diff --git a/network/authy.go b/network/authy.go
deleted file mode 100644
index 394bfbce..00000000
--- a/network/authy.go
+++ /dev/null
@@ -1,116 +0,0 @@
-package network
-
-import (
-	"errors"
-	stdlog "log"
-	"net/url"
-	"os"
-	"time"
-
-	"github.com/brianvoe/gofakeit/v6"
-	"github.com/dcu/go-authy"
-	"github.com/rs/zerolog"
-)
-
-// ErrAuthyDisabled means authy isn't enabled here. You can change that
-// in the .env file.
-var ErrAuthyDisabled = errors.New("authy is not enabled in this environment")
-
-var authyLoginMessage = "Log in to the APTrust registry."
-var authyTimeout = (45 * time.Second)
-
-type AuthyClient struct {
-	client  *authy.Authy
-	enabled bool
-	log     zerolog.Logger
-}
-
-type AuthyClientInterface interface {
-	AwaitOneTouch(string, string) (bool, error)
-	RegisterUser(string, int, string) (string, error)
-}
-
-func NewAuthyClient(authyEnabled bool, authyAPIKey string, log zerolog.Logger) AuthyClientInterface {
-	// Authy library logs to Stderr by default. We want either our logger
-	// (which doesn't support the standard go logger interface) or Stdout
-	// because Docker gathers Stdout logs.
-	authy.Logger = stdlog.New(os.Stdout, "[authy] ", stdlog.LstdFlags)
-	return &AuthyClient{
-		client:  authy.NewAuthyAPI(authyAPIKey),
-		enabled: authyEnabled,
-		log:     log,
-	}
-}
-
-// AwaitOneTouch sends a OneTouch login request via Authy and awaits
-// the user's response. Param authyID is the user's AuthyID. Param
-// userEmail is used for logging.
-//
-// This is a blocking request that waits up to 45 seconds for a user
-// to approve the one-touch push notification.
-//
-// If request is approved, this returns true. Otherwise, false.
-func (ac *AuthyClient) AwaitOneTouch(userEmail, authyID string) (bool, error) {
-	if !ac.enabled {
-		return false, ErrAuthyDisabled
-	}
-	details := authy.Details{}
-	req, err := ac.client.SendApprovalRequest(authyID, authyLoginMessage, details, url.Values{})
-	if err != nil {
-		ac.log.Error().Msgf("AuthyOneTouch error for %s: %v", userEmail, err)
-		return false, err
-	}
-	ac.log.Info().Msgf("AuthyOneTouch request id for %s: %s", userEmail, req.UUID)
-	status, err := ac.client.WaitForApprovalRequest(req.UUID, authyTimeout, url.Values{})
-	if status == authy.OneTouchStatusApproved {
-		ac.log.Info().Msgf("AuthyOneTouch approved for %s (%s)", userEmail, req.UUID)
-		return true, nil
-	} else {
-		ac.log.Warn().Msgf("AuthyOneTouch %s for %s (%s)", status, userEmail, req.UUID)
-	}
-	return false, nil
-}
-
-// RegisterUser registers a user with Authy for this app. Note that
-// users need separate registrations for each environment (dev, demo,
-// prod, etc.).
-//
-// On success, this returns the user's new AuthyID. The caller is
-// responsible for attaching that ID to the user object and saving
-// it to the database.
-//
-// Use user.CountryCodeAndPhone() to get country code and phone number,
-// as these need to be separate. Do not pass user.PhoneNumber in format
-// "+<country_code><number>" because that won't work.
-func (ac *AuthyClient) RegisterUser(userEmail string, countryCode int, phone string) (string, error) {
-	if !ac.enabled {
-		return "", ErrAuthyDisabled
-	}
-	authyUser, err := ac.client.RegisterUser(userEmail, countryCode, phone, url.Values{})
-	if err != nil {
-		ac.log.Error().Msgf("Can't register user %s (%d %s) with Authy: %v", userEmail, countryCode, phone, err)
-		return "", err
-	}
-	return authyUser.ID, err
-}
-
-// MockAuthyClient is used in testing.
-type MockAuthyClient struct{}
-
-// NewMockAuthyClient returns a mock authy client for testing.
-func NewMockAuthyClient() AuthyClientInterface {
-	return &MockAuthyClient{}
-}
-
-// AwaitOneTouch for unit tests. Returns true unless param authyID == "fail".
-func (m *MockAuthyClient) AwaitOneTouch(userEmail, authyID string) (bool, error) {
-	if authyID == "fail" {
-		return false, nil
-	}
-	return true, nil
-}
-
-// RegisterUser for unit testing. Always succeeds.
-func (m *MockAuthyClient) RegisterUser(userEmail string, countryCode int, phone string) (string, error) {
-	return gofakeit.FarmAnimal(), nil
-}
diff --git a/network/authy_test.go b/network/authy_test.go
deleted file mode 100644
index ccddb853..00000000
--- a/network/authy_test.go
+++ /dev/null
@@ -1,42 +0,0 @@
-package network_test
-
-import (
-	"io/ioutil"
-	"testing"
-
-	"github.com/APTrust/registry/network"
-	"github.com/rs/zerolog"
-	"github.com/stretchr/testify/assert"
-)
-
-func TestAuthyClient(t *testing.T) {
-	client := network.NewAuthyClient(false, "SecretKey",
-		zerolog.New(ioutil.Discard))
-	assert.NotNil(t, client)
-
-	// Test authy when disabled.
-	response, err := client.RegisterUser("homer@example.com", 1, "302-555-1212")
-	assert.Empty(t, response)
-	assert.Equal(t, network.ErrAuthyDisabled, err)
-
-	ok, err := client.AwaitOneTouch("homer@example.com", "no-id")
-	assert.False(t, ok)
-	assert.Equal(t, network.ErrAuthyDisabled, err)
-
-	// Test our mock authy client. This seems superfluous, but
-	// we want to make sure it works for tests in web/webui.
-	client = network.NewMockAuthyClient()
-	assert.NotNil(t, client)
-
-	response, err = client.RegisterUser("homer@example.com", 1, "302-555-1212")
-	assert.NotEmpty(t, response)
-	assert.Nil(t, err)
-
-	ok, err = client.AwaitOneTouch("homer@example.com", "no-id")
-	assert.True(t, ok)
-	assert.Nil(t, err)
-
-	ok, err = client.AwaitOneTouch("homer@example.com", "fail")
-	assert.False(t, ok)
-	assert.Nil(t, err)
-}
diff --git a/notes.md b/notes.md
index 20d34ab4..998d67a4 100644
--- a/notes.md
+++ b/notes.md
@@ -103,12 +103,9 @@ Remember, depdenency hell and mountains of garbage code are only one npm package
 
 * Email/password login
 * Two-factor text/sms
-* Two-factor Authy
 
 To ensure users won't have to change their passwords when moving from the Rails app, implement the same password encryption scheme as Devise. The scheme is described [here](https://www.freecodecamp.org/news/how-does-devise-keep-your-passwords-safe-d367f6e816eb/), and the [Go bcrypt library](https://pkg.go.dev/golang.org/x/crypto/bcrypt) should be able to support it.
 
-For two-factor auth, since we're already using Authy, try the [Go Client for Authy](https://github.com/dcu/go-authy).
-
 ### Edit
 
 * edit details (phone, etc.)
@@ -345,7 +342,7 @@ The term "items" below refers to Intellectual Objects, Generic Files, Checksums,
 
 # Two Factor Authentication
 
-Current Pharos users who have enabled two-factor authentication receive one-time passwords through SMS or push notifications through Authy OneTouch. These methods were chosen after long discussion with depositors and we cannot change them without another long discussion. So for now, we're sticking with these two.
+Current Pharos users who have enabled two-factor authentication receive one-time passwords through SMS. This method was chosen after long discussion with depositors and we cannot change this without another long discussion. So for now, we're sticking with these two.
 
 Notes on two-factor setup and workflow have grown large enoug to warrant their own document. See [Two Factor Notes](two_factor_notes.md).
 
diff --git a/pgmodels/user.go b/pgmodels/user.go
index 0917ced3..f0db7d3d 100644
--- a/pgmodels/user.go
+++ b/pgmodels/user.go
@@ -160,7 +160,7 @@ type User struct {
 	// push, so they can login with one-touch. Anything else means SMS,
 	// but call IsTwoFactorUser() to make sure they're actually require
 	// two-factor auth before trying to text them.
-	AuthyStatus string `json:"authy_status" pg:"authy_status"`
+	MFAStatus string `json:"authy_status" pg:"authy_status"`
 
 	// EmailVerified will be true once the system has verified that the
 	// user's email address is correct.
diff --git a/pgmodels/user_view.go b/pgmodels/user_view.go
index 4a1b4e60..ed536605 100644
--- a/pgmodels/user_view.go
+++ b/pgmodels/user_view.go
@@ -37,7 +37,7 @@ type UserView struct {
 	ConfirmedTwoFactor     bool      `json:"confirmed_two_factor" pg:"confirmed_two_factor"`
 	AuthyID                string    `json:"-" pg:"authy_id"`
 	LastSignInWithAuthy    time.Time `json:"last_sign_in_with_authy" pg:"last_sign_in_with_authy"`
-	AuthyStatus            string    `json:"authy_status" pg:"authy_status"`
+	MFAStatus              string    `json:"authy_status" pg:"authy_status"`
 	EmailVerified          bool      `json:"email_verified" pg:"email_verified"`
 	InitialPasswordUpdated bool      `json:"initial_password_updated" pg:"initial_password_updated"`
 	ForcePasswordUpdate    bool      `json:"force_password_update" pg:"force_password_update"`
diff --git a/views/users/backup_codes.html b/views/users/backup_codes.html
index 2c08ff9b..c8f071cb 100644
--- a/views/users/backup_codes.html
+++ b/views/users/backup_codes.html
@@ -15,7 +15,7 @@ <h2>Backup Codes</h2>
   </div>
 
   <p class="mb-5">Please copy the backup codes below. You can use these for two-factor login when you don't have access
-    to Authy or text messages. These backup codes supersede all previously-generated codes.</p>
+    to text messages. These backup codes supersede all previously-generated codes.</p>
 
   <!--
       Note that two_factor_controller_test.go looks for these span tags
diff --git a/views/users/choose_second_factor.html b/views/users/choose_second_factor.html
index 073d8952..1ebeb3d8 100644
--- a/views/users/choose_second_factor.html
+++ b/views/users/choose_second_factor.html
@@ -25,12 +25,6 @@ <h2>Multi-Factor Authentication Required</h2>
   <div class="modal-content">
     <p class="mb-3">How would you like to complete your login?</p>
 
-    <div class="two-factor-option mb-3">
-      <button class="button is-primary" onclick="submitSecondFactor('authy')" disabled title="Authy is temporarily not available. APTrust is working to resolve this issue.">Authy</button>
-      <article id="two-factor-method-authy" class="message is-info mt-4 two-factor-message" style="display:none">
-        <div class="message-body">Sent push notification.</div>
-      </article>
-    </div>
     <div class="two-factor-option mb-3">
       <button class="button is-primary" onclick="submitSecondFactor('sms')">Text Message</button>
       <article id="two-factor-method-sms" class="message is-info mt-4 two-factor-message" style="display:none">
diff --git a/views/users/init_2fa_setup.html b/views/users/init_2fa_setup.html
index 4ef963c8..c5e74557 100644
--- a/views/users/init_2fa_setup.html
+++ b/views/users/init_2fa_setup.html
@@ -24,7 +24,7 @@ <h2>Two-Factor Method</h2>
       </div>
 
       <div class="columns">
-        <div class="column">{{ template "forms/radio.html" .form.Fields.AuthyStatus }}</div>
+        <div class="column">{{ template "forms/radio.html" .form.Fields.MFAStatus }}</div>
       </div>
 
       {{ template "forms/csrf_token.html" . }}
@@ -36,9 +36,9 @@ <h2>Two-Factor Method</h2>
 </div>
 
 <script>
- let currentMethod = '{{ .CurrentUser.AuthyStatus }}'
+ let currentMethod = '{{ .CurrentUser.MFAStatus }}'
  function confirmChange() {
-     let selectedMethod = document.forms['twoFactorSetupForm']['AuthyStatus'].value
+     let selectedMethod = document.forms['twoFactorSetupForm']['MFAStatus'].value
      if (selectedMethod != currentMethod && selectedMethod.toLowerCase() == 'none') {
          return confirm('Are you sure you want to turn off two-factor authentication?')
      }
diff --git a/views/users/my_account.html b/views/users/my_account.html
index 97fc5958..83d803c1 100644
--- a/views/users/my_account.html
+++ b/views/users/my_account.html
@@ -52,12 +52,8 @@ <h4>{{ roleName .CurrentUser.Role }} at {{ .CurrentUser.Institution.Name }}</h4>
         <dd class="text-table">{{ yesNo .CurrentUser.ConfirmedTwoFactor }}</dd>
         <dt class="text-label text-xs is-grey-dark">2FA Required By</dt>
         <dd class="text-table">{{ dateUS .CurrentUser.GracePeriod }}</dd>
-        <dt class="text-label text-xs is-grey-dark">Authy Status</dt>
-        <dd class="text-table">{{ defaultString .CurrentUser.AuthyStatus "N/A" }}</dd>
-        <dt class="text-label text-xs is-grey-dark">Authy ID</dt>
-        <dd class="text-table">{{ defaultString .CurrentUser.AuthyID "N/A" }}</dd>
-        <dt class="text-label text-xs is-grey-dark">Last Authy SignIn</dt>
-        <dd class="text-table">{{ dateUS .CurrentUser.LastSignInWithAuthy }}</dd>
+        <dt class="text-label text-xs is-grey-dark">2FA Status</dt>
+        <dd class="text-table">{{ defaultString .CurrentUser.MFAStatus "N/A" }}</dd>
       </dl>
 
       <dl class="data-list">
diff --git a/views/users/show.html b/views/users/show.html
index 7ce0f325..0c66e562 100644
--- a/views/users/show.html
+++ b/views/users/show.html
@@ -67,12 +67,8 @@ <h4>{{ roleName .user.Role }} at {{ .user.Institution.Name }}</h4>
         <dd class="text-table">{{ yesNo .user.ConfirmedTwoFactor }}</dd>
         <dt class="text-label text-xs is-grey-dark">2FA Required By</dt>
         <dd class="text-table">{{ dateUS .user.GracePeriod }}</dd>
-        <dt class="text-label text-xs is-grey-dark">Authy Status</dt>
-        <dd class="text-table">{{ defaultString .user.AuthyStatus "N/A" }}</dd>
-        <dt class="text-label text-xs is-grey-dark">Authy ID</dt>
-        <dd class="text-table">{{ defaultString .user.AuthyID "N/A" }}</dd>
-        <dt class="text-label text-xs is-grey-dark">Last Authy SignIn</dt>
-        <dd class="text-table">{{ dateUS .user.LastSignInWithAuthy }}</dd>
+        <dt class="text-label text-xs is-grey-dark">MFA Status</dt>
+        <dd class="text-table">{{ defaultString .user.MFAStatus "N/A" }}</dd>
       </dl>
 
       <dl class="data-list">
diff --git a/web/webui/two_factor_controller.go b/web/webui/two_factor_controller.go
index a20e112c..4d1b6c8d 100644
--- a/web/webui/two_factor_controller.go
+++ b/web/webui/two_factor_controller.go
@@ -14,7 +14,7 @@ import (
 )
 
 // UserTwoFactorChoose shows a list of radio button options so a user
-// can choose their two-factor auth method (Authy, Backup Code, SMS).
+// can choose their two-factor auth method (Backup Code, SMS).
 // We show this page after a user has entered their email and password,
 // if they have two-factor enabled. This is part of the login process,
 // not part of the setup process.
@@ -65,25 +65,6 @@ func UserTwoFactorGenerateSMS(c *gin.Context) {
 	c.HTML(http.StatusOK, "users/enter_auth_token.html", req.TemplateData)
 }
 
-// UserTwoFactorPush initiates a push request to the user's authentication
-// app asking them to approve the login. This method waits for a response
-// from the authentication service. It's a POST to avoid GET spam.
-// POST form includes CSRF token.
-//
-// POST /users/2fa_push/
-func UserTwoFactorPush(c *gin.Context) {
-	req := NewRequest(c)
-	approved, err := userSendAuthyOneTouch(req)
-	if AbortIfError(c, err) {
-		return
-	}
-	if approved {
-		c.Redirect(http.StatusFound, "/dashboard")
-		return
-	}
-	c.Redirect(http.StatusFound, "/users/sign_out")
-}
-
 // UserTwoFactorVerify verifies the SMS or backup code that the user
 // entered on TwoFactorEnter.
 //
@@ -145,8 +126,7 @@ func UserInit2FASetup(c *gin.Context) {
 
 // UserComplete2FASetup receives a form from UserInit2FASetup.
 // If user chooses SMS, we need to send them a code via SMS and have
-// them enter it here to confirm. If they choose Authy, we need to
-// register them if they're not already registered.
+// them enter it here to confirm.
 //
 // POST /users/2fa_setup
 func UserComplete2FASetup(c *gin.Context) {
@@ -175,14 +155,14 @@ func UserComplete2FASetup(c *gin.Context) {
 	}
 
 	user.PhoneNumber = prefs.NewPhone
-	user.AuthyStatus = prefs.NewMethod
+	user.MFAStatus = prefs.NewMethod
 
-	// When turning off two factor, be sure to also clear AuthyStatus,
+	// When turning off two factor, be sure to also clear MFAStatus,
 	// or system will continue to expect to receive a second factor and
 	// user will be locked out. https://trello.com/c/UbYlbdyT
 	if prefs.DoNotUseTwoFactor() {
 		user.EnabledTwoFactor = false
-		user.AuthyStatus = ""
+		user.MFAStatus = ""
 		err = user.Save()
 		if AbortIfError(c, err) {
 			return
@@ -197,22 +177,6 @@ func UserComplete2FASetup(c *gin.Context) {
 		return
 	}
 
-	if prefs.UseAuthy() {
-		ok, err := userCompleteAuthySetup(req, prefs)
-		if AbortIfError(c, err) {
-			return
-		}
-		if ok {
-			helpers.SetFlashCookie(c, "Your two-factor setup is complete. Next time you log in, you'll receive a push notification from Authy to complete the sign-in process.")
-			c.Redirect(http.StatusFound, "/users/my_account")
-			return
-		} else {
-			// User did not approve
-			c.Redirect(http.StatusFound, "/users/sign_out")
-			return
-		}
-	}
-
 	if prefs.NeedsSMSConfirmation() {
 		// Send SMS code and redirect to UserConfirmPhone
 		err = UserCompleteSMSSetup(req)
@@ -253,29 +217,6 @@ func UserConfirmPhone(c *gin.Context) {
 	}
 }
 
-// UserRegisterWithAuthy registers a user with Authy.
-func UserAuthyRegister(req *Request) error {
-	user := req.CurrentUser
-	if user.AuthyID != "" {
-		return common.ErrAlreadyHasAuthyID
-	}
-	countryCode, phone, err := user.CountryCodeAndPhone()
-	if err != nil {
-		return err
-	}
-	authyID, err := common.Context().AuthyClient.RegisterUser(
-		user.Email, int(countryCode), phone)
-	if err != nil {
-		return err
-	}
-	user.AuthyID = authyID
-	err = user.Save()
-	if err != nil {
-		return err
-	}
-	return nil
-}
-
 // UserGenerateBackupCodes generates a set of five new, random backup
 // codes and displays them to the user.
 //
@@ -303,44 +244,6 @@ func UserGenerateBackupCodes(c *gin.Context) {
 	c.HTML(http.StatusOK, "users/backup_codes.html", req.TemplateData)
 }
 
-// Send an Authy OneTouch message to the user and await the
-// response. This returns a boolean indicating whether the
-// user approved the login.
-func userSendAuthyOneTouch(req *Request) (bool, error) {
-	if req.CurrentUser.AuthyID == "" {
-		return false, common.ErrNoAuthyID
-	}
-	ok, err := common.Context().AuthyClient.AwaitOneTouch(
-		req.CurrentUser.Email, req.CurrentUser.AuthyID)
-	if err != nil {
-		return false, err
-	}
-	if ok {
-		// User approved login request
-		req.CurrentUser.AwaitingSecondFactor = false
-		req.CurrentUser.EncryptedOTPSecret = ""
-		err := req.CurrentUser.Save()
-		if err != nil {
-			return false, err
-		}
-	}
-	return ok, err
-}
-
-// Send an Authy push message to the user so they can confirm
-// that Authy works.
-func userConfirmAuthy(req *Request) (bool, error) {
-	approved, err := userSendAuthyOneTouch(req)
-	if approved {
-		req.CurrentUser.ConfirmedTwoFactor = true
-		err = req.CurrentUser.Save()
-	}
-	if err == nil && !approved {
-		common.Context().Log.Warn().Msgf("User %s rejected Authy confirmation", req.CurrentUser.Email)
-	}
-	return approved, err
-}
-
 // This compares the user-supplied one-time password against all of the
 // user's backup codes. If one matches, we delete that backup code and
 // return true.
@@ -359,22 +262,6 @@ func userVerifyBackupCode(req *Request, otp string) (bool, error) {
 	return tokenIsValid, err
 }
 
-func userCompleteAuthySetup(req *Request, prefs *TwoFactorPreferences) (ok bool, err error) {
-	if prefs.NeedsAuthyRegistration() {
-		err = UserAuthyRegister(req)
-		if err != nil {
-			return false, err
-		}
-	}
-	if prefs.NeedsAuthyConfirmation() {
-		ok, err = userConfirmAuthy(req)
-		if err != nil {
-			return false, err
-		}
-	}
-	return ok, err
-}
-
 func UserCompleteSMSSetup(req *Request) error {
 	// Send SMS code and redirect to UserConfirmPhone
 	user := req.CurrentUser
diff --git a/web/webui/two_factor_controller_test.go b/web/webui/two_factor_controller_test.go
index 471e503b..7c900781 100644
--- a/web/webui/two_factor_controller_test.go
+++ b/web/webui/two_factor_controller_test.go
@@ -9,7 +9,6 @@ import (
 
 	"github.com/APTrust/registry/common"
 	"github.com/APTrust/registry/constants"
-	"github.com/APTrust/registry/network"
 
 	"github.com/APTrust/registry/pgmodels"
 	"github.com/APTrust/registry/web/testutil"
@@ -50,17 +49,17 @@ func TestUserTwoFactorChoose(t *testing.T) {
 	// Sign in as two-factor user and make sure we get the choice page.
 	wasEnabled := testutil.SmsUser.EnabledTwoFactor
 	wasConfirmed := testutil.SmsUser.ConfirmedTwoFactor
-	oldMethod := testutil.SmsUser.AuthyStatus
+	oldMethod := testutil.SmsUser.MFAStatus
 	defer func() {
 		testutil.SmsUser.EnabledTwoFactor = wasEnabled
 		testutil.SmsUser.ConfirmedTwoFactor = wasConfirmed
-		testutil.SmsUser.AuthyStatus = oldMethod
+		testutil.SmsUser.MFAStatus = oldMethod
 		testutil.SmsUser.Save()
 	}()
 
 	testutil.SmsUser.EnabledTwoFactor = true
 	testutil.SmsUser.ConfirmedTwoFactor = true
-	testutil.SmsUser.AuthyStatus = constants.TwoFactorSMS
+	testutil.SmsUser.MFAStatus = constants.TwoFactorSMS
 	require.Nil(t, testutil.SmsUser.Save())
 
 	signInForm := map[string]string{
@@ -74,7 +73,6 @@ func TestUserTwoFactorChoose(t *testing.T) {
 
 	itemsOnChoosePage := []string{
 		"csrf_token",
-		"submitSecondFactor('authy')",
 		"submitSecondFactor('sms')",
 		"submitSecondFactor('backup')",
 	}
@@ -138,27 +136,6 @@ func TestUserTwoFactorGenerateSMS(t *testing.T) {
 	assert.NotEqual(t, oldTimestamp, reloadedUser.EncryptedOTPSentAt)
 }
 
-func TestUserTwoFactorPush(t *testing.T) {
-	aptContext := common.Context()
-	originalAuthyClient := aptContext.AuthyClient
-	aptContext.AuthyClient = network.NewMockAuthyClient()
-
-	origAuthyID := testutil.Inst1User.AuthyID
-	testutil.Inst1User.AuthyID = "abc123"
-	require.Nil(t, testutil.Inst1User.Save())
-
-	defer func() {
-		aptContext.AuthyClient = originalAuthyClient
-		testutil.Inst1User.AuthyID = origAuthyID
-		testutil.Inst1User.Save()
-	}()
-
-	testutil.Inst1UserClient.POST("/users/2fa_push").
-		WithHeader("Referer", testutil.BaseURL).
-		WithFormField(constants.CSRFTokenName, testutil.Inst1UserToken).
-		Expect().Status(http.StatusOK)
-}
-
 func TestUserTwoFactorVerify(t *testing.T) {
 	targetURL := "/users/2fa_verify"
 	failureStrings := []string{
@@ -177,7 +154,6 @@ func TestUserTwoInit2FASetup(t *testing.T) {
 	testutil.InitHTTPTests(t)
 	expected := []string{
 		`name="PhoneNumber"`,
-		`name="AuthyStatus"`,
 		"confirmChange()",
 	}
 	html := testutil.Inst1UserClient.GET("/users/2fa_setup").
@@ -191,7 +167,6 @@ func TestUserTwoComplete2FASetup(t *testing.T) {
 	// to use a throwaway user, or ensure we can revert user
 	// to known state expected by other tests.
 	//
-	// - Changing to Authy (can't test fully unless we mock Authy)
 	// - Changing to SMS   (partially tested above in TestCompleteSMSSetup)
 	// - Changing to None
 	//
@@ -199,19 +174,13 @@ func TestUserTwoComplete2FASetup(t *testing.T) {
 	// a few cases.
 
 	aptContext := common.Context()
-	originalAuthyClient := aptContext.AuthyClient
-	aptContext.AuthyClient = network.NewMockAuthyClient()
-
-	defer func() {
-		aptContext.AuthyClient = originalAuthyClient
-	}()
 
 	// Submit with no change
 	expect := testutil.Inst1UserClient.POST("/users/2fa_setup").
 		WithHeader("Referer", testutil.BaseURL).
 		WithFormField(constants.CSRFTokenName, testutil.Inst1UserToken).
 		WithFormField("PhoneNumber", testutil.Inst1User.PhoneNumber).
-		WithFormField("AuthyStatus", testutil.Inst1User.AuthyStatus).
+		WithFormField("MFAStatus", testutil.Inst1User.MFAStatus).
 		Expect()
 	html := expect.Body().Raw()
 	assert.True(t, strings.Contains(html, "Your two-factor preferences remain unchanged."))
@@ -221,28 +190,17 @@ func TestUserTwoComplete2FASetup(t *testing.T) {
 		WithHeader("Referer", testutil.BaseURL).
 		WithFormField(constants.CSRFTokenName, testutil.Inst1UserToken).
 		WithFormField("PhoneNumber", "+12223334444").
-		WithFormField("AuthyStatus", "").
+		WithFormField("MFAStatus", "").
 		Expect()
 	html = expect.Body().Raw()
 	assert.True(t, strings.Contains(html, "Your phone number has been updated."))
 
-	// Submit with change to Phone number and AuthyStatus
-	expect = testutil.Inst1UserClient.POST("/users/2fa_setup").
-		WithHeader("Referer", testutil.BaseURL).
-		WithFormField(constants.CSRFTokenName, testutil.Inst1UserToken).
-		WithFormField("PhoneNumber", "+15556662627").
-		WithFormField("AuthyStatus", constants.TwoFactorAuthy).
-		Expect()
-	html = expect.Body().Raw()
-	assert.True(t, strings.Contains(html, "Your two-factor setup is complete."))
-	assert.True(t, strings.Contains(html, "receive a push notification from Authy to complete the sign-in process."))
-
 	// Submit with change to Phone number and SMS
 	expect = testutil.Inst1UserClient.POST("/users/2fa_setup").
 		WithHeader("Referer", testutil.BaseURL).
 		WithFormField(constants.CSRFTokenName, testutil.Inst1UserToken).
 		WithFormField("PhoneNumber", "+15556662888").
-		WithFormField("AuthyStatus", constants.TwoFactorSMS).
+		WithFormField("MFAStatus", constants.TwoFactorSMS).
 		Expect()
 	html = expect.Body().Raw()
 	assert.True(t, strings.Contains(html, "Enter the code we just texted you into the box below."))
@@ -252,7 +210,7 @@ func TestUserTwoComplete2FASetup(t *testing.T) {
 		WithHeader("Referer", testutil.BaseURL).
 		WithFormField(constants.CSRFTokenName, testutil.Inst1UserToken).
 		WithFormField("PhoneNumber", "+15556662888").
-		WithFormField("AuthyStatus", constants.TwoFactorNone).
+		WithFormField("MFAStatus", constants.TwoFactorNone).
 		Expect()
 	html = expect.Body().Raw()
 	assert.True(t, strings.Contains(html, "Two-factor authentication has been turned off for your account."))
@@ -262,7 +220,7 @@ func TestUserTwoComplete2FASetup(t *testing.T) {
 	require.NoError(t, err)
 	require.NotNil(t, user)
 	assert.False(t, user.EnabledTwoFactor)
-	assert.Empty(t, user.AuthyStatus)
+	assert.Empty(t, user.MFAStatus)
 }
 
 func TestUserConfirmPhone(t *testing.T) {
diff --git a/web/webui/two_factor_preferences.go b/web/webui/two_factor_preferences.go
index 961975fb..771aea65 100644
--- a/web/webui/two_factor_preferences.go
+++ b/web/webui/two_factor_preferences.go
@@ -15,16 +15,16 @@ type TwoFactorPreferences struct {
 
 func NewTwoFactorPreferences(req *Request) (*TwoFactorPreferences, error) {
 	oldPhone := req.CurrentUser.PhoneNumber
-	oldMethod := req.CurrentUser.AuthyStatus
+	oldMethod := req.CurrentUser.MFAStatus
 
-	// Get phone and authy data submitted in the form.
+	// Get phone and method data submitted in the form.
 	user := &pgmodels.User{}
 	err := req.GinContext.ShouldBind(user)
 	if err != nil {
 		return nil, err
 	}
 
-	// Make sure phone is formatted the way Authy & SMS/SNS like it,
+	// Make sure phone is formatted the way SMS/SNS likes it,
 	// with leading + and country code. https://trello.com/c/QLMjQiyj
 	user.ReformatPhone()
 
@@ -32,7 +32,7 @@ func NewTwoFactorPreferences(req *Request) (*TwoFactorPreferences, error) {
 		OldPhone:  oldPhone,
 		NewPhone:  user.PhoneNumber,
 		OldMethod: oldMethod,
-		NewMethod: user.AuthyStatus,
+		NewMethod: user.MFAStatus,
 		User:      user,
 	}
 
@@ -59,22 +59,10 @@ func (p *TwoFactorPreferences) DoNotUseTwoFactor() bool {
 	return p.NewMethod == constants.TwoFactorNone
 }
 
-func (p *TwoFactorPreferences) UseAuthy() bool {
-	return p.NewMethod == constants.TwoFactorAuthy
-}
-
 func (p *TwoFactorPreferences) UseSMS() bool {
 	return p.NewMethod == constants.TwoFactorSMS
 }
 
-func (p *TwoFactorPreferences) NeedsAuthyRegistration() bool {
-	return p.NewMethod == constants.TwoFactorAuthy && p.User.AuthyID == ""
-}
-
-func (p *TwoFactorPreferences) NeedsAuthyConfirmation() bool {
-	return p.NeedsConfirmation() && p.NewMethod == constants.TwoFactorAuthy
-}
-
 func (p *TwoFactorPreferences) NeedsSMSConfirmation() bool {
 	return p.NeedsConfirmation() && p.NewMethod == constants.TwoFactorSMS
 }
diff --git a/web/webui/two_factor_preferences_test.go b/web/webui/two_factor_preferences_test.go
index 25f932ca..7d100d29 100644
--- a/web/webui/two_factor_preferences_test.go
+++ b/web/webui/two_factor_preferences_test.go
@@ -22,40 +22,13 @@ func TestTwoFactorPreferences(t *testing.T) {
 	prefs.NewPhone = "12223334444"
 	assert.True(t, prefs.PhoneChanged())
 
-	assert.False(t, prefs.MethodChanged())
-	prefs.NewMethod = constants.TwoFactorAuthy
-	assert.True(t, prefs.MethodChanged())
-
 	prefs.NewMethod = constants.TwoFactorNone
 	assert.True(t, prefs.DoNotUseTwoFactor())
-	assert.False(t, prefs.UseAuthy())
 	assert.False(t, prefs.UseSMS())
 
 	prefs.NewMethod = constants.TwoFactorSMS
 	assert.False(t, prefs.DoNotUseTwoFactor())
-	assert.False(t, prefs.UseAuthy())
 	assert.True(t, prefs.UseSMS())
 
-	prefs.NewMethod = constants.TwoFactorAuthy
-	assert.False(t, prefs.DoNotUseTwoFactor())
-	assert.True(t, prefs.UseAuthy())
-	assert.False(t, prefs.UseSMS())
-
-	prefs.NewMethod = constants.TwoFactorAuthy
-	prefs.User.AuthyID = ""
-	assert.True(t, prefs.NeedsAuthyRegistration())
-
-	prefs.NewMethod = constants.TwoFactorSMS
-	prefs.User.AuthyID = ""
-	assert.False(t, prefs.NeedsAuthyRegistration())
-
-	prefs.NewMethod = constants.TwoFactorAuthy
-	prefs.User.AuthyID = "12345"
-	assert.False(t, prefs.NeedsAuthyRegistration())
-
-	assert.True(t, prefs.NeedsAuthyConfirmation())
-	prefs.NewMethod = constants.TwoFactorSMS
-	assert.False(t, prefs.NeedsAuthyConfirmation())
-
 	assert.True(t, prefs.NeedsSMSConfirmation())
 }