The Authy app is also used in combination with the Authy API, a Twilio cloud service that allows businesses to implement two-factor authentication to protect their customers. We build and distribute the Authy app for free so that API customers — companies like Twitch, Pinterest, Transferwise, Uphold, and Gemini, among others — don’t need to develop their own 2FA apps.
It’s in this scenario, when the Authy app is used in conjunction with the Authy API, some user data is beneficial to the businesses trying to protect your account. Advanced authentication systems leverage a number of signals (e.g., device type, wireless carrier, and IP address) to ensure that incoming authentication attempts are actually coming from legitimate users. For instance, you might create your account on a web browser on a Mac from an IP address associated with AT&T internet services then use the Authy app coming from the same wifi network address on an iPhone. A request then coming from an Android device in China would be flagged as suspicious. The more an application knows about legit users as they log in, the better the protection it can provide. This is especially important with so many illegitimate parties using increasingly inventive approaches to take over online accounts.