Authy is a popular two-factor authentication startup that was recently acquired by Twilio.
The app is used by quite a few people including the ReadMe team. It allows you to add two-step authentication for popular sites such as Facebook, WordPress and even Gmail. The company also released a new OneTouch authentication service to make the usual two-factor authentication even easier to perform.
Rather than having a code generated via Authy’s smartphone app, (which is then entered into the relevant web form), OneTouch will send a push notification to your phone. The notification basically asks you to confirm that you do want to sign in to the site that sent the notification. Agree and that’s about it. You’re in.
The basic concept for the new feature is that by entering the code into a website, you prove that you have access to the mobile device as well.
According to Authy, they utilize public and/or private keys in order to secure the authentication service and prevent man-in-the-middle attacks for any logon session. Apart from this, it also gives the user greater control of exactly what service he/she is authorizing.
In addition to providing the standard two-factor authentication, the company believes that they could also use the OneTouch feature to authorize and verify important transactions like such as large purchases or account closures. In such a case, the owner could send a confirmation message via Authy OneTouch to make sure that the recipient is legitimate and approve the transaction.