Authy.com is not only the home of the highly rated two-factor authentication app, it also houses a library of 2FA Guides that help users secure their favorite accounts. If your website or application has implemented 2FA, keep reading to learn how to submit your own guide and get tips to make it easy to follow.
Our 2FA Guide submission process consists of 4 easy phases.
- Site Owner Information: We gather some information about you and your application.
- Guide Content: We walk you through developing an easy-to-follow guide.
- Preview: You review how your guide will appear when published, and submit it to Authy.
- Approval: Once we review your guide for clarity and ensure you are the rightful owner of the content, we publish it on authy.com/guides.
Tip #1: If you’re ready to get started, open the Authy Guide Submission page in a new tab to follow along.
1. Site Owner Information
We first need to gather details about you and the website you’re creating 2FA guide for. Please provide the URL of your site or app and your contact information. We will use this to verify your submission or obtain additional information.
2. Guide Content
Here is where we will gather details about how your 2FA implementation works.
Enter the name for your application or website. Note this name is what Authy users will see when they search for a guide. It will also determine the URL we associate with your published guide: i.e. https://authy.com/guides/yourapplication.
Upload your application or website logo. For best results, your logo should be 120×120 pixels.
To help others find your guide, please select a category which best describes your business. We use the same categories as determined by the awesome folks over at https://twofactorauth.org. Take a look at their site for a hint at what category your guide would best appear in.
Please select the type of 2FA methods your site supports, descriptions are as follows.
- SMS – You send users a 2FA one-time passcode via SMS.
- Phone Call – You call the user and either give them a code to type in, or display a code they type into their phone using the keypad.
- Email – You send an email which the user must respond to, usually by clicking a link in the email.
- U2F – A type of hardware security key based on the FIDO standard.
- Hardware TOTP – Usually in the form of a key fob, an OATH compliant hardware token that generates a TOTP (Time-based One Time Passcode).
- Software TOTP – Mobile or desktop software that generates a one-time passcode. Authy and Google Authenticator are two examples of apps using Software TOTP.
- Push Notification – Mobile or desktop software that is launched after the user responds to a push notification. The device typically asks for the user to click to ‘Approve’ or ‘Deny’.
Note that if you select Software TOTP, we will automatically insert an initial step in your guide that informs users to install our free Authy app to use with your application.
Writing the Guide
The process of getting users to enable two-factor authentication is as unique as your app or site itself. We break down the process into 3 important steps. These include:
- Locating 2FA Setting – Directing your users to where the 2FA setup begins.
- Enabling 2FA – Walking your users through the process of enabling 2FA.
- Finishing Setup – Ensuring that 2FA works and the setup is complete.
Always illustrate these steps with images or screenshots of the experience. Each section below starts with one image and one paragraph of text. Simply click on the ‘Add additional content’ button to add up to 4 more sections in each step.
Tip #2: For inspiration from other brands, explore our archive of published 2FA Guides.
Help users navigate to the ‘security’ section of your app or site. Include as many actions as necessary to eliminate potential confusion. These may include:
- detail how to login to your app
- where to find the account settings or security information page
- fields users might need to complete
This is where your Authy 2FA Guide may differ from other guides, as it is dependent on the type of 2FA you offer. Depending on your process, the title of this section may be either ‘Capture QR Code’, ‘Enable Authy Token’, or ‘Configure SMS’.
Begin this section at the point where your user will start configuring 2FA. This might include:
- Choosing the type of 2FA best suited to them
- Creating a new account within the Authy app on their device
- Finding and scanning a QR code
- Viewing the appropriate TOTP or SMS security token
Tip 3: If you offer multiple 2FA security choices, guide users through the strongest, using either a TOTP token or by capturing a QR code.
The final step typically includes confirmation actions, like:
- Returning to the website to type an Authy token into an entry field for verification
- Copying authentication backup codes
- Acknowledging completion by clicking ‘Done’
As always, images can help to avoid any confusion.
Tip 4: If your site includes 2FA FAQs, please include a URL link to it in this section URL.
Clicking on ‘Next Step’ will display a preview of what your guide will look like. Be sure to review all steps, check the images, and return to the preview phase to make necessary changes. Repeat as needed. When you’re satisfied, click on ‘Submit’ to initiate the review process.
Before publishing, Authy will review your submission and contact you if there are any instructions or images that could be more clearly communicated! Thanks!