Using two pass authentication in your application

Google introduced a 2-step authentication some time ago. With the 2-step authentication, the user is asked for a token after successfully logging in with you username/ password. Such token is provided by some application and is usually short lived.

Google is implementing the  IETF RFC6238 time-based one-time-password standard. The interesting part is: we can use google’s token generating clients to implement the same layer of security within our applications.

The following blog explains how to configure the mobile client and how to validate the generated tokens in your app.

A pluggable authentication module (PAM) to be used with the same client infrastructure can be found here.

Short URL for this post:
This entry was posted in Did you know?, Security and tagged , , . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *