Home > Others

What is the implementation of Google verification (Google Authenticator)?

Source: Internet
Author: User
Tags otpauth
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Copyright belongs to the author.
Commercial reprint please contact the author for authorization, non-commercial reprint please specify the source.
Xu Xiaohua
Links: http://www.zhihu.com/question/20462696/answer/18731073
Source: Know

When you turn on Google Login Two step verification (ie Google Authenticator service), users need to enter an additional one-time password generated by the mobile client when they log in.

Implementing the Google Authenticator feature requires server-side and client support. The server side is responsible for generating the key, verifying that the one-time password is correct. A one-time password is generated after the client logs the key.

Currently the client has:
Android version: Google authenticator
iOS version:https://itunes.apple.com/cn/app/google-authenticator/id388497605

Implementation principle:

First, when users need to open Google Authenticator services,
1. The server randomly generates a key similar to "DPI45HKISEXU6HG7" and saves the key in the database.
2. Display a QR code on the page with a URI address (otpauth://totp/account secret= key), such as "Otpauth://totp/[email protected]?secret= Dpi45hcebcjk6hg7 ",:
<img src= "https://pic1.zhimg.com/d37d311d9464d4c24a37e70d541364bc_b.jpg" data-rawwidth= "200" data-rawheight= "class=" Content_image "width=" >
3. The client scans the QR code and saves the key "Dpi45hkisexu6hg7" on the client.

Second, when users need to log in
1. The client uses the key "Dpi45hkisexu6hg7" and the timestamp every 30 seconds to generate a 6-digit one-time password, such as "684060", through an "algorithm". such as the Android version of the interface:
<img src= "https://pic1.zhimg.com/c2056261a0b106af19517697887c0b38_b.jpg" data-rawwidth= "281" data-rawheight= "398" class= "Content_image" width= "281" >
2. Enter the one-time password "684060" when the user logs in.
3. The server side uses the key "Dpi45hkisexu6hg7" and the timestamp saved in the database to generate a 6-digit one-time password through the same "algorithm". We all know the control variable method, if the algorithm is the same, the same key, and the same time (the same time stamp), then the client and the server computed the same-one password is the same. If the server verifies the same, the login succeeds.

Tips:
1. This "algorithm" is public, so the server side also has a lot of open-source implementations, such as the PHP version:https://github.com/phpgangsta/googleauthenticator 。 Search for Google Authenticator on GitHub to find more language versions of Google Authenticator.
2. So, you can easily add support for Google Authenticator on your project, and displaying multiple accounts on one client can look at the Android interface above. Currently Dropbox, LastPass, WordPress, even VPS and other third-party applications are supported by Google Authenticator login, please search by yourself.
3. Real life, net silver, network game entity dynamic Password Card actually the principle is similar, we can self-brain fill, thank you.
<img src= "https://pic2.zhimg.com/fc0617ba6b2062bec68c87eb481d25c1_b.jpg" data-rawwidth= "302" data-rawheight= "144" class= "Content_image" width= "302" >

What is the implementation principle of

Google Authenticator?

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
2 step verification google authenticator google authenticator 2 step verification yahoo 2 step verification google authenticator what is use of google analytics code what is stock price of google what is google s version of siri 2fa google authenticator

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More