Looking for more information on how to do PHP the right way? Check out PHP: The Right Way

SitePoint PHP Blog:
2FA in Laravel with Google Authenticator – Get Secure!
Nov 01, 2016 @ 10:47:02

On the SitePoint PHP blog there's a tutorial posted from Christopher Thomas showing you how to integrate two-factor authentication into your Laravel application with a Google Authenticator-compatible library, helping to secure your site even better than just one level of authentication and authorization.

In this tutorial, we will use Laravel and Google Authenticator to demonstrate how to implement 2FA in a webapp. Google Authenticator is just one implementation of the Time-Based One-Time Password (TOTP) algorithm, RFC 6238. This industry standard is used in a lot of various 2FA solutions.

[...] How the TOTP works is that the server generates a secret key. This secret key is then passed to the user. The secret key is used in combination with the current Unix timestamp to generate a six digit number, using a keyed-hash message authentication code (HMAC) based algorithm. This six digit number is the OTP. It changes every 30 seconds.

They start with a clean slate and build a new Laravel project out and include the libraries needed for the TFA support: pragmarx/google2fa and paragonie/constant_time_encoding. You then add in the provider to Laravel's config, build out the models/tables to hold the two-factor information and add a few routes to handle the validation steps. They also include the details in building out the controllers, updating the AuthController for the new step in the authentication flow and how to handle the code validation. The code for all of this (as well as the views) is included as well as screenshots showing the setup and usage of the two-factor handling in the standard authentication flow.

tagged: tutorial google authenticator security laravel twofactor authentication

Link: https://www.sitepoint.com/2fa-in-laravel-with-google-authenticator-get-secure/

NetTuts.com:
Using Google Two-Factor Authentication With WordPress
Jan 05, 2015 @ 13:38:39

NetTuts.com has a new tutorial for the WordPress users out there wanting to enhance the security of their application. In it they show you how to set up Google's two-factor authentication as a part of your standard login prompt.

Brute force login attacks targeting WordPress sites are quite common, such as in April 2013 when more than 90,000 sites were targeted. There are a handful of good ways to protect yourself against these attacks: choosing a strong administrator password and installing a plugin that guards against brute force logins, such All in One WP Security or BruteProtect Changing the default wp-admin url with a plugin such as HC Custom URL. However, I prefer to use a two-factor authentication method that requires a code from my phone to complete the login process.

Thanks to a handy WordPress plugin, adding in support is relatively easy. They walk you through the installation of the plugin, activation and how to set up your Google Authenticator (or similar) application on your mobile device via a scannable QR code.

tagged: wordpress twofactor plugin login googleauthenticator

Link: http://code.tutsplus.com/tutorials/using-google-two-factor-authentication-with-wordpress--cms-22263

NetTuts.com:
Integrating Two-Factor Authentication with CodeIgniter
Jun 27, 2011 @ 09:31:05

On NetTuts.com today they have a new tutorial showing you how to use two-factor authentication in your CodeIgniter-based application - a login process combining a username/password and access to a device that's authorized for the account.

Two-factor authentication is a way of proving your identity based on your username and password as well as a physical device that you can carry with you. This makes it much harder for crooks to steal your identity, since they will need access to your phone or hardware token - not just your login credentials.

They've chosen the free service offered by Duo Security that lets you approve the device in several ways including a phone call, SMS tokens and push-based authentication. They walk you through the setup of a Duo account, making an "Integration", grabbing the PHP and Javascript files needed to make it work and changing up your user and administration module to send a bcrypted value to the service. They flesh it out with a new version of the view to include the Duo code and generating the signed request.

tagged: twofactor authentication codeigniter tutorial login duosecurity

Link: