Back to Blog

Authy Focuses on Security, Allowing Developers to Focus on… Developing

This post has been superseded at finovate.com.

AuthyDevHomepage

The question isn’t, is the password dead?, but rather, is the password enough?

Authy Two-Factor Authentication (2FA) offers a scalable secondary authentication method that provides protection beyond the basic user name plus password. Authy offers added security when building in WordPress, for SSH, and OpenVPN by offering an intuitive user experience that removes login friction while adding security.

The added layer of support protects against phishing, keylogger attacks, stolen devices, and unauthorized access, while keeping things simple for admins and end users.

Stats:

  • 11,000+ applications protected
  • 2 million+ end users served
  • Available globally
  • ~10 million customers between Authy and Twilio combined
  • Access to Twilio’s developer ecosystem of 700k

Products

AuthyX3

The company, which is owned by Twilio, offers three products:

  1. Authy OneCode sends a one-time verification code via SMS or automated voice call (illustrated far left)
  2. Authy SoftToken is an app that runs on any device and generates a one-time code (illustrated far right)
  3. Authy OneTouch allows the user to approve or deny the authentication with a yes/no response (illustrated middle)

Authy OneTouch is the easiest to use since it requires only the push of a yes button rather than entering a code.

OneTouch has a variety of use cases, including:

  • Account login
  • Large-value transaction validation
  • Multi-approval solution:
    • Escrow model (both parties need to approve)
    • Sequential approval (manager’s manager’s manager approval)
    • Primary user approval (parent approval of child’s request)

Authy OneTouch example

AuthyApproveDenyHere’s how Authy OneTouch works to authenticate a high-value money transfer:

  1. Sender enters the amount to transfer, in this case $5,300
  2. Authy sends an approval request to the sender (pictured right) as well as the recipient. The approval screen notes the institution, transaction amount, account number, and a request for the user to confirm or deny the transaction.
  3. If both parties accept, funds are transferred

For new or stolen devices, Authy offers the ability to add or replace devices to a trusted circle. This prevents fraudsters from confirming transactions using a stolen phone.

Twilio acquisition

Before it was acquired by messaging API provider Twilio in February 2015, Authy was a Twilio customer.

To preserve Authy’s product after the acquisition, Twilio incorporated Authy’s offerings into its developer portal to complement its own products. As Twilio’s founder and CEO Jeff Lawson states, “This isn’t a typical acquisition where the Authy team members will be absorbed into the borg and the product slowly forgotten. Nope. Just the opposite – we love the Authy product and are investing massively in expanding its footprint with developers of all kinds.”

The terms of the acquisition were not disclosed.

Authy’s Dan Killmer, Lead Solutions Architect, presented at FinDEVr San Francisco 2015: