1. What is Two Factor Authentication or 2FA?
Two Factor Authentication or 2FA is a way of adding additional security to your account. The FIRST factor is your usual password that is standard for an account, the SECOND factor is a security code retrieved from an external device such as a smartphone, or a program on your computer.
In simple words, when you log in to your account using your username or or email and password, an extra security code is asked; i.e. a piece of private information which only and only you should know.
Lots of users, clients demand this type of service on their website. PayPal, Facebook, eBay, Yahoo, and many other websites support Two Factor Authentication nowadays.
2. How to enable the implementation of Two Factor Authentication?
The easiest and the fastest way to enable Two Factor Authentication on your website is to use Google Authenticator (Mobile App), which provides Two Factor Authentication for Google account logins, as well as other websites.
The Google Authenticator app is available for Android, iPhone, and Blackberry and can provide authentication based on one of the two proposed standards:
1. Time-based One Time Password (TOTP)
2. HMAC-Based One-time Password (HOTP).
3. Implementation of Two Factor Authentication in PHP
After a successful login or registration from users, we need to generate secret keys. These keys must be different for each user and it needs to be stored into the database on each user registration.
Step 1: We need the google2fa package in our project to use the Two Factor Authentication.
Install the google2fa package with composer
composer require pragmarx/google2faYou can also use BaconQrCode package for Inline QR codes.
Step 2: Create a registration page with basic details as per your requirements.
Step 3: Generate secret keys
use PragmaRX\Google2FA\Google2FA;
$google2fa = new Google2FA();
$google2fa_secret = $google2fa->generateSecretKey();Step 4: Generate the QR code URL using the secret key and user data to link your website to the application.
$QRcodeURL = $google2fa->getQRCodeGoogleUrl(
"My Website",
$user->email,
$user->google2fa_secret
);
Step 5: Display the QR code using the generated URL.
<img src="<?php echo $QRcodeURL; ?>" />
Step 6: Now, download the Google Authenticator App according on your mobile and begin.
To connect with the website, the user needs to either “scan the QR code” or enter the “secret code” into the Google Authenticator app. After that, the app will then generate a 6-digit code that is valid for 30 seconds. The user must enter this code on the website to complete the login.
here, I have added my demo website’s QR code.
Step 7: Now validate the data that has been entered in the form, with the database.
$secret = $_POST['secret'];
$valid = $google2fa->verifyKey($user->google2fa_secret, $secret);Hope this was helpful!
checkout our Best laravel packages to help you extend your project’s functionalities easily.
Great writeup buddy.. keep it up.
Thanks Sandeep
Very useful
Thanks Manthan
How to create Two Factor Authentication Backup codes for login if user phone is lost?
Sorry for the late reply. It is a quite an annoying process but if you take some precautions then you won’t face any problem to recover your account in case of your phone is stolen or lost. e.g take backup of secure code at a safe place so you can retrieve that code easily when you need it. You should check the below link.
https://support.google.com/accounts/answer/185834?hl=en
Thanks