We know you look to Authy to keep your important online logins secure, so we take phone change and account recovery requests very seriously. In order to help confirm that you are the actual account owner, we may need to ask validation questions or request a copy of your photo ID during this process. Since a photo ID usually contains sensitive personal information, you may want to know why we need this, and how we handle it. To help explain our processes, we have created this list of frequently asked questions.
I have not shared my photo ID with you previously - What are you doing with it?
When we request a copy of your photo ID, we do not use it for a comparison to a previously saved copy. We won't go into specifics here to protect our security processes, but suffice to say that we use the ID data for helping to confirming your identity as the account owner.
How is my photo ID copy stored and managed?
Each photo ID copy uploaded is immediately encrypted with a unique key. Authy never stores any photo ID copy - even temporarily - in an unencrypted state. Photo ID copies can only be accessed and decrypted via our internal services, and all attempts to access your ID copy are logged with the employee and timestamp.
How long will you store my photo ID copy and personal information?
We store a photo ID copy for a total of 45 days. A limited number of authorized employees have access to this data for 15 days from the time we receive it to run security validation checks. After this time, the data is secured and stored for safe keeping for another 30 days - just in case any issues arise from the phone change or account recovery processes. Once 45 days have passed, photo ID copies are deleted.
Information provided through the phone change or account recovery online forms is automatically removed after 90 days.
Does every phone change request require that I provide a photo ID and wait for at least 48 hours?
The requirements will vary depending upon your unique situation, but not all requests require a photo ID. If you need to setup Authy on a new device, but using the same phone number, AND have another Authy installation already configured for this number, you may be able to regain access without requesting an account recovery.
- If the Multi-Device option is enabled, you can just re-download the Authy app, and enter your old phone number to regain access.
- If Multi-Device is not enabled, you will need to request an account recovery.
If you also need to update a phone number, or do not have access to another Authy installation logged in to your account, you may need to request a formal recovery. For more information, please see our article Restoring Authy Access on a New, Lost, or Inaccessible Phone.