C
C#3mo ago
Strax

2FA? Is it hard to implement?

How hard is it to implement 2FA into a log in. Using something like google Authenticator?
28 Replies
Marvin
Marvin3mo ago
its not hard, just a bit of effort doing all the required endpoints and updating the logic of your already existing ones, but espeically if you only focus on one type of 2FA like google authenticator, its definitely not hard.
Strax
StraxOP3mo ago
Only one is fine not sure if Microsoft has one
Angius
Angius3mo ago
2FA is actually built into Identity
Strax
StraxOP3mo ago
:sadge:
Angius
Angius3mo ago
So if you use that for user accounts, then no need to implement anything
Strax
StraxOP3mo ago
I'm making a web password manager It only has a master password And it's for 1 user Like for a local network
Angius
Angius3mo ago
If you're not using Identity, then it's still stupid easy to do I implemented 2FA easily even back in my PHP days lol
Strax
StraxOP3mo ago
That's what I like to hear :email: but like how to do it Any docs?
Marvin
Marvin3mo ago
i mean i dont know if there is something new better for it, but one library that does all the heavy lifting of actually doing the generating and validating is: https://github.com/BrandonPotter/GoogleAuthenticator
GitHub
GitHub - BrandonPotter/GoogleAuthenticator: Simple, easy to use ser...
Simple, easy to use server-side two-factor authentication library for .NET that works with Google Authenticator and Authy. - BrandonPotter/GoogleAuthenticator
Marvin
Marvin3mo ago
you just have to implement the logic around that in your specific app structure
Strax
StraxOP3mo ago
Thanks! Is there anything for Microsoft Authenticator maybe? Id assume it has better support
Marvin
Marvin3mo ago
havent done microsoft before
Casianm8
Casianm83mo ago
Hei. U can 2fa auth using OTP. Like to send 6 digits code on email or on phone
Strax
StraxOP3mo ago
6 digits On an app sounds easier
Casianm8
Casianm83mo ago
And this is not so hard to make
Strax
StraxOP3mo ago
Because like I wouldn't need email / phone micro services
Casianm8
Casianm83mo ago
To send sms u can use api and send requests with payload data
Marvin
Marvin3mo ago
you shouldnt use sms 2fa anymore nowadays if you build something new
Angius
Angius3mo ago
SMS 2FA is insecure Email 2FA is debatable TOTP is recommended
Strax
StraxOP3mo ago
Time based authentication sounds the easiest Not sure if that's exactly what it's called
Casianm8
Casianm83mo ago
https://github.com/BrandonPotter/GoogleAuthenticator this looks amazing
GitHub
GitHub - BrandonPotter/GoogleAuthenticator: Simple, easy to use ser...
Simple, easy to use server-side two-factor authentication library for .NET that works with Google Authenticator and Authy. - BrandonPotter/GoogleAuthenticator
Casianm8
Casianm83mo ago
to use for Google Auth
Strax
StraxOP3mo ago
I'm looking at it rn!
Casianm8
Casianm83mo ago
Awesome
Strax
StraxOP3mo ago
I hope it still works it hasn't been updated in a while I'll update you guys later today Thanks for the help everyone
Marvin
Marvin3mo ago
i use it for one project and still works, last update was Jan 12. And google authenticator isnt really changing much often
Strax
StraxOP3mo ago
:blobthumbsup:
sibber
sibber3mo ago
google authenticator and microsofts all support the same TOTP protocol you dont implement it for a specific authenticator, you just implement totp 2fa
Want results from more Discord servers?
Add your server