Enable two-factor authentication on your Twilio project

Two-factor authentication (2FA) is an optional security feature that requires you, the user, to provide two means of identification in order to access your project. For Twilio projects, this would include your standard login credentials (email address and password), as well as a randomized verification code sent to your phone (via a call, SMS message, or an authentication app like Authy). This guide explains how to setup and manage 2FA on your Twilio project.

Twilio 2FA options

Your have two options to enable 2FA:

Enable 2FA for your login

  1. Access the User Settings page in Console.
  2. If the User Settings page is gray, you may need to re-authenticate. Click Authenticate to make changes at the bottom of the screen, and then verify your credentials again to continue.
    Authenticate_450px.png
  3. Scroll to the "Enable Two-Factor Authentication (2FA)" section, and then select the desired 2FA level. Click Update 2FA Settings to save your selection.
    2020.04.28_2FA_01_450px.png
    • Disabled: No 2FA verification required.
    • Once per computer: Request verification to validate a single computer every 30 days.
    • Every log-in: Request verification every login attempt.
  4. Scroll to the "Two-Factor Authentication (2FA) Methods" section, and then select the desired 2FA method. Click Update 2FA Method to save your selection.
    Note: When re-enabling 2FA, Twilio will save your previously selected method as the default.
    2020.04.28_2FA_02_450px.png 
    • Authy app: Receive 2FA authentication codes via the Authy app.
    • Text message: Receive 2FA authentication codes via SMS.
    • Voice message: Receive 2FA authentication codes via an automated voice call.
    • Another authenticator app: Receive 2FA authentication codes via a TOTP authenticator app.
  5. Users enabling 2FA for the first time will be required to go through a one-time login and verification process with your new 2FA method of choice.

Enable 2FA for a project

  1. Access the Project Settings page in Console.
  2. If the User Settings page is gray, you may need to re-authenticate. Click Authenticate to make changes at the bottom of the screen, and then verify your credentials again to continue.
    projClose_01.png 
  3. Scroll to the "Require Two-Factor Authentication (2FA)" section, and then select the desired 2FA level. Click Save to save your selection.
    2FA_update_02_450px.png
    • Disabled: No 2FA verification required.
    • Once per computer: Request verification to validate a single computer every 30 days.
    • Every log-in: Request verification every login attempt.
  4. After enabling 2FA on a project, you may be asked to verify the phone number where you will receive your verification code. Phone numbers may be verified through SMS messaging or voice calls. If you are having trouble verifying your phone number with one method, try the other.

The next time a user logs in to Twilio and accesses this project, they will be automatically enrolled in 2FA, and can select the method of their choice.

What is a Recovery Code

Once you've completed this process, you will receive a recovery code. This code is EXTREMELY important; be sure to write it down, and store it in a very safe place. In the case that you lose your phone, the recovery code will allow you to login to your project instead of using the six-digit verification code that is sent to your phone.

Notice: You are the only one that has access to this recovery code. This code will only be displayed the moment after you’ve verified your phone number. It is not retrievable after you’ve navigated away from this page. We suggest storing your recovery code with a safe and secure password manager software, like 1Password or Keypass. Don’t just write it down.

Related Topics

Have more questions? Submit a request
Powered by Zendesk