Enterprise Integration Zone is brought to you in partnership with:

Mitch Pronschinske is the Lead Research Analyst at DZone. Researching and compiling content for DZone's research guides is his primary job. He likes to make his own ringtones, watches cartoons/anime, enjoys card and board games, and plays the accordion. Mitch is a DZone Zone Leader and has posted 2576 posts at DZone. You can read more from them at their website. View Full User Profile

No Tears 2-Factor Auth in Rails

07.18.2013
| 2958 views |
  • submit to reddit
Google Apps, Apple IDs, Yahoo…  All of these large scale online services have two-factor authentication.  I have to admit, I haven't taken advantage of this so far but I seriously intend to get around to it.  It makes your account exponentially more secure.

However, lots of smaller apps are not getting around to making this feature.  I don't see two-factor auth being a problem for users if you make it optional.  Understandably, some people won't trust a company asking for your phone number, which is a common 2nd-factor along with a password.

Is it too difficult then?  Too difficult to build this feature?  Not if you read this sweet new tutorial by Roberto Miranda: Effortless Two-Factor Authentication in Rails

He builds this feature 'effortlessly' with the help of the new ActiveModel::Otp gem.  Otp stands for One-Time-Password, a key component of two-factor auth.  The library also works with Google Authenticator iPhone and Android app.  And it also makes it dead simple to use QR codes with the authentication process, which is demoed in the article.

Like any flashy Ruby program, the code snippets in this tutorial do a ton of stuff with only 3 or 4 lines of code.  Well done Ruby.  I guess you can go bake a cake with all that time you've saved