Almost two years ago I had written a tutorial around 2FA in a Node.js API with time-based one-time passwords. If you’re unfamiliar, two-factor authentication is becoming the norm, which it wasn’t necessarily back in 2017. If you’re managing user accounts in your web applications, it is critical that you offer your users a second factor of authentication to prevent phishing and malicious login attempts.
While the previous tutorial is still valid, it uses a less popular library to accomplish the task. This time around we’re going to explore using a more popular library called Speakeasy to manage two-factor authentication (2FA) within our Node.js with Express.js application.Read More
I am pleased to announce that the latest episode of The Polyglot Developer Podcast is now available on pretty much every popular podcast network. This episode, which is episode 25 of the show, is all about two-factor authentication (2FA) and the things you should be familiar with when it comes to implementing it in your web applications.
In this episode titled, Securing Applications with a Second Factor of Authentication, I’m joined by Luke Walker who is a Solutions Architect at Yubico. In case you’re unfamiliar, Yubico creates the very popular YubiKey which is often featured on technology news outlets as being an incredible hardware token for protecting users from malicious circumstances.
When it comes to 2FA, there are many approaches. These approaches can consist of SMS, push notifications, time-based one-time passwords, U2F, or even the new FIDO2. If you’re interested in learning about each, this episode of the podcast should give you some insight before you try to implement them.Read More
When it comes to authenticating users for making use of your API, it is a good idea to add an extra step beyond standard username and password. This is called two-factor authentication (2FA) and it acts as a second layer of security for users making use of your application.
Not too long ago I had written about adding 2FA to a RESTful API created with Node.js and Express Framework, but what if we wanted to do it in Golang? The logic isn’t any different, just a new syntax for a new language.
We’re going to see how to add two-factor authentication to a Golang API that makes use of Json Web Tokens (JWT).Read More
Not too long ago I wrote about authenticating within a Node.js API using Json Web Tokens (JWT). The basis of the example is around authenticating via a username and password and receiving a JWT for every future request against the API. While that example is incredibly useful and follows best practice, it doesn’t cover the scenario where you’d like to have a two-factor authentication (2FA) option for your users. In case you’re unfamiliar, 2FA is a second layer of protection for accounts made possible by a time-based token generated by a shared secret key.
We’re going to see how to add a two-factor authentication option to our Node.js API while continuing to use Json Web Tokens.Read More
OTP Safe for Android and iOS has just been released in the Google Play and iTunes app stores. OTP Safe makes use of the time-based one-time password (TOTP) algorithm common for two-factor authentication (2FA) for websites and other applications.Read More