2 Factor Authentication (2FA) Java code which used the Time-based One-time Password (TOTP) algorithm. You can use this code with the Google Authenticator mobile app or the Authy mobile or browser app.
- See the wikipedia page about TOTP.
- Code available from the git repository.
- Maven packages are published via
- Use
generateBase32Secret()
to generate a secret key in base-32 format for the user. For example:"NY4A5CPJZ46LXZCP"
- Store the secret key in the database associated with the user account.
- Display the QR image URL returned by
qrImageUrl(...)
to the user. Here's a sample which uses GoogleAPIs:
- User uses the image to load the secret key into his authenticator application.
- The user enters the number from the authenticator application into the login form on the web server.
- The web server reads the secret associated with the user account from the database.
- The server compares the user input with the output from
generateCurrentNumberString(...)
. - If they are equal then the user is allowed to log in.
For more details, see the example program.
<dependencies>
<dependency>
<groupId>com.j256.two-factor-auth</groupId>
<artifactId>two-factor-auth</artifactId>
<version>1.3</version>
</dependency>
</dependencies>
See the ChangeLog.txt file.