Back to Blog

Finovate Debuts: Authy’s Password Alternative

AuthyHomepage

The question isn’t whether the password’s dead, but rather, is it enough.

Authy Two-Factor Authentication (2FA) offers a scalable secondary authentication method that provides protection beyond the basic user name plus password. Only 36% of financial websites use a secondary authentication method. Authy seeks to improve that by offering an intuitive user experience that removes login friction while adding security.

Stats

  • 11,000+ applications protected
  • 2 million+ end users served
  • Available globally
  • ~10 million customers between Authy and Twilio combined
  • Access to Twilio’s developer ecosystem of 700k

Products

AuthyX3

The company, owned by Twilio, offers three products:

  1. Authy OneCode sends a one-time verification code via SMS or automated voice call (illustrated far left)
  2. Authy SoftToken is an app that runs on any device and generates a one-time code (illustrated far right)
  3. Authy OneTouch allows the user to approve or deny the authentication with a yes/no response (illustrated middle)

Authy OneTouch is the easiest to use since it requires only the push of a yes button rather than entering a code.

OneTouch has a variety of use cases, including:

  • Account login
  • Large-value transaction validation
  • Multi-approval solution:
    • Escrow model (both parties need to approve)
    • Sequential approval (manager’s manager’s manager approval)
    • Primary user approval (parent approval of child’s request)

Authy OneTouch example

AuthyApproveDenyHere’s how Authy OneTouch works to authenticate a high-value money transfer:

  1. Sender enters the amount to transfer, in this case $5,300
  2. Authy sends an approval request to the sender (pictured right) as well as to the recipient. The approval screen notes the institution, transaction amount, account number, and a request for the user to confirm or deny the transaction.
  3. If both parties accept, funds are transferred

For new or stolen devices, Authy offers the ability to add or replace devices to a trusted circle. This prevents fraudsters from confirming transactions using a stolen phone.

Twilio acquisition

Before it was acquired by messaging API provider Twilio in February 2015, Authy was a Twilio customer.

To preserve Authy’s product after the acquisition, Twilio incorporated Authy’s offerings into its developer portal to complement its own products. As Twilio’s founder and CEO Jeff Lawson states, “This isn’t a typical acquisition where the Authy team members will be absorbed into the borg and the product slowly forgotten. Nope. Just the opposite – we love the Authy product and are investing massively in expanding its footprint with developers of all kinds.”

The terms of the acquisition were not disclosed.

At its live demo at FinovateFall 2015, Authy was new to the Finovate stage but the technology was not. Alums Coinbase, Knox, Loyal3, and LendUp are all Authy customers. Dan Killmer (Lead Solutions Architect), Marc Boroditsky (VP and General Manager), and John Lindsay (CEO, Bitwage) debuted Authy OneTouch at FinovateFall 2015 in New York: