Two-factor authentication (2FA) is a security feature that requires you, the user, to provide two means of identification in order to access your account. For Twilio accounts, this would include your standard login credentials (email address and password), as well as a randomized verification code sent to your phone (via a call, SMS message, or a TOTP authentication app). This guide explains the TOTP authenticator app requirements, and how to setup Twilio 2FA.
2FA authentication app support
Twilio's 2FA account security feature is powered by Time-Based One-Time Passwords (TOTP), a common method for generating expiring verification codes. Twilio 2FA is supported on any authentication apps that comply with the TOTP standard. Popular TOTP authenticator apps include apps from Google, Microsoft, and our own free Authy app.
Which 2FA app should I use?
We recommend using the Authy app as the most secure and convenient method for 2FA, trusted by hundreds of customers and top-rated in the app store. Some alternatives are discussed in the Wirecutter's article on the Best two-factor authentication app (thewirecutter.com).
Prerequisite: Install your authentication app
Before you get started, you'll need to download and install the authenticator app of your choice. For help getting setup, please see the app vendor's support site.
Setup 2FA on your TOTP authentication app
Once your authentication app is installed and setup, you're ready to add your Twilio 2FA account:
- Access the User Settings page in Console.
- Verification code sent to your email address is required to access the user setting page. Once you receive the code, please enter the code and click “Verify”.
- Go to the “Two-factor authentication (2FA)” section and click “Edit”.
- Click "+ Add authentication app" on the top right.
- A Twilio QR code will be displayed in the browser. Open your authenticator app, and then begin the add account dialog.
Note: For help adding an account in your authenticator app, please see the app vendor's support site. - Follow the instructions displayed in the browser and click “Verify and save” to complete the setup.
- Users enabling 2FA for the first time will see a recovery code displayed in the browser window. Saves this codes, as you'll need it to recover access to your account if you ever lose access to your 2FA authentication app.
That’s it! You are now secured with two-factor authentication (2FA). Every time you log in to Twilio (or log in from an unrecognized device, depending on your chosen security level), you will be prompted to enter the 6-digit verification code shown in your app.