In recent years, the need for physical internet security has grown, with websites being comprised constantly, we need a way to identify the real you from the internet you..
Enter the world of Two Factor Authentication. This pairs something you have, and something you know.. in our case, a mobile phone and a password.
Imagine signing into a website, after you put your username and password in the website sends you a SMS message or a quick voice call to actually make sure its you.
Using Twilio as the SMS / voice gateway this is possible and really easy to implement, particularly into a PHP server.
You will need:
- A Twilio Account – with Twilio Phone number
- A PHP webserver
- A copy of the TwoFactor Auth script found at: https://github.com/dotmat/TwilioTwoFactorAuth
If you haven’t already, please sign up for a trial account at Twilio : https://www.twilio.com/try-twilio
Once you have signed up you will need to edit the file: TwoFactorAuthProcessor.php placing your AccountSID, Auth Key and Twilio phone number in the top part of the file.
I have included in the git a quick index page that you can fill in, the page will make a HTTP POST to the processor and generate a two-factor passcode which it will either call or SMS to your phone.
Using Two-Factor authentication on your website will make your service more secure and provide peace of mind to your customers / users that even with a security breach, your users remain safe and malicious users are not able to gain access to your platform as they do not have the end users phone – something needed to pickup the two factor key.