Almost two years ago I had written a tutorial around 2FA in a Node.js API with time-based one-time passwords. If you’re unfamiliar, two-factor authentication is becoming the norm, which it wasn’t necessarily back in 2017. If you’re managing user accounts in your web applications, it is critical that you offer your users a second factor of authentication to prevent phishing and malicious login attempts.
While the previous tutorial is still valid, it uses a less popular library to accomplish the task. This time around we’re going to explore using a more popular library called Speakeasy to manage two-factor authentication (2FA) within our Node.js with Express.js application.Read More
I am pleased to announce that the latest episode of The Polyglot Developer Podcast is now available on pretty much every popular podcast network. This episode, which is episode 25 of the show, is all about two-factor authentication (2FA) and the things you should be familiar with when it comes to implementing it in your web applications.
In this episode titled, Securing Applications with a Second Factor of Authentication, I’m joined by Luke Walker who is a Solutions Architect at Yubico. In case you’re unfamiliar, Yubico creates the very popular YubiKey which is often featured on technology news outlets as being an incredible hardware token for protecting users from malicious circumstances.
When it comes to 2FA, there are many approaches. These approaches can consist of SMS, push notifications, time-based one-time passwords, U2F, or even the new FIDO2. If you’re interested in learning about each, this episode of the podcast should give you some insight before you try to implement them.Read More
Not too long ago I wrote about authenticating within a Node.js API using Json Web Tokens (JWT). The basis of the example is around authenticating via a username and password and receiving a JWT for every future request against the API. While that example is incredibly useful and follows best practice, it doesn’t cover the scenario where you’d like to have a two-factor authentication (2FA) option for your users. In case you’re unfamiliar, 2FA is a second layer of protection for accounts made possible by a time-based token generated by a shared secret key.
We’re going to see how to add a two-factor authentication option to our Node.js API while continuing to use Json Web Tokens.Read More
Not too long ago I released a time-based one-time password manager called OTP Safe to Google Play and iTunes. That particular application was built with Ionic Framework and I even wrote a tutorial explaining how to make a similar 2FA manager with Ionic 2. Being a hybrid mobile application, there were some performance limitations that came with the Ionic 2 application. This inspired me to convert the application to something native and NativeScript seemed like a solid solution.
Let’s take time-based one-time password management to the next level and create a native mobile application with NativeScript and Angular.Read More
A few years back I created an Android and iOS application called OTP Safe that managed time-based one-time passwords. This application was made with the first version of Ionic Framework and at the time was great because it accomplished more than the Google Authenticator application. Now that Ionic 2 is approaching stable release, it seemed like a cool idea to take this one-time password application and build it with the latest and greatest including Angular.
We’re going to see how to create an iOS and Android time-based one-time password manager using Ionic 2, Angular, and TypeScript.Read More
If you’ve been keeping up with my work, you’ll remember in 2014 I released an app called OTP Safe for Android and iOS. This was a hybrid application created with Ionic Framework, that manages time-based one-time passwords (TOTP) commonly used for two-factor authentication (2FA).
I’m starting 2015 off with a bang by releasing my first ever Google Chrome extension. OTP Safe for Chrome was designed to mimic the functionality of the iOS and Android versions, but for laptop and desktop computers.Read More
Using the following resources as our framework, we can make use of the TOTP algorithm quickly and easily: