Member-only story
Add (free) 2FA Authentication with Go
Add Time-Based One-Time Password to your web service.
In 2015, I remember spinning up a droplet on Digitalocean, then opening the Secure Shell Daemon (SSHD) logs (minutes later) and seeing thousands of incoming requests attempting to brute force the server. In the end, I did have some servers breached with a ransom note left as a MongoDb collection entry.
To solve this issue, I moved from text based passwords to certificate authentication. And at some point, I stopped using SSH completely and moved to managed platforms, such as Google Cloud Platform.
On the consumer end, more web services began offering — and sometimes requiring — users to set up a Two-Factor Authentication (2FA) method, which proved more practical than having users carry around RSA certificates for authentication.
There is a form of 2FA that calculates a One-Time Password (OTP) known as Time-Based One-Time Password (TOTP). TOTP generates a temporary, time-limited passcode from a secret string and the current time. This secret is stored on the server and the end user’s authentication app.
Through a series of calculations, the server and client should generate the same OTP code. If the client sends a matching code, the user is successfully authenticated.
