Twilio Acquires Authy to Drive Two-Factor Authentication Adoption

In a move that extends the scope of its cloud services to include two-factor authentication, Twilio today announced the acquisition of Authy.

Twilio CEO Jeff Lawson says that while many developers have been using Twilio to provide a form of two-factor authentication, Authy provides a much simpler API that also give customers access to policy management and reporting tools to provide that same capability.

Used as an alternative to simple passwords that can be easily stolen or compromised, two-factor authentication has emerged as an alternative that is widely being used by developers who are tired of seeing data stolen from within their applications.

Lawson says that Twilio will continue to offer Authy as a stand-alone service. In fact, Twilio has been providing voice and SMS services to Authy since 2012.

Naturally, Twilio sees providing two-factor authentication as a way to introduce developers to the rest of its communications services. In general. Lawson says Twilio expects to see more developers than ever embedding communications services directly within their applications. Given the sensitivity of many of those conversations, developers are also anxious to make sure that any communications service they embed in their applications is not easily compromised.

Authy is already being used across 6,000 websites that it says serve 1.2 million users. Obviously, that’s a small percentage of the potential user base, which in the absence of alternatives often continues to use the same password for every site. To make matters even more frustrating, owners of websites have to manage the password process, most of which is the repetitive reissuance of passwords to replace the ones that end users can no longer remember.

At the core of the Twilio business model, says Lawson, is nothing less than the complete disruption of a 150-year-old telecommunications industry. Instead of relying on locally installed communications equipment that is complex to manage, he says all that infrastructure is now becoming a cloud service that can be invoked using APIs.

The biggest challenge may simply be the chicken-and-egg nature of delivering such services. End users are not aware enough of the capabilities to actually demand them. Without that demand, many developers don’t think to embed communications services inside their applications.

Lawson says that at this point it’s clear there is enough momentum behind communications services in the cloud that it’s only a matter of time before they permeate most every application, which for all intents and purposes means that applications that don’t include embedded communications services are not likely to be competitive for much longer.

Be sure to read the next Authentication article: Google Identity Platform Introduces New Authentication APIs


Comments (0)