Implement 2fa and OTP with node.js without headaches

Introduction

If you ask a cyber security expert the weakest form of authenticating users on Internet, their answer will be “password”.

Password alone is the weakest form of authentication and identification online.

For that particular reason, Two (multi) factory authentication or 2FA for short was introduced. It helps identifying the visitor on your application with multiple factors which cannot be faked (at least not easily). With the growing technology uses, many authentication solutions were introduced. One such example is google authenticator and official national solutions such as “its me” for Belgian users and “Smart ID” for Estonians. This post explains in great detail why one time password is something you should be implementing in your applications.

Use case

Like the post mentioned above from medium stated, one time password is basically becoming an essential tool to address the concern of security over the Internet. Such cases with examples but not limited to includes:

  • Finance: Banks verify their customers on every transactions to ensure the authenticity of the transaction.
  • Business : Businesses can implement OTP to avoid leaking private and sensitive information.
  • Healthcare: Healthcare can authenticate patients with OTP before disclosing private medical records being HIPAA compliant.

And the list goes on for every industry, literally!

Until now, implementing 2fa or one time pin (OTP for short) was a cumbersome solution. A developer had to program the logic to generate the code, setup an expiration algorithm, storing the pin for verification in some sort of database (redis?), verifying the customer and invalidating pins, etc. Meet nomado!

Action!

I guess thats enough non-tech for this technical story and lets head back to what we loves most: code!

nomado takes almost all the burden from developers and you can use 2fa and OTP without implementing most of the things listed above.

not just smart, but easy too!

In order to use their service, just signup with them at https://my.nomado.eu/join and you will receive a quick instant account to test with 10€ free credit. If your project is unique, speak with their account manager and they will gladly offer lucrative package. As of right now, they are charging only €0,09 per sms worldwide.

Once you have an account, all you need is to generate a post request to their API to generate or verify the tokens.

Link to their SDK : https://github.com/nomadovoip/nomado-node

Following code will generate your 2fa or OTP token and send it to your users via sms :

2fa and OTP in action!

I swear it is that simple! You do not need even need to store your generated code anywhere. Its not only easy, but smart too! look at the options nomado supports. Practically speaking, it covers almost everything required from simple to complex OTP generation.

Verify OTP

Now, lets try to verify the token. After all, without being able to verify it later is pretty useless.

Verifying OTP without implementing database!

Woho! we just implemented 2fa without headaches. its that simple!

Not only 2fa or OTP, the same account and sdk can be used to send reminders, notifications and other communication but thats a topic for another time.

the best part about our solution is our support. We are a family of engineers and programmers who you can call on live chat support for instant troubleshooting and integration support.

So, what else do you think can be done with this One time Password (Or I love to call it: OTP as a service!)?