Add 2FA / MFA or OTP to your application
There are three common ways to strengthen the security of your login page:
- 2-Factor Authentication (2FA)
- Multi-Factor Authentication (MFA)
- One-Time Passwords (OTP)
All of these methods rely on sending a code to a known phone number or e-mail address of your user. They can verify access by entering the code they receive.
It makes a lot of sense to use the Auron SMS Server for this. With the Auron SMS Server you can freely configure and change which SMS provider should send the message. You can also setup fallbacks to either a different SMS provider, GSM modem or even E-mail. That way your solution is going to be highly reliable and resilient.
Setting this up with the Auron SMS Server is easy. In this article we’ll guide you through the steps. We’ll assume that you already have a login page in PHP and just need to add the part that sends and verifies authorization codes.
1. Setup your SMS channel(s)
Start by setting up a connection to your SMS provider. In most cases you’ll connect to your provider directly through the internet by either using SMPP or HTTP. If you’re doing low volumes you can also choose to use a GSM modem or an Android phone.
A huge benefit of the Auron SMS Server is the ability to use multiple SMS channels where you can have a fallback channel if one goes down. Or you can route based on the region to get the most cost effective provider.
In this case we’re setting up a connection to the test and demonstration gateway.
2. Setup the HTTP API
The Auron SMS Server has an HTTP API channel available that is perfect for connecting directly from your web code.
You can use either XML or JSON formatted strings to send SMS messages and you can use it from almost any programming language.
3. Send the authorization code
With the SMS and API channels in place we’re able to send and receive SMS messages from anywhere through the Auron SMS Server. In this case we’ll have to generate an authorization code and send it to our user.
This part depends a lot on your web application. If your application uses PHP it may look like this:
// Generate a temporary authorization code
$sNewCode = '';
for ($i=0;$i<6;$i++)
{
$n = rand(0, 16);
$sNewCode = $sNewCode.($n < 10 ? chr($n + 48): chr($n + 55));
}
// Store the authorization code in your session
$_SESSION['code'] = $sNewCode;
$_SESSION['cval'] = date_add(date_create('now'),
date_interval_create_from_date_string('5 minutes'));
// The base URL is the SMS Server + channel
$BASEURL = "http://localhost:7000/HTTP_API1";
// Use the create.json to send an SMS using JSON
$url = $BASEURL . "/messagedb/create.json";
// Send the SMS by creating the message as 'SCHEDULED'.
$objMessage = array( "message" => array(array(
"TypeID" => "SMS"
, "StatusID" => "SCHEDULED"
, "ToAddress" => $sToAddress
, "Body" => 'Your authorization code: '.$sNewCode
))
);
// Make the API call
$result = http_call($url, json_encode($objMessage));
if ($result === FALSE)
{
echo("<h2 style='color: #f00;'>Error while connecting to HTTP API. " .
" Please make sure you have an HTTP API channel configured.</h2>");
exit;
}
This example generates a random access code and sends it through the Auron SMS Server.
4 Verify the authorization code
The next step is for the users to verify their authorization code.
In PHP this could look as easy as this:
$sVerifyCode = $_SESSION['code'];
if ($sVerifyCode != $sCode)
{
echo("<h2 style='color: #f00;'>Error: Invalid authorization code!</h2>");
exit;
}
And that’s it.
You’ve new sent and verified your 2FA / MFA or OTP authorization code.