2 Factor Authentication (2FA) Java code which used the Time-based One-time Password (TOTP) algorithm. You can use this code with the Google Authenticator mobile app or the Authy mobile or browser app.
- See the wikipedia page about TOTP.
- Maven packages are published via [Maven Central]
- Use
generateBase32Secret()to generate a (20-byte (160-bit) as default length) secret key in base-32 format for the user. For example:"RIGUTCUXDANCPJ7IFRBB" - Store the secret key in the database associated with the user account.
- Display the QR image URL returned by
qrImageUrl(...)to the user. Here's a sample which uses quickchart.io:
- User uses the image to load the secret key into his authenticator application.
- The user enters the number from the authenticator application into the login form on the web server.
- The web server reads the secret associated with the user account from the database.
- The server compares the user input with the output from
generateCurrentNumberString(...). - If they are equal then the user is allowed to log in.
For more details, see the example program.
<dependencies>
<dependency>
<groupId>com.github.embuc</groupId>
<artifactId>nano2fa</artifactId>
<version>1.11</version>
</dependency>
</dependencies>See the ChangeLog.txt file.