Twilio and Authy are partnering to provide authentication customers with tools to address SIM swapping vulnerabilities, which hackers use to commit identity theft or account takeovers. The Authy trust-chain helps determine which app installs can be trusted for authentication by recording uniquely identifiable numbers assigned to every installed app, as well as the sequence of app installs and methods of installation. In a hypothetical scenario, a hacker attempts to use this system but is unable to authenticate due to the chain of trust established between Bob's devices, which prevents his Android phone from being trusted. The Authy API examines each authentication attempt and decides instantaneously which apps can be trusted for authentication. Twilio authentication customers should know that if an SMS-based one-time password is passed, no risk assessment is made unless there is already a device assigned to the user account, while a time-based one-time password from a known and trusted device allows the login, and a TOTP provided from an unknown device with SMS or phone call registration method does not trust the device.