Twilio Authy

Overview

Acquired by communications company Twilio in 2015, Authy is a market-leading 2FA solution that specializes in securing businesses and consumers via its powerful Rest API, mobile application, and enterprise authentication platform. Using Authy, users can access all their 2FA accounts from a single application, as well as authenticate their identities across multiple devices—including desktops, smartphones, and tablets—as data is synced and backed up to the cloud. This means if a user loses their tokens or device, or needs to work offline, they can easily recover or log into their accounts.

Features

Multiple Modes Of Authentication Available

Authy offers multiple modes of 2FA for users to authenticate their identities. These include SMS, voice, and email one-time passcodes (OTPs), API soft tokens (such as codes generated by the Authy authentication app or Google Authenticator), and push authentications (which can be sent via the Authy Rest API).

The Authy Mobile And Desktop Applications

iOS, Android, MacOS, and Windows users can download the Authy application directly from their application store. When using the mobile-based app, users can simply sign up using their phone numbers or email addresses and add in their account tokens by scanning a QR code or manually entering the key. The app serves as a central location for all connected accounts, providing a unified login experience, and can also create encrypted cloud backups. When a user then signs up via the desktop app, they’ll once again be asked for their phone number or email, and then will be able to sync their mobile and desktop apps. Users can also secure their apps by setting PINS and fingerprint recognition to protect against unauthorized access.

Risk-Based Authentication

The platform is configured to automatically check whether a user has the app installed when they start an authentication. If they do have the app installed, it sends a push notification to their device. In this case, the information that goes back to the platform includes contextual data on where the code came from, and which device it was generated on. But if there’s no record of them installing the app on any device, an SMS or voice OTP will be sent. We should note that users can also manually override the platform and have their code sent via SMS or voice rather than push authentication, if needed.

Ease Of Use

Twilio’s Authy is well loved by users and developers alike for its simple implementation and easy to use platform. The real benefit for users comes from the ability to sync and back up data to the cloud—meaning, if for any reason they need to authenticate using a different device, they can easily sign into their Authy account and instantly have access to all account tokens. This is only further exemplified by user reviews, which sing high praises about how easy tokens are to set up and manage, and about how fantastic the syncing and recovery feature is. For admins, because Authy is deployed in the cloud, it’s also very easy to set up and configure.

Pricing

While Authy offers flexible pricing plans that are tailored to individual business use cases and needs, the solution generally comes in three tiers: Starter, Pay-As-You-Go, and Enterprise. The Starter package comes at no cost for less than 100 authentications per month, and includes unlimited users, push notifications, soft tokens, OATH tokens, and support. The Pay-As-You-Go plan is priced on a per-authentication basis, and supports unlimited authentications and users per month. SMS/voice OTPs, push authentications, soft tokens, and OATH tokens are each priced at $0.09 per authentication, per month. Lastly, the Enterprise package is suitable for more than 10k users per month, and includes all features included in the other two tiers but requires a monthly commitment. Pricing for this tier is given by request.

Final Verdict

Twilio’s Authy is a powerful 2FA authentication tool that’s well-liked by users for its ease of use and central access to all connected tokens. What sets this product apart is its versatility, as users can leverage many different modes of authentication and seamlessly sync their tokens across multiple applications and devices. We recommend Authy for smaller teams and SMBs that have a particularly high percentage of mobile devices in their fleet, and are looking for a strong and seamless 2FA solution that works well across both desktop and mobile.