Securing Login Access with Google Authenticator

Hi guys.

Have any of you secured access to restricted areas of your php sites e.g. admin/user login, by implementing a 2FA process?
(I’m specifically talking about raw sites, rather than cms backend).

I believe that there is a composer package [sonata] that accommodates this and I’m about to start looking into it, but interested to hear guidance/tips from others who have perhaps already done this.

Thanks in advance

/Danny

Well, there is a lot of ways to do that. I have no experience it that area. Never needed to handle it.
But, Google has a lot of info on it. Just google with “php how to add 2FA security” and you will find
tons of info on how to do it. GitHub has a library for it. The trickiest part is creating the secret key
for your server. But, that is explained in the GitHub article. Might work for you. TFA-GitHub

Thanks, ErnieAlex

I am actually learning to and getting into the habit of using Composer, so I have been having a poke around the Packagist repository.

I found the Sonata g2fa library so I have been playing around with that.

I am making an assumption that relying on Composer and the code libraries within Packagist have no security implications.

I am also now wondering whether the Google Authenticator method is as secure as I expected it to be.

I guess with a well written and securely hashed login script, supported by the Google 2FA method as a second layer, it should be considered reasonably secure at the very least.
At the end of the day, I guess all security is breakable, it will come down to how important it is to make it worth the effort of stealing!

/Danny

Just an update that I managed to get this working a treat with the Sonata library.

Good for you! Always nice to solve a programming puzzle… Thanks for letting us know!

Sponsor our Newsletter | Privacy Policy | Terms of Service