Gone are the days of SecureID OTP tokens costing an arm and a leg, and being just for Enterprise.
My own WP site here is protected with Google Authenticator, and there is no excuse for not doing the same on yours. Just grab the awesome WP Google Authenticator plugin and you will be good to go.
My favourite iOS App for this is the awesome Authy but there are plenty out there.
But the world doesn’t run on WordPress, suppose you want to do it yourself in a LAMP site…
Grab a copy of the PHPGangsta class
Creating users:
$ga = new PHPGangsta_GoogleAuthenticator(); $secret = $ga->createSecret(); echo "Your OTP Secret is: ".$secret."\n\nIt is probably a good idea to take a note of this"; echo "\nPlease scan in the QR code to setup your OTP "; $qrCodeUrl = $ga->getQRCodeGoogleUrl('MyApp', $secret); <IMG SRC='<?php echo $qrCodeUrl?>'> <BR> <?php $oneCode = $ga->getCode($secret); $checkResult = $ga->verifyCode($secret, $oneCode, 2); // 2 = 2*30sec clock tolerance if ($checkResult) { echo 'OK'; $sql="UPDATE localusers set GASecret='" . $secret . "' WHERE id=" . $userRow['id']; mysqli_query($link,$sql); } else { echo 'FAILED'; }
Authenticating users:
if(!isset($userRow['GASecret']) || !isset($_REQUEST['e'])) { // Impossible to Authenticate header('HTTP/1.1 401 Authentcation Impossible'); header('Content-Type: application/json; charset=UTF-8'); die(json_encode(array('message' => 'ERROR', 'code' => 1337))); } else { // Try to authenticate $ga = new PHPGangsta_GoogleAuthenticator(); $checkResult = $ga->verifyCode($userRow['GASecret'], $_REQUEST['e'], 2); // 2 = 2*30sec clock tolerance if($checkResult) { session_write_close(); session_start(); $_SESSION['OTP'] = 1; session_write_close(); $result="Authenticated"; header('Content-Type: application/json'); die(json_encode($result)); } else { header('HTTP/1.1 401 Authentcation Failed'); header('Content-Type: application/json; charset=UTF-8'); die(json_encode(array('message' => 'ERROR', 'code' => 1337))); }
Obviously these are just snippets, which will never actually run for you, but you get the general idea.
It is so easy, it is just rude not to.
Leave a Reply