens or push authentication. We've written up the main differences between Authy and Verify here. To save developer time, we've already built an authentication app for iOS, Android, Windows and MacOS. The app, called Authy, is an essential link between your users and their trusted devices, allowing them to self-serve account recovery when locked out.
The free Authy app is great if you'd like to avoid building your own apps. If you do choose to build your own mobile app, you can also elect to integrate the account security SDKs. These SDKs can also be used simultaneously with the Authy app if you choose.
- Account Security Helper Libraries (Two-factor Authentication and Phone Verification)
- Language Helper Libraries (Lookup)
Account Security consists of a number of shared APIs that expose activity and data from across both the Verify and Authy APIs.