I’ve been running the websec.io site for a few months now and have written up articles on a pretty wide range of topics. Recently, though, I had a lot of fun working up a series of posts (three of them) about implementing two-factor authentication in your PHP applications. I went through three different methods (two API-based services and Google Authenticator) and wrote up articles about using them. These posts were also accompanied by some custom development work I posted over on Github. The idea was to lower the bar as far down as possible and make it dead easy to implement in any application.
They’ve all been posted on Packagist so they’re easy to install. Here’s the articles and the links to their respective code:
- Easy Two-Factor Authentication with Authy (code, the library is theirs I just made a pull request to update it)
- Two-Factor Integration with Duo Security (code)
- Google’s Two-Factor Auth – Online or Offline (code)
I also recently posted a script I was playing with to connect to the Twilio API and send an SMS message, but I never got around to writing something up. It’s not technically two-factor auth as it dosen’t hook into any user or authentication system, but it might be useful for someone wanting to try them out – here’s that code.
Hopefully you’ll find some use in these articles – I had fun doing them and I hope that seeing how easy it is to implement them (especially the Google option that’s independent of any service) you’ll consider them for your applications. And, of course, feel free to check out the other articles on websec.io for other goodies.