In recent years, the need for physical internet security has grown, with websites being comprised constantly, we need a way to identify the real you from the internet you..

Enter the world of Two Factor Authentication. This pairs something you have, and something you know.. in our case, a mobile phone and a password.

Imagine signing into a website, after you put your username and password in the website sends you a SMS message or a quick voice call to actually make sure its you.

Using Twilio as the SMS / voice gateway this is possible and really easy to implement, particularly into a PHP server.

You will need:

  1. A Twilio Account – with Twilio Phone number
  2. A PHP webserver
  3. A copy of the TwoFactor Auth script found at: https://github.com/dotmat/TwilioTwoFactorAuth

If you haven’t already, please sign up for a trial account at Twilio : https://www.twilio.com/try-twilio

Once you have signed up you will need to edit the file: TwoFactorAuthProcessor.php placing your AccountSID, Auth Key and Twilio phone number in the top part of the file.

I have included in the git a quick index page that you can fill in, the page will make a HTTP POST to the processor and generate a two-factor passcode which it will either call or SMS to your phone.

Using Two-Factor authentication on your website will make your service more secure and provide peace of mind to your customers / users that even with a security breach, your users remain safe and malicious users are not able to gain access to your platform as they do not have the end users phone – something needed to pickup the two factor key.