Authy, the two-factor authentication startup recently acquired by Twilio, announced its newest product at its parent company’s Signal developer conference today.
Authy’s new OneTouch authentication service makes two-factor authentication about as painless as possible. Instead of having to enter a code that’s generated on your phone into a web form, OneTouch simply sends a push notification to your phone, asks you to confirm that you want to sign in to the site that sent the notification and you’re in. That’s about as frictionless as two-factor authentication gets.
The idea here is that by entering the code into the website, you basically prove that you have access to the phone, too, so you could just as well take this to the next level and use the phone to authenticate yourself.
The company says that it uses public/private keys to secure the service and prevent man-in-the-middle attacks for any logons. In addition, the user also sees exactly what service he is authorizing.
While the standard use case for two-factor authentication is logins, Twilio CEO Jeff Lawson also told me that he believes this could be very useful for verifying high-value transactions like big purchases. Say you’re making a big purchase on your credit card or are trying to close your account. As an extra security measure, the card issuer could send you a confirmation message through Authy OneTouch to make sure that you are legit and approve.
OneTouch also works with the Authy for Apple Watch, which also launched today.