Ask A Question

Notifications

You’re not receiving notifications from this thread.

2 Factor Authentication

Shaun Fahey asked in Gems / Libraries

Hey Chris. This would be good for a screencast, well i'd like to see it for sure!
https://github.com/tinfoil/devise-two-factor

Reply

Yes! I've actually had this on my list to cover really soon. I'm going to try to squeeze it in after the Rails 5 videos I want to cover. This is becoming so common, it'd be really important to have a video on it!

Reply

Good. I'm glad you liked the idea :-) It's becoming really important to have an extra layer of security with loads of different sites getting compromised these days. I'm looking forward to that tutorial.

Reply

Oh definitely! I had an account with a trivial password get hacked recently that made me think about how good a two factor auth tutorial would be for GoRails. Gonna get on that!

Also, do you know if this gem uses Twilio for a backend or is it generic in that it could support anything? I haven't looked at this much.

Reply

2 Factor Authentication has saved me recently with a couple of attempts on my PayPal and Twitter accounts, but as I use a YubiKey I was ok. To answer your question i've only had a quick look at the gem, but they use this https://github.com/samvincent/rqrcode-rails3 gem to generate the QR-code representing the user's secret key.

However, they also talk about sending an SMS, not sure if that's Twilio and you can also use a mobile application such as Google Authenticator for the key. Personally I think it would make a great series, making an app that stores sensitive information/data and takes a payment or something like that.

I'm off to bed now, it's 22:30 in the UK.

Reply

Oh cool, I'll definitely give it a look. I think that would be really awesome to support Google Authenticator, SMS, etc. I imagine this gem is designed to be fairly generic so you can support whichever you need.

Reply
Join the discussion
Create an account Log in

Want to stay up-to-date with Ruby on Rails?

Join 83,038+ developers who get early access to new tutorials, screencasts, articles, and more.

    We care about the protection of your data. Read our Privacy Policy.