How to Enable 2FA in Your Backendless App
To enable two-factor authentication in your application, you’ll need to use the 2FA Login plugin and its APIs. You can add the plugin for free by visiting Backend > Marketplace > API SERVICES > All Services in your Backendless app.
To verify the installation, visit the Cloud Code section of your backend and you should see the TOTP service in your list of API services.
The 2FA plugin supports 2FA at the individual user level. You can enable 2FA for the entire app or individual users can individually enable it (through your app).
Implementing TOTP With 2FA
In a TOTP app, the user needs to scan a QR code or enter a “secret” code to add your application to the TOTP app. The 2FA plugin in Backendless provides both a QR code as well as a “secret” code as a part of the user registration process.
The API supported by the 2FA Login plugin can be used either via REST, using a Backendless SDK, or with Codeless. Supported frontend languages include:
You can generate the client-side library for the API using the Code Generator as shown below. This will enable you to use the API with the corresponding SDK.
If your frontend language is not available, you can access the plugin via REST API.
Comparing Top Authenticator App Providers
Google Authenticator is a popular two-factor authentication app that’s available on both Android and iOS.
The technology behind Google Authenticator began as an open-source project, but when Google created a proprietary version, it became known as the familiar and simple alternative to newer 2FA systems. For individuals who use the Google suite of services, Google Authenticator has become a popular choice.
Google Authenticator is available for free on the Google Play Store and Apple App Store.
Microsoft Authenticator is another popular two-factor authentication app that’s available on both Android and iOS. It supports a wide range of applications, most notably including the complete Microsoft suite of products such as Office 365, Azure AD, and many more.
Microsoft Authenticator supports PIN and biometric authentication like TouchID tied to the user’s device, adding an additional layer of security to the login process.
Microsoft Authenticator is available for free on the Google Play Store and Apple App Store.
Twilio Authy is a popular two-factor authentication app that’s available on both Android and iOS. While Authy may not connect with as many third-party apps as Google Authenticator, it supports many devices other than Android and iOS devices. Authy also works with Apple Watches and desktop computers running Windows, Linux, or macOS. It is easy to set up since one account easily links to multiple devices.
Like Microsoft Authenticator, Authy also supports PIN and biometric authentication, providing addition security compared to Google Authenticator.
Twilio Authy is available for free on the Google Play Store and Apple App Store.
The 2FA Login plugin from Backendless is a great way to enable two-factor authentication for your app by enabling you to interact with a variety of authenticator apps.
The plugin enables 2FA via TOTP for increased data and account security. It is just one more tool from Backendless to protect yourself and your uses from unauthorized account access.
Download and install the plugin for free from the Marketplace section of your Backendless backend today!
What is TOTP Authenticator?
A TOTP authenticator is an app used for user authentication to allow access to a secure account. The authenticator uses a phone app which receives and validates a code generated by a server before allowing access to the account.
For example, Google Authenticator is a TOTP app that can be used to protect a Google account including Google drive, Google email, etc.
How Do I Set Up TOTP?
To set up TOTP for your Backendless app using the 2FA Login plugin, follow the instructions laid out in the plugin’s documentation.
HOTP vs. TOTP
HOTP stands for HMAC-based One-Time Password. It is the original standard that TOTP was based on. One of the inputs to both methods is a secret key, but TOTP uses the system time for the other input, whereas HOTP utilizes a counter that increments with each new validation. Both parties increment the counter and use it to compute one-time passwords using HOTP.
Does the 2FA Plugin support push notifications with the TOTP code?
Many authenticator apps provide features such as one-tap push authentication for easier access. These notifications originate from the authenticator app, not Backendless itself.
Many authenticator apps also include cloud backup for your accounts via platforms such as Google Drive. This is also controlled by the authenticator service, not hosted within Backendless.