Enabling two factor authentication on your Twilio project

Two factor authentication (2FA) is an optional security feature that requires you, the user, to provide two means of identification in order to access your project. With Twilio, this would include your email address and password for logging into your project, as well as a randomized verification code sent to your phone through a call, SMS message, or our Authy authenticator app. This guide explains how to setup 2FA on your Twilio project.

Twilio 2FA options

Your have two options to enable 2FA:

  • You can enable 2FA for only yourself. This feature allows any Twilio user, irrespective of your role on the project, to add an extra layer of protection to your login.
  • You can enable 2FA for a project. This security feature can only be enabled by the Owner or Administrator of the Twilio project. Once it is enabled, 2FA will be required and applied to all users when they access that Twilio project.

Enable two-factor authentication (2FA) for yourself

  1. Access the User Settings page in Console.
  2. Click Authenticate to make changes at the bottom of the screen.
    projClose_01.png
  3. Enter your password, and then click Verify to authenticate.
    projClose_02.png
  4. Scroll to the "Enable Two-Factor Authentication (2FA)" section, and then select the desired 2FA level. Click Update 2FA Settings to save your selection.
    2FA_update_01_450px.png
    • Disabled: No 2FA verification required.
    • Once per computer: Request verification to validate a single computer every 30 days.
    • Every log-in: Request verification every login attempt.

Enable two-factor authentication (2FA) for a project

  1. Access the Project Settings page in Console.
  2. Click Authenticate to make changes at the bottom of the screen.
    projClose_01.png
  3. Enter your password, and then click Verify to authenticate..
    projClose_02.png
  4. Scroll to the "Require Two-Factor Authentication (2FA)" section, and then select the desired 2FA level. Click Save to save your selection.
    2FA_update_02_450px.png
    • Disabled: No 2FA verification required.
    • Once per computer: Request verification to validate a single computer every 30 days.
    • Every log-in: Request verification every login attempt.

Once this feature is enabled, you may be asked to verify the phone number where you will receive your verification code. Phone numbers may be verified through SMS messaging or voice calls. If you are having trouble verifying your phone number with one method, try the other.

What is a Recovery Code

Once you've completed this process, you will receive a recovery code. This code is very important so write it down and store it in a very safe place. The recovery code is EXTREMELY important. In the case that you lose your phone, the recovery code will allow you to login to your project instead of using the six-digit verification code that is sent to your phone.

Notice: You are the only one that has access to this recovery code. This code will only be displayed the moment after you’ve verified your phone number. It is not retrievable after you’ve navigated away from this page. We suggest storing your recovery code with a safe and secure password manager software, like 1Password or Keypass. Don’t just write it down.

Related Topics

Have more questions? Submit a request
Powered by Zendesk