How To Setup Two Factor Authentication in Laravel

Two Factor Authentication

Introduction Two Factor Authentication

Two Factor Authentication (2FA), often referred to as Two-Step-Verification, is a security process in which the user provides two authentication factors to verify they are who they say they are.
Two-Factor Authentication provides an additional layer of security that makes it harder for attackers to gain access to person’s device and online accounts because knowing the victim’s password is alone is not enough to pass the authentication check.

The current tutorial of setting up Two Factor Authentication Package is based on Time Based One Time Password (TOTP) described RFC6238.
So Let’s get started.
If you’re working on a Laravel project then why not give your users an option to set Two Factor Authentication for their account and add an extra security layer on your product and user’s online account.

Prerequisite

  • PHP >= 7
  • Laravel Framework >= 5.3

Installation

To install the package we are going to use composer package installer.

$ composer require thecodework/two-factor-authentication

Setup

1. Add Service Provider

After installing the laravel package you need to add the package’s service provider class TwoFactorAuthenticationServiceProvider::class into your app’s service provider array.

[
 'providers' => [
    //... 
    Thecodework\TwoFactorAuthentication\TwoFactorAuthenticationServiceProvider::class
  ]
]

2. Publish Config File

After adding the TwoFactorAuthenticationServiceProvider class you can now publish the package’s config file where you can configure basics settings. To publish config file type and hit enter

php artisan vendor:publish --provider="Thecodework\TwoFactorAuthentication\TwoFactorAuthenticationServiceProvider" --tag=config

Once the config file is published, you will be able to see the published config file 2fa-config.php in the config directory of your application.
Now the recommended settings are predefined and you can change he Account Name which will show on the Authenticator App. To change the account name open 2fa-config.php file and look for account_name key

'account_name' => 'Thecodework 2FA', //and change it to anything you want.

3. Add AuthenticatesWith2FA Trait

After configuring your application simply go to LoginController of your application and add AuthenticatesWith2FA trait.

use AuthenticatesUsers, AuthenticatesUsersWith2FA {
    AuthenticatesUsersWith2FA::authenticated insteadof AuthenticatesUsers;
}

4. Run Migration

Now after configuring the application and adding AuthenticatesUsersWith2FA trait, its time to run migration. To run migration

$ php artisan migrate

This will add the necessary column into your user’s table.
After running the migration you’re ready to dive into the application and setup Two Factor Authentication for your user.

5. Enable Two Factor

To enable 2FA for your own account, you’ll need to login to your account, and visit setup-2fa route, which will show you a barcode image and Enable Two Factor Authentication button.
For Example

http://project-url/setup-2fa
Setup Two Factor Authentication

]4 Setting up Two Factor Authentication

Scan the barcode using – Google Authenticator AndroidiOS or Authy mobile app and hit Enable Two Factor Authentication button.

Now 2FA is enabled for the user.
Now log out and try to Login.
After successful login you there will be one more check point asking you to enter Token, like shown below.

Enter TOTP obtained from Goole Authenticator

]8 Token Screen

Enter 6 digit token obtain form Google Authenticator and you’re logged in.