Multifactor authentication with Google Authenticator

Oct. 8, 2017 0 comments ADMIN Magazine Pen Testing & Audits

Login security increases significantly when using a combination of factors to authenticate a user (i.e., multifactor authentication). In most situations, two-factor authentication is usually enough. The first authentication factor is usually a password or key, with various possibilities for the second factor, including hardware tokens owned by authorized users or one-time password (OTP) generators that provide OTP tokens. One-time passwords come in several varieties (e.g., hardware, software, grid card). A popular, free, and simple way to implement two-factor authentication (2FA) with OTP is Google Authenticator, which is available in the form of an app for iOS and Android and as source code [1] for the server side. Better Protection Google Authenticator provides time-based one-time passwords (TOTPs) as per RFC 6238, which means that a password is only valid for a certain amount of time. Time-based passwords, then, are virtually worthless to an attacker. A variety of modules can int...

http://www.admin-magazine.com/Archive/2016/33/Multifactor-authentication-with-Google-Authenticato...