Implementing TOTP-based Two Factor Authentication

Here is the story of how to implement a 2FA Authentication.

Firstly, What is Two Factor Authentication?

Two-factor authentication (2FA) is an identity and access management security method that requires two forms of identification to access resources and data. (Microsoft)

There are different types of 2FA authentications.

Some of them are;

• Email-based 2FA
• SMS-based 2FA
• Voice-based 2FA
• Software token/TOTP-based 2FA
• Bio-metrics based 2FA
• As a Push Notification
• Hardware Token-based 2FA

In this article, I implement TOTP-based 2FA.

The TOTP algorithm

The algorithm uses a form of symmetric key cryptography: the same key is used by both parties to generate and validate the token.

The TOTP algorithm follows an open standard documented in RFC 6238. The inputs include a shared secret key and the system time.