Verify Push helps you verify users by adding a low-friction, secure, cost-effective, "push" authentication factor into your own mobile, web, and desktop apps. This fully managed API service allows you to seamlessly verify users in-app via a secure channel, without the risks, hassles or costs of One-Time Passcodes (OTPs).
The same API behind Verify Push can also be used to perform Silent Device Approvals (SDAs), which are invisible to the end-user and don't require push notifications.
See how Wise (formerly TransferWise) added the Verify Push experience into their mobile app, securing over 8 million user accounts:
How does Verify Push work?
Verify Push & SDA consists of an API and open-source Client Libraries (SDKs)*. These components work together to turn your user's devices into a secure key via a well-known method called public-key cryptography. To learn more about this method, check out this talk by @PhilippeDeRyck starting at 1:28:00.
*Web Client Library is not yet open-source as it's in Pilot.
Does Verify Push require Push Notifications?
An understandable misconception is that Verify Push requires push notification (FCM, APNs) to work. This is not the case, because the critical flows of Verify Push will work without relying on push notifications that may not be successfully delivered 100% of the time. However, the user experience of Verify Push can be greatly improved by sending a push notification whenever possible to your user's device to prompt them on the lock screen to open up your mobile app to view and approve/deny the verification request (challenge).
How will my users experience Verify Push?
With Verify Push, you still have the flexibility of completely customizing your own UI and user experience. To get inspired, watch how Transferwise customized their UI on top of Verify Push. For a third-party example, check out Google Prompt.
Which use cases can Verify Push replace SMS/Voice OTP?
Verify Push SDK can replace SMS/Voice OTP for Authentication use cases, but not Account Creation use cases. How much each use case contributes to your overall verification volume varies widely depending on your product’s design and usage patterns.
What if my product doesn't have a mobile app?
Based on popular demand, we started with the SDK version of Verify Push for adding push verification to a customer's own iOS/Android mobile app, including React Native apps. We are now piloting an SDK for web apps and some types of desktop apps. In the future, we'll also integrate Verify Push into the Twilio Authy apps. If you're interested in learning more about these non-mobile app options, contact sales.
What’s the difference between Verify Push and Authy Push (OneTouch)?
In general, Verify Push is our newer, better version of Authy "OneTouch" push authentication.
We named Twilio Verify Push SDK to reflect how this new feature fits into the overall Twilio product taxonomy below. Twilio Authy is shown for comparison.
- Verify - API platform
- Push - verification factor/channel name
- SDK - client SDK option for integration into 3rd-party app
- for Authy app - integration into Twilio Authy app (available in future)
- Authy - API platform
- OneTouch - existing push verification factor/channel into Authy App
- Authy app - free consumer mobile/desktop authenticator app
The new version enables a similar end-user experience, but we've dramatically improved privacy, security, control, and ease-of-implementation. We’ve taken all the learnings from customers using Authy in the real world and re-imagined the product from the ground-up. It's under the Verify name to indicate that the new version is built on the Verify platform, our single, omnichannel API for developers to add user verification across SMS, Voice, Email, and now Push channels going forward.
Note: Verify Push is not replacing the Twilio Authy authenticator apps, and will integrate with them in the future.
Here is a non-exhaustive list of improvements included in Verify Push:
- No PII required. Authy requires the user’s phone # and email. Some customers were not comfortable asking for / providing this PII data.
- More control of user identity. With Authy, the end user controlled their own user identity (Authy ID), which was shared across Authy API customers. This meant that a customer couldn’t update their user’s phone number if it changed - the user had to go through Authy’s phone change process themselves. With Verify Push, customers create and control their users identities.
- More control of registered devices. Verify Push lets customers remove a registered device or send a Challenge to a specific registered device. This is not possible with the current version of the Authy API.
- Improved developer experience. Verify Push SDKs are smaller than their Authy predecessor and are available as inspectable code libraries.
Are you going to deprecate Twilio Authy OneTouch?
Authy OneTouch is being replaced by Verify Push between now and mid 2024. More detailed dates and migration processes will be shared when available. More questions? Get in touch, we're happy to talk through your options.