Member-only story
How To Implement Two-Factor Authentication Using Node.js and Vue 3
With time-based one-time password (TOTP)
Last week, our product owner asked what it would take to add two-factor authentication to our system. We use Azure Active Directory, which means configuring an extra policy via the Azure portal. This was all we needed to do to enable two-factor authentication.
Triggered by the question of the product owner, I thought it was also time to add two-factor authentication to my side project. I wanted to use a common way of adding two-factor authentication, a Time-based One-Time Password.
This article describes how I used Node.js and Vue.js to implement two-factor authentication in my side project.
You can find the complete source code of the back-end and the front-end in this GitHub repository.
Two-factor Authentication
Two-factor or multi-factor authentication (MFA) is becoming a de facto standard for IT systems. You likely already use several MFA accounts, for example, from Google, GitHub, or Apple. If not, you should enable it!
Multi-factor authentication is a process where a user has to provide many forms of identification during a sign-in event. This could be a cell phone code or a fingerprint scan.
By asking a user for extra identification, you increase the security of your system. It becomes more difficult for an attacker to get or duplicate this other identification.
The difference between two-factor and multi-factor is that two-factor always uses two forms of identification. Multi-factor authentication could involve two or three. In this article, we will implement two-factor authentication.
Time-based One-Time Password (TOTP)
Time-based One-Time Password (TOTP) is a common way of two-factor authentication. It uses an algorithm that generates a token based on the current time. A recent study showed that TOTP is one of the most user-friendly two-factor authentication techniques. The image below shows the process of TOTP.
