Skip to content
Advertisement

How to add Google Authenticator to my website?

I have a web app that is Angular2 on the front-end and NodeJS on the back-end. I want to allow clients to use Google Authenticator to make their accounts more secure.

How can I implement/use Google Authenticator in my website? I cannot find an API to use or and tutorials to follow or any libraries to use. Where can I find some resources to do this?

Advertisement

Answer

The key phrase that you’re looking for is “TOTP” (Time-Based One-time Password) – and it is a specification, rather than an API maintained by Google.

At a very high level, your backend will generate a secret that it will share with your users’ Google Authenticator app. At login, both the Authenticator app and your backend with use the stored secret and current time to generate a single-use key. If the keys match, it means that the secrets match, and the user may be logged in.

The SpeakEasy node implementation seems to be pretty popular on github.

Advertisement