SUPPORT.TWILIO.COM END OF LIFE NOTICE: This site, support.twilio.com, is scheduled to go End of Life on February 27, 2024. All Twilio Support content has been migrated to help.twilio.com, where you can continue to find helpful Support articles, API docs, and Twilio blog content, and escalate your issues to our Support team. We encourage you to update your bookmarks and begin using the new site today for all your Twilio Support needs.

Is the Authy App Susceptible to a SIM Swap?

Setting up the Authy app requires you to provide a phone number, which we verify via an SMS text message or voice call. After enrollment, we recommend configuring another Authy app elsewhere (your phone and a tablet, computer, or another phone) in case you ever get a new phone, and need to recover your account. After you have setup two Authy app installations, we strongly suggest disabling multi-device. Doing this will prevent an attacker from being able to configure an Authy app with your account on another device.

There are account recovery options outside of multi-device, but those require the attacker to compromise your primary email. These also take a minimum of 24 hours, during which you would receive email notifications, and could request a cancellation.

Authenticator tokens are also encrypted, so without your strong password, it's unlikely an attacker would be able to decrypt them.

Have more questions? Submit a request
Powered by Zendesk