An #API for #Google #Authenticator – add free #2FA to your app.
Two factor authentication is a way to level up your security, beyond username and password. Using Google Authenticator is also a great way to do this for free, since it doesn’t incur costs such as doing 2FA via SMS.
It does require a basic tech awareness, so if your typical user is elderly, then this is not the way to go.
You can of course use Google Authenticator without using an API, you can implement the crypto code yourself, but using this API at AuthenticatorAPI.com does save you alot of development time, since it’s just two API calls.
So, how does it work?, well first you have to generate a random code. This could be just any random code that comes to your head, or perhaps better, to generate a random code per user, and store this.
You now need to show a QR code to a user, which they scan into the Authenticator App. The QR code is generated using the API, and is just a block of HTML you display on your page. It’s 300×300 pixels in size.
To do this, you call;
https://www.authenticatorApi.com/pair.aspx?AppName=MyApp&AppInfo=John&SecretCode=12345678BXYT
Once the user has paired, and they go to log in, you prompt them for their pin. You then have to send the PIN and the SecretCode from earlier to our API, and it will return either True or False.
By Calling;
https://www.authenticatorApi.com/Validate.aspx?Pin=123456&SecretCode=12345678BXYT
The pin is time dependent, so the same PIN won’t work the following day. This defeats key loggers and replay attacks.
As an update for 2020, this code is going to get buried under ice in Svalbard, under Github’s archive program!
