Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to add Google Authenticator to my website?

Tags:

javascript

node.js

google-authentication

two-factor-authentication

I have a web app that is Angular2 on the front-end and NodeJS on the back-end. I want to allow clients to use Google Authenticator to make their accounts more secure.

How can I implement/use Google Authenticator in my website? I cannot find an API to use or and tutorials to follow or any libraries to use. Where can I find some resources to do this?

like image 806
georgej Avatar asked Jun 27 '17 19:06

georgej

People also ask

How do I use Authenticator on my website?

You enable 2-step authentication at the website, and then. Indicate you want to use your Google Authenticator app to generate codes. Next, you use the Google Authenticator app on your phone to scan a code displayed by the website on your computer screen, and then. The Authenticator app adds the account.

How does Google Authenticator work with websites?

To log into a site or service that uses two-factor authentication and supports Authenticator, the user provides a username and password to the site. The site then computes (but does not display) the required six-digit one-time password and asks the user to enter it.

Is Google Authenticator available on Web?

Basically, Google Authenticator receives a scanned code from the app that is setting up 2FA, and then it produces a 2FA code to access the app or online account. However, since it only works on Android and iOS devices, it cannot work on desktop PCs directly.

How would you implement 2FA for a public website?

SMS Token. Perhaps the most common method of implementing 2FA. This method sends the user a unique token via SMS text message, normally a 5-10 digit code, after they have successfully entered their username and password. The user then needs to provide this unique token before they are granted access.

1 Answers

The key phrase that you're looking for is "TOTP" (Time-Based One-time Password) - and it is a specification, rather than an API maintained by Google.

At a very high level, your backend will generate a secret that it will share with your users' Google Authenticator app. At login, both the Authenticator app and your backend with use the stored secret and current time to generate a single-use key. If the keys match, it means that the secrets match, and the user may be logged in.

The SpeakEasy node implementation seems to be pretty popular on github.

like image 58
Andrew Rueckert Avatar answered Sep 17 '22 20:09

Andrew Rueckert
Sign in to Comment

Related questions

Is it safe to delete elements in a Set while iterating with for..of?
socket.io: send message to specific room (client side)
Cannot read property 'getHostNode' of null
AutoFocus an input element in react JS
Get ISO string from a date without time zone
What's the purpose of `Object.defineProperty(exports, "__esModule", { value: !0 })`?
What's different between Python and Javascript regular expressions?
Function.prototype.bind with null as argument
How do I get the (x, y) pixel coordinates of the caret in text boxes?
Accessing Current Tab DOM Object from "popup.html"?
Javascript regex compared to Perl regex
What is HTML5 File.slice method actually doing?
How can I automatically compress and minimize JavaScript files in an ASP.NET MVC app?
How to provide ECMAScript 5 (ES 5)-shim?
Null-coalescing in Javascript?
"Include" one javascript file to another one [duplicate]
How to handle passing/returning array pointers to emscripten compiled code?
How to inject content of CSS file into HTML in Gulp? [closed]
Chromium localStorage not showing in Developer Tools
Angular2 zone.run() vs ChangeDetectorRef.detectChanges()

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!