Two-factor authentication (2FA) requires you, the user, to provide two means of identification in order to access your account. For Twilio accounts, this would include your standard login credentials (email address and password), as well as a randomized verification code sent to your phone (via a call, SMS message, or an authentication app like Authy). This guide explains how to setup and manage 2FA on your Twilio account.
Notice: 2FA is a required security feature on all paid Twilio accounts, and can't be disabled. If you are experiencing issues logging in due to 2FA, see Unable to sign-in to a Twilio project 2FA enabled.
Twilio 2FA options
Your have two options to enable 2FA:
- Enable 2FA for only your login: This allows any Twilio user to add an extra layer of protection to your user account, irrespective of your role on the account.
- Enable 2FA for an entire account: This allows an Owner or Administrator of the account to require 2FA for all users when they access that Twilio account.
Enable 2FA for your login
- Access the User Settings page in Console.
- If the User Settings page is gray, you may need to re-authenticate. Click Authenticate to make changes at the bottom of the screen, and then verify your credentials again to continue.
- Scroll to the "Enable Two-Factor Authentication (2FA)" section, and then select the desired 2FA level. Click Update 2FA Settings to save your selection.
- Disabled: No 2FA verification required.
- Once per computer: Request verification to validate a single computer every 30 days.
- Every log-in: Request verification every login attempt.
- Scroll to the "Two-Factor Authentication (2FA) Methods" section, and then select the desired 2FA method. Click Update 2FA Method to save your selection.
Note: When re-enabling 2FA, Twilio will save your previously selected method as the default.
- Authy app: Receive 2FA authentication codes via the Authy app.
- Text message: Receive 2FA authentication codes via SMS.
- Voice message: Receive 2FA authentication codes via an automated voice call.
- Another authenticator app: Receive 2FA authentication codes via a TOTP authenticator app.
- Users enabling 2FA for the first time will be required to go through a one-time login and verification process with your new 2FA method of choice.
Enable 2FA for a account
- Access the Account Settings page in Console.
- If the User Settings page is gray, you may need to re-authenticate. Click Authenticate to make changes at the bottom of the screen, and then verify your credentials again to continue.
- Scroll to the "Require Two-Factor Authentication (2FA)" section, and then select the desired 2FA level. Click Save to save your selection.
- Disabled: No 2FA verification required.
- Once per computer: Request verification to validate a single computer every 30 days.
- Every log-in: Request verification every login attempt.
- After enabling 2FA on a account, you may be asked to verify the phone number where you will receive your verification code. Phone numbers may be verified through SMS messaging or voice calls. If you are having trouble verifying your phone number with one method, try the other.
The next time a user logs in to Twilio and accesses this account, they will be automatically enrolled in 2FA, and can select the method of their choice.
What is a Recovery Code
Once you've completed this process, you will receive a recovery code. This code is EXTREMELY important; be sure to write it down, and store it in a very safe place. In the case that you lose your phone, the recovery code will allow you to login to your account instead of using the six-digit verification code that is sent to your phone.
Notice: You are the only one that has access to this recovery code. This code will only be displayed the moment after you’ve verified your phone number. It is not retrievable after you’ve navigated away from this page. We suggest storing your recovery code with a safe and secure password manager software, like 1Password or Keypass. Don’t just write it down.