The fight for bigger and better passwords can seem as futile as it is neverending. If hackers can’t guess your password, you probably can’t remember it, either. For the latest in IT Security you can use something other than a password to let your users log in to your website or app.
Two-factor authentication puts a second lock on your door, with a different type of key for your users’ metaphorical keychains. The password is still there, but a second type of authentication is also required. There are a few different types of secondary authentication, which include things like biological indentification via iris scanning or fingerprinting. We’re not going to get quite that involved, though. One of the easiest additional types of authentication to implement is a key based on an item the user owns, typically a smartphone or authenticator key fob.
These objects display one-time-use tokens which must be entered along with the correct password. That way, even if a hacker guesses the password, he or she probably won’t have access to the item that generates the token. Likewise, even if a key fob gets left out in the open, the person looking at it probably won’t also know your user’s password.
If you decide to implement two-factor authentication, one of the most widely used protocols is TOTP, or the time-based one-time password algorithm. This protocol updates a user’s token after a chosen interval of seconds, so it’s constantly changing. A compatible client also has to be installed on the user’s device that generates tokens. To learn more about TOTP, see this article:
http://en.wikipedia.org/wiki/Time-based_One-time_Password_Algorithm
