Skip to content

improve READ Me {TOTP Explantion and need of implementation} #3

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

improve READ Me {TOTP Explantion and need of implementation} #3

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
683e1cf
Update readme.md
shubham390 Oct 1, 2020
cc14ada
Update readme.md
shubham390 Oct 1, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
26 changes: 26 additions & 0 deletions readme.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,5 +2,31 @@

This web application demonstrates how to add multi-factor authentication to your web login/signup systems, based on the Time-based One Time Password standard (TOTP).

# TOTP Explantion and need of implementation
Explain-
{If your website features a username+password authentication system, you owe it
to your users to offer 2-factor authentication (or 2fa for short) as an additional
measure of protection for their accounts. If you're unfamiliar with 2fa, it's that
step in the login sequence that asks the user for a (typically) 6-digit numeric code
in order to complete user authentication. The 6 digit codes are either sent to the user's
phone as a text message upon a login attempt or generated by an app such as Google Authenticator.
Codes have a short validity period of typically 30 or 60 seconds. This will show you how
to implement such a system using java in a way that is compatible with Google Authenticator.}


Implementation-
{Your first idea for implementing the server side component of a 2fa system might be to randomly
generate 6 digit codes with short validity periods and send them to the user's phone in response
to a login attempt. One major shortcoming with this approach is that your implementation wouldn't
be compatible with 2fa apps such as Google Authenticator which many users will prefer to use.
In order to build a 2fa system that is compatible with Google Authenticator, we need to know what
algorithm it uses to generate codes. Fortunately, there is an RCF which precisely specifies the algorithm.
RFC 6238 describes the "time-based one-time password" algorithm, or TOTP for short. The TOTP algorithm combines
a one time password (or secret key) and the current time to generate codes that change as time marches forward.
RFC 6238 also includes a reference implementation in java under the commercial-friendly Simplified BSD license.
This tutorial will show you how to use code from the RFC to build a working 2fa system that could easily be adapted
into your java project.}


## Running the example
To run the example just execute `mvn exec:java` in the project folder.