Two Factor Authentication (2FA) using Twilio Verify


2FA provides an additional security layer for user authentication. When Two factor authentication (2FA) is implemented on a BCDE server, users will need to provide 2 pieces of information to log in. This information is:

Once you have authenticated using this method, you're encouraged to use the Twilio Authy authenticator app which will allow you to authenticate more quickly in future.


You can download the Twilio Authy authenticator mobile app from your respective app store, and instructions for setting it up can be found in section 7.

1. How to log in using Twilio Verify day to day using an authenticator app

(These steps assume you have configured the Twilio Authy authenticator app as described in section 7 below. The steps may vary if you are using another authentication app).

  1. From the login page you will need to successfully authenticate using your BCDE username and password.

  2. You will see a prompt to enter a Code

  3. Go to your authenticator app, select the entry for the BCDE server that you are logging into and click on it.

  4. You will be given a 6-digit authentication code. Go back to BCDE and enter this code into the box. Click Confirm Code.

  5. You will be taken through to the server home page.

2. How to log in using Twilio Verify day to day using SMS

While it's still possible to log in using SMS authorisation using these steps, we'd encourage you to set up an authenticator app. This reduces the time needed to log in, and gives an extra back up in the event that you lose access to your mobile phone (See section 4).

  1. From the login page you will need to successfully authenticate using your BCDE username and password.

  2. You will see a prompt to enter a Code

  3. Click Use an alternative verification method at the bottom of the box.

  4. A popup will appear confirming that you are about to use SMS verification. Click Send Code.

  5. An SMS message will be sent to the verified mobile phone number registered to your user account. The SMS will contain a 6-digit authentication code. Type this code into the "Code" box and click Confirm Code.

  6. You will be taken through to the server home page.



3. How to update the Phone Number associated with your account

  1. Log in as normal.

  2. Once you have reached the server Home page, click on your username in the top right corner of the screen, and choose View Security Settings

  3. Click on the link to Edit Verified Phone Number.

  4. You will be taken into the Edit Number process. You will see the phone number that you currently have set up against your account. You will be able to type a new number into the box. The number that you enter must be capable of receiving an SMS security code. Click Next to move to the next step.

  5. An SMS message will be sent to the mobile phone number you entered. The SMS will contain a 6-digit authentication code. Type this code into the "Token" box and click Confirm Code.

  6. You should see a confirmation screen that your phone number has been successfully verified.

4. What should I do if I have lost access to the mobile phone that is linked to my BCDE user account?

  1. If you have set up an authenticator app, you will still be able to log in successfully without access to your mobile phone. Log in and then follow the steps above to update your phone number.

  2. If you do not have an authenticator app configured, you will not be able to log in without access to your mobile phone to receive an SMS when you next need to authenticate. Please contact your system administrator. They will be able to update the verified phone number for you in the system. However please be aware that they may need you to provide confirmation of your identity to ensure that you are entitled to access the BCDE user account.



5. When you log in to BCDE for the first time either as a new user or after Twilio Verify has been enabled for the first time on your BCDE server, you will need to follow these steps:

  1. From the login page you will need to successfully authenticate using your BCDE username and password.

  2. If you are logging in for the first time ever, or logging in after an upgrade, you may need to complete the Welcome process, where you will be asked to complete or update any personal information and to accept the terms and conditions of using the system.

  3. If you do not already have a phone number configured against your user account, you will be asked to provide one. The number that you enter must be capable of receiving an SMS security code. Click Next to move to the next step.



  4. An SMS message will be sent to the mobile phone number you entered in step 3. The SMS will contain a 6-digit authentication code. Type this code into the "Token" box and click Confirm Code.



  5. You should see a confirmation screen that your phone number has been successfully verified.



  6. At this point we would encourage you to set up a Two Factor Authentication App, which will make the login process smoother and more reliable. We recommend using the Twilio Authy authentication app, and steps for setting this up are in section 7. However, if you would prefer to continue using SMS only, click on Use SMS for 2FA in the bottom right.

6. When you log in to BCDE for the first time after migration from Twilio Authy to Twilio Verify you will need to follow these steps:

  1. From the login page you will need to successfully authenticate using your BCDE username and password.

  2. You will already have a phone number configured against your account, so you do not need to register your phone number again. On your first login after the migration from Twilio Authy to Twilio Verify you will immediately see a notification that an SMS has been sent to your registered mobile phone number. The SMS will contain a 6-digit authentication code. Type this code into the "Code" box and click Confirm Code

  3. At this point we would encourage you to set up a Two Factor Authentication App, which will make the login process smoother and more reliable. We recommend using the Twilio Authy authentication app, and steps for setting this up are in section 7 below.

    If you would prefer to continue using SMS only, click on Use SMS for 2FA in the bottom right.

7. How to set up the Twilio Authy Two Factor Authentication App

Steps for setting up other apps will be very similar, but not identical, to this described process.

  1. If you have just finished the initial phone number verification steps in section 5 or section 6, click on the Configure 2FA Authenticator App button in the bottom left.



  2. If you decide at a later point that you would like to configure the app, you can enable this by:
    1. Logging in using SMS

    2. Once you have reached the server Home page, click on your username in the top right corner of the screen, and choose View Security Settings

    3. Click on the link to Configure 2FA Authenticator App.

  3. There are three options which you can use to authenticate with your authenticator app. If you are using the Twilio Authy authenticator mobile app as we recommend, then we would advise using Option 1 - QR Code.



  4. Open the Twilio Authy authenticator app and click on the + icon to add a new entry.



  5. On the mobile app, you will be asked to scan the QR code on screen using your phone's camera.

  6. Name the entry in your authenticator app. We would recommend something like the server URL. Choose an icon to represent the entry. Click Save.



  7. A token will be shown on screen - make a note of it.



  8. Enter the token from the App back into the "Token" field at the bottom of the page and click Save.



  9. You should see a confirmation message that your authenticator app has been set up correctly. Click Okay.