Once a user is set up for two-factor authentication, subsequent logins will communicate with Twilio to issue a 2FA code to their registered SMS device and take the user to the token entry page. In most cases, the user can simply enter their code and log in as normal.
The first time a user enters a valid code, they are taken to a one-time backup code page where they have the opportunity to keep a record of the one-time backup code in cases when they don't have their mobile device.
When a user has a problem entering their token, they can use the troubleshooting option, which is available by selecting the "Didn't get a code?" link. When a user presses this, the troubleshooting page provides the following options:
- Resend code. For example, when the user took too long to enter the code and it expired, or in the unlikely case of a failed SMS delivery due to carrier or routing issues.
- Use a different phone number. The user is able to select an alternative pre-existing phone number stored on their personal information page. When an alternative phone number is selected, their existing Twilio user will be deactivated and replaced with a new user with the new phone number. The user is not permitted to enter a completely new number at this point; this would be insecure.
- Use a one-time backup code. The user can enter their one-time backup code. When a backup code is used, the user is presented with a new backup code.
A user will be unable to log in if they don't have their phone, don't have a one-time backup code, and don't have any other mobile devices on record. In this case, they will need to ask for help to get an alternative mobile device recorded against their personal information so that they can register this device instead.