Twilio Authenticator SDK Now Supports Offline Authentication with TOTP

Twilio Authenticator SDK Now Supports Offline Authentication with TOTP

With the Twilio Authenticator SDK you can now fully embed the latest in mobile authentication technology into your own mobile apps while having complete control over the user authentication experience. And we’ve just updated it to include offline authentication.

This past summer the Twilio Authenticator SDK was launched to allow companies to embed push authentication into any iOS or Android mobile application. Push authentication is the most secure — and the most user-friendly — solution for using a mobile device as an authenticator. However, there is a significant limitation with push authentication: the mobile device has to be online. Consider just a few scenarios where this might be a challenge:

• You’re jetting at 30,000 feet, and you’ve paid $30 for in-flight WiFi for your laptop, not your mobile phone. It’d be expensive to pay another $30 just to get that single authentication event on your phone.
• You’re travelling abroad and did not set up / do not want to pay for international data services on your phone.
• Your mobile device is unable to connect to any wireless internet service.

So, while users can often access your web application on a desktop or laptop that has wired internet connectivity, any of the above circumstances can prevent a user from getting internet-based authentication requests on their device.

Problem Solved

TOTP (Time-based One Time Passwords), a solution has been around for many years, easily solves this problem. Essentially the user’s device generates a passcode derived from a shared secret between the app and the service they are authenticating to. Together they must be able to generate and validate this password within a set period of time. 

Our Twilio Authenticator SDK now supports TOTP in combination with push authentication, making it easy for developers and enterprise security professionals to fully embed and customize the latest security authentication into your mobile apps and services. And users never have to worry about not being able to authenticate while being offline.

Great for your users. Great for your business.

At our recent SIGNAL London developer conference, we learned why Transferwise chose the Twilio Authenticator SDK to secure their popular money transfer app. And we were pleased to hear that Namecheap, a leader in domain name registration services, has seen a 50% increase in app downloads after integrating the Twilio Authenticator SDK into their authentication process. 

We encourage you to check out the Twilio Authenticator SDK tutorial. Or reach out to Twilio for more information.