How to correctly use google authenticator when logging in?

N

NastyaG2019-07-24 09:35:24

PHP

NastyaG, 2019-07-24 09:35:24

Hello. I need to use google authenticator to provide a more secure login to the site.
The site has 5 users. Here's what I did:
1. Displayed a qr code on a local site, secret key was used to create it, for example "abcd" (just an example)) . I saved this picture to my PC. I also took a picture in the google authenticator program to get a temporary code.
2.In the users table, I created a new field "ga_secret" and set this value to "abcd" for all users.
3. Next, when logging in, I use "ga_secret" to check the introductory code. If everything matches, I enter the site.
4.I have this picture with a qr code. I send it, for example, to emails to all users, they scan it in the google authenticator program and then use the code from the program to enter the site.
Am I understanding the algorithm correctly? Is it correct that ga_secret is the same for all users?
If not, please tell me how it should look like.
Thank you!

Reply

Answer the question

In order to leave comments, you need to log in

2 answer(s)

C

CHolfield, 2019-07-24
@CHolfield

Secrets are better to make different for different people. The time zone doesn't matter. The rest is somewhat perverse, but acceptable.

X

xmoonlight, 2019-07-24
@xmoonlight

Shared the account - correctly.
But the very fact that you distributed the same authentication data to everyone is a grandiose EPIC FAIL!
You made a HUB, but you need a ROUTER! Do you understand?
Look at the pseudocode and implement a router to have control of each user.
Here is the PHP implementation.