Two-Factor Authentication

Brief:
Two-Factor Authentication is specific to Login. It includes adding your username and password with a temporary password. Once you enter your username and password, we will proceed to next screen and ask for OTP to be entered. So system will send you a temporary password on your personal email/phone and you need to enter it to your account and successfully login. Now a days some other devices- like MI band, yahoo uses vibration mode on mobile, Some app needs QR Code Scan. etc

How It Works:
 
In one of our project, we used Two-Factor Authentication. We have created a simple library file which will contain the function to generate the OTP (One Time Password). As we have used role based system, we have created a flag which can decide where to enable or disable the Two-Factor Authentication for that role (We can also do this for user specific)

If flag set to TRUE or 1, then create a secrete key with SHA1 algorithm with using encryption. On using that secrete key we generate the OTP (One time password) send it to registered mobile with the system, or we can also send the same OTP through mail and then only allow user to login. Otherwise block the user.

<?php


public function createSecret($secretLength = 16)
{
    $validChars = $this->_getBase32LookupTable();
    unset($validChars[32]);
    $secret = '';
    for ($i = 0; $i < $secretLength; $i++) {
        $secret .= $validChars[array_rand($validChars)];
    }
    return $secret;
}


public function getCode($secret, $timeSlice = null)
{
    if ($timeSlice === null) {
        $timeSlice = floor(time() / 30);
    }
    $secretkey = $this->_base32Decode($secret);
    // Pack time into binary string
    $time = chr(0).chr(0).chr(0).chr(0).pack('N*', $timeSlice);
    // Hash it with users secret key
    $hm = hash_hmac('SHA1', $time, $secretkey, true);
    // Use last nipple of result as index/offset
    $offset = ord(substr($hm, -1)) & 0x0F;
    // grab 4 bytes of the result
    $hashpart = substr($hm, $offset, 4);
    // Unpak binary value
    $value = unpack('N', $hashpart);
    $value = $value[1];
    // Only 32 bits
    $value = $value & 0x7FFFFFFF;
    $modulo = pow(10, $this->_codeLength);
    return str_pad($value % $modulo, $this->_codeLength, '0', STR_PAD_LEFT);
    }
}

public function setCodeLength($length)
{
    $this->_codeLength = $length;
    return $this;
}

protected function _getBase32LookupTable()
{
    return array(
    'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', // 7
    'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', // 15
    'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', // 23
    'Y', 'Z', '2', '3', '4', '5', '6', '7', // 31
    '=' // padding char
    );
}


?>

Podcast

Michael Patterson sat down with the CEO of Boston Byte, Mustapha Shaikh to discuss the significance and rapid digitization of the healthcar...