What is the implementation of Google verification (Google Authenticator)?

Source: Internet
Author: User
Tags otpauth

Copyright belongs to the author.
Commercial reprint please contact the author for authorization, non-commercial reprint please specify the source.
Xu Xiaohua
Links: http://www.zhihu.com/question/20462696/answer/18731073
Source: Know

When you turn on Google Login Two step verification (ie Google Authenticator service), users need to enter an additional one-time password generated by the mobile client when they log in.

Implementing the Google Authenticator feature requires server-side and client support. The server side is responsible for generating the key, verifying that the one-time password is correct. A one-time password is generated after the client logs the key.

Currently the client has:
Android version: Google authenticator
iOS version:https://itunes.apple.com/cn/app/google-authenticator/id388497605

Implementation principle:

First, when users need to open Google Authenticator services,
1. The server randomly generates a key similar to "DPI45HKISEXU6HG7" and saves the key in the database.
2. Display a QR code on the page with a URI address (otpauth://totp/account secret= key), such as "Otpauth://totp/[email protected]?secret= Dpi45hcebcjk6hg7 ",:
<img src= "https://pic1.zhimg.com/d37d311d9464d4c24a37e70d541364bc_b.jpg" data-rawwidth= "200" data-rawheight= "class=" Content_image "width=" >
3. The client scans the QR code and saves the key "Dpi45hkisexu6hg7" on the client.

Second, when users need to log in
1. The client uses the key "Dpi45hkisexu6hg7" and the timestamp every 30 seconds to generate a 6-digit one-time password, such as "684060", through an "algorithm". such as the Android version of the interface:
<img src= "https://pic1.zhimg.com/c2056261a0b106af19517697887c0b38_b.jpg" data-rawwidth= "281" data-rawheight= "398" class= "Content_image" width= "281" >
2. Enter the one-time password "684060" when the user logs in.
3. The server side uses the key "Dpi45hkisexu6hg7" and the timestamp saved in the database to generate a 6-digit one-time password through the same "algorithm". We all know the control variable method, if the algorithm is the same, the same key, and the same time (the same time stamp), then the client and the server computed the same-one password is the same. If the server verifies the same, the login succeeds.

Tips:
1. This "algorithm" is public, so the server side also has a lot of open-source implementations, such as the PHP version:https://github.com/phpgangsta/googleauthenticator 。 Search for Google Authenticator on GitHub to find more language versions of Google Authenticator.
2. So, you can easily add support for Google Authenticator on your project, and displaying multiple accounts on one client can look at the Android interface above. Currently Dropbox, LastPass, WordPress, even VPS and other third-party applications are supported by Google Authenticator login, please search by yourself.
3. Real life, net silver, network game entity dynamic Password Card actually the principle is similar, we can self-brain fill, thank you.
<img src= "https://pic2.zhimg.com/fc0617ba6b2062bec68c87eb481d25c1_b.jpg" data-rawwidth= "302" data-rawheight= "144" class= "Content_image" width= "302" >

What is the implementation principle of

Google Authenticator?

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.