Over a million developers have joined DZone.

No Tears 2-Factor Auth in Rails

DZone's Guide to

No Tears 2-Factor Auth in Rails

· Integration Zone ·
Free Resource

Want to learn more about API monitoring? Learn how Trustpilot monitors over 600 microservices with Runscope on this webinar.

Google Apps, Apple IDs, Yahoo…  All of these large scale online services have two-factor authentication.  I have to admit, I haven't taken advantage of this so far but I seriously intend to get around to it.  It makes your account exponentially more secure.

However, lots of smaller apps are not getting around to making this feature.  I don't see two-factor auth being a problem for users if you make it optional.  Understandably, some people won't trust a company asking for your phone number, which is a common 2nd-factor along with a password.

Is it too difficult then?  Too difficult to build this feature?  Not if you read this sweet new tutorial by Roberto Miranda: Effortless Two-Factor Authentication in Rails

He builds this feature 'effortlessly' with the help of the new ActiveModel::Otp gem.  Otp stands for One-Time-Password, a key component of two-factor auth.  The library also works with Google Authenticator iPhone and Android app.  And it also makes it dead simple to use QR codes with the authentication process, which is demoed in the article.

Like any flashy Ruby program, the code snippets in this tutorial do a ton of stuff with only 3 or 4 lines of code.  Well done Ruby.  I guess you can go bake a cake with all that time you've saved

Are your customers the first to know when your API is failing? Watch this webinar to learn how Trustpilot monitors over 600 microservices with Runscope, and are always on top of any API errors.


Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}