Why Is The Authy 2FA App Free For Users?

Easy to download and often free (or low-cost), mobile apps are an integral part of our daily lives — to play games, get turn-by-turn directions, access news, social networks, weather, and so on. But how are these apps paid for, and why is there no charge to use them? We get the “Why Is Authy free?” question a lot, so let’s dig in:

First, a little bit about Authy two-factor authentication:

At Authy, we’re all about security. We want your online activities — whether it’s basic banking, buying bitcoin, Tweeting, or streaming on Twitch — to be as safe as can be.

Each day, online accounts protected with just a password are vulnerable to threats of data breaches, account takeovers, phishing scams, and identity fraud. That’s why we try to remind people to avoid reusing passwords across sites and to enable two-factor authentication everywhere it’s offered, even if you choose something other than Authy’s 2FA app.

To keep security codes within arm’s reach, most Authy users download the iOS and Android apps. We also have a browser-agnostic desktop app with extra features, like account search and viewing options. And for more convenient, comprehensive protection, we suggest using a combination of Authy apps.

How do free apps make money?

In general, apps make money one of three ways:

  • Freemium apps: Typically free to download. They’ll get you hooked, then coax you with in-app purchases.
  • Ad-based apps: Often free, but paid ads rotate throughout the experience. To bypass the ads, some apps offer to sell you a ‘premium’ membership.
  • Apps that monetize personal data: Read the small print! In exchange for using an app, you may be giving app makers permission to sell key bits of information — like your email address, phone number, friends list, and so on.

Authy is different. So, how is it free?

Authy doesn’t fall into any of the above categories. In a nutshell, Authy is a product of Twilio, a company that makes it easy for businesses to communicate with individuals (and vice versa) by providing developers with access to complete software solutions. These businesses pay for authentications generated by Twilio’s pre-built authentication software, the Authy API. The Authy app is free for end users because, in essence, it’s paid for by businesses working with Twilio to ensure you stay protected.

Basically, a Twilio customer plugs the Authy API into their backend code. Then when you attempt to log into their site, Authy 2FA can then be delivered to your smartphone in the form of a temporary one-time password (TOTP). This unique code, which is only valid for about 30 seconds, must be re-entered into the website for you to gain access.

Your account stays secure. And you don’t pay a cent!

Besides being free, the Authy 2FA app offers these benefits!

  • Multi-device convenience. Authy 2FA tokens automatically sync to any new device you authorize. This way you can use 2FA from a phone, a tablet, or a laptop, and they’re all connected. If a device is lost, stolen, or retired, just deauthorize it.
  • Encrypted backups in the cloud. Lose a phone, and Authy’s cloud-based backups allow access from other devices (as long as you have not disabled the multi-device feature).
  • Works anywhere. 2FA tokens are generated directly on your device. They’re not reliant on wifi or internet access. Great for when you’re flying, or if phone connectivity is spotty.
  • New phone? No problem. Install the Authy app, verify your identity, and Authy security tokens will just re-appear. No need to set up your accounts all over again like you have to do with other 2FA apps.
  • Easy recovery. Lose access? We can easily walk you through the account recovery process to re-install Authy. We take extra precautions to protect your account during the recovery process, so please understand recovery may take more than 24 hrs.
  • Smart Google Authenticator substitute. Authy 2FA tokens will work with any site that prompts you to use Google Authenticator, DUO, or other TOTP-based services. Just follow the ‘enable 2FA’ instructions provided by the site and use Authy instead. Or you can start with our own “how-to” guides.

Some final thoughts about 2FA security:

Even if a site you frequent doesn’t specifically offer Authy 2FA protection, we encourage you to use whatever security service they offer. Any 2FA is better than none at all.

To find out if your favorite site offers two-factor authentication, check out Two Factor Auth. There’s even a built-in tool you can use to tell sites without 2FA to get with the program!

We hope that this post explains a little about how we keep the lights on at the best 2FA out there, without having to charge end-users a single penny.