Two Factor Authentication - how to send the One Time Passcode?

Question

User-29703693 posted

I have a web application that uses web forms.  I'm thinking about using two factor authentication for increased security.  I could write the code myself to generate the one time passcode but I'm wondering how I could send this to the user.  I could use a service like Twillio to send it via SMS but am considering using an app instead.  Any suggestions on an easy way to implement?

Answer 1

User475983607 posted

A cell phone number and/or email address are the most common second forms of user verification.  

I could use a service like Twillio to send it via SMS but am considering using an app instead

Can you tell us what app you plan to use as a second form of authentication?  

Answer 2

User-29703693 posted

A cell phone number and/or email address are the most common second forms of user verification.  

bank5

I could use a service like Twillio to send it via SMS but am considering using an app instead

Can you tell us what app you plan to use as a second form of authentication?  

I could set it up by emailing the OTP.  However, if someone's email account is compromised, that would give the hacker access to our system because the password reset is also sent via email.  So cell phone number would be more secure.  

As for specific apps, I don't have one in mind.  Possibly Duo, but I'd be open to suggestions