![]() I also added a method to generate a registration QR code on the server using the Zxing library instead of using a Javascript library on the client. I changed the generateKey() method to use a randomly generated seed instead of an argument. ![]() I made a few small changes to it for my use. I decided to use the CFML library even though it had not been updated for a while mainly because it would be a little easier to use in CFML. I also found this CFML component along with a blog post on using it. There is a Java library named GoogleAuth for working with TOTP. The server verifies the TOTP is valid and authenticates the userįirst, did some research to see what libraries were available to handle the TOTP creation and verification.The user enters the TOTP in the application authentication form and submits.The user opens an app such as Google Authenticator on their mobile device to get the TOTP.Upon verification, the application then prompts them to enter a TOTP for the 2nd-factor authentication.User will submit their username/password combination to the server via an authentication form. ![]() A process for doing 2-Factor authentication with TOTP will typically look something like this. This is typically about 30 seconds.There are mobile applications that can generate these one-time passwords to act as a second authentication method. TOTP uses a shared key to generate a one-time password that is only valid for a short amount of time. What is Time-based One-time Password Algorithm (TOTP)? For this example I am using a demo application running on the Coldbox MVC framework. There are also many mobile applications available for generating one-time passwords on your mobile device. I wanted to see how difficult it would be to implement 2-Factor authentication (2FA) in a CFML application I decided to try to implement use the Time-based One-time Password Algorithm since it has been used as a 2nd-factor for authentication for awhile. Jason Steinshouer about blog projects Scroll Down Two-Factor Authentication with TOTP and CFML CFML and Security May 26, 2019
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |