Two Factor Authentication (2FA)

Rate this page:

Two factor authentication (commonly abbreviated 2FA) adds an extra layer of security to your user’s account login by requiring two forms of authentication: something your user knows and something they have.

Examples of Two Factor Authentication

Two factor authentication is nothing new. When you use your credit card and are prompted for your billing zip code, that’s 2FA in action. Knowledge factors like your zip code may also be passwords or a personal identification number (PIN). Possession factors like your credit card include (but are not limited to) a physical key, fob, and personal cell phones. Two factor authentication for web applications similarly requires something your user knows (their password) and something they have (their personal mobile phone).

How Does Two Factor Authentication Keep Your Users Secure?

The classic authentication approach for web applications requires a user to enter a username and password. However, things like password reuse, poorly encrypted passwords, social hacking, and hacked databases make even a secure password vulnerable. By requiring users to add a second factor to their authentication flow, an account with a compromised password will still be secure.

Mobile phone 2FA has become the industry standard, as most people carry their mobile phones at all times. It’s a user-friendly flow, and dynamically generated passcodes are safe to use and users can receive special tokens through SMS or a dedicated app, such as Twilio’s Authy.

How Does Two Factor Authentication Work?

Log a user in with two factor authentication

When a user signs up or logs in to your application, a numeric code is sent to their mobile device either via SMS or through an authenticator app. Two benefits of using an authenticator app is that it provides a constantly rotating set of codes your users can use whenever needed, and does not require a cellular or internet connection. Only after the user enters the correct numeric code in your application’s login flow are they authenticated.

Adding Two Factor Authentication to Your Application

2FA SMS with Authy

There are a wide variety of ways to add two factor authentication to your application. TOTP (Time-based One-Time Password) verification tokens may be sent to your user’s device via SMS, voice call, or authenticator app. By using Twilio and the Authy API, this implementation is greatly simplified and can boil down to just a few lines of code.


        Verify a User Account with Authy Services


        Where to Next?

        Ready to add 2FA to your application with Twilio? Here are some resources to get you started:

        Quick and Easy 2FA: Adding Authy to a NodeJS App

        Two Factor Authentication in Rails 4 with Devise, Authy and Puppies

        Account Verification with Authy, Java and Servlets

        Twilio's Authy Documentation

        We can't wait to see what you build!

        Rate this page:

        Thank you for your feedback!

        We are always striving to improve our documentation quality, and your feedback is valuable to us. How could this documentation serve you better?

        Sending your feedback...
        🎉 Thank you for your feedback!
        Something went wrong. Please try again.

        Thanks for your feedback!

        Refer us and get $10 in 3 simple steps!

        Step 1

        Get link

        Get a free personal referral link here

        Step 2

        Give $10

        Your user signs up and upgrade using link

        Step 3

        Get $10

        1,250 free SMSes
        OR 1,000 free voice mins
        OR 12,000 chats
        OR more