Over a million developers have joined DZone.

No Tears 2-Factor Auth in Rails

DZone's Guide to

No Tears 2-Factor Auth in Rails

Free Resource

Learn how API management supports better integration in Achieving Enterprise Agility with Microservices and API Management, brought to you in partnership with 3scale

Google Apps, Apple IDs, Yahoo…  All of these large scale online services have two-factor authentication.  I have to admit, I haven't taken advantage of this so far but I seriously intend to get around to it.  It makes your account exponentially more secure.

However, lots of smaller apps are not getting around to making this feature.  I don't see two-factor auth being a problem for users if you make it optional.  Understandably, some people won't trust a company asking for your phone number, which is a common 2nd-factor along with a password.

Is it too difficult then?  Too difficult to build this feature?  Not if you read this sweet new tutorial by Roberto Miranda: Effortless Two-Factor Authentication in Rails

He builds this feature 'effortlessly' with the help of the new ActiveModel::Otp gem.  Otp stands for One-Time-Password, a key component of two-factor auth.  The library also works with Google Authenticator iPhone and Android app.  And it also makes it dead simple to use QR codes with the authentication process, which is demoed in the article.

Like any flashy Ruby program, the code snippets in this tutorial do a ton of stuff with only 3 or 4 lines of code.  Well done Ruby.  I guess you can go bake a cake with all that time you've saved

Unleash the power of your APIs with future-proof API management - Create your account and start your free trial today, brought to you in partnership with 3scale.


Opinions expressed by DZone contributors are their own.


Dev Resources & Solutions Straight to Your Inbox

Thanks for subscribing!

Awesome! Check your inbox to verify your email so you can start receiving the latest in tech news and resources.


{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}