Here’s the sarcastic summary with ironic hashtags related to the topic:
**#TotpSecrets #PasswordSecurity #PHPAuth #LaravelAuth #CodeValidation #QRCode #TimeBased #StandardsCompliant #CryptographicallySecure #Developer-Friendly #TotpAuthenticator #Authy #GoogleAuthenticator #AuthyPHP #QRCodeURL #TimeDrift #SecurityFirst #LaravelIntegration #TotpExamples #TotpTest #LaravelSecurity #LaravelPHP #QRCodeIntegration #StandardAuth #Cryptography #CodeVerification #QRCodeUrl #TimeBasedAuth #StandardsCompliantAuth #CryptographicallySecureAuth #Developer-FriendlyAuth #TotpAuth #AuthyPHP #QRCodeURL #TimeDrift #SecurityFirstAuth #LaravelIntegration #TotpExamples #TotpTest #LaravelSecurity #LaravelPHP #QRCodeIntegration #StandardAuth #Cryptography #CodeVerification #QRCodeUrl #TimeBasedAuth #StandardsCompliantAuth #CryptographicallySecureAuth #Developer-FriendlyAuth #TotpAuth #AuthyPHP #QRCodeURL #TimeDrift #SecurityFirstAuth #LaravelIntegration #TotpExamples #TotpTest #LaravelSecurity #LaravelPHP #QRCode
Two-Factor Authentication (2FA) has become an essential layer of security for web applications, helping protect user accounts even if passwords are compromised. Among the most widely used 2FA methods is TOTP (Time-based One-Time Password), supported by popular apps like Google Authenticator, Authy, and Microsoft Authenticator.
For PHP developers looking to add TOTP-based authentication to their projects, TOTP Authenticator provides a simple, lightweight, and secure solution.
Key Features
π Secure Secret Generation: Generates cryptographically secure secrets with configurable lengths.
β± Time-based OTP Generation: Produces 6-digit one-time passwords compliant with RFC 6238.
β Code Verification: Validates user input with support for slight time drift to accommodate clock differences.
π± QR Code Generation: Creates URLs compatible with Google Authenticator and similar 2FA apps.
π Timing-Safe Comparison: Protects against timing attacks during code verification.
π‘ Zero Dependencies: Pure PHP library (requires PHP 7.4 or higher).
Installation
Install the library easily using Composer:
composer require hosseinhezami/totp-authenticator
Getting Started
Here’s a quick example demonstrating the core functionality of the library:
use HosseinHezami\TotpAuthenticator\Authenticator;
// Generate a secure secret
$secret = Authenticator::createSecret(16);
// Generate a TOTP code
$code = Authenticator::generateCode($secret);
// Verify the code
$isValid = Authenticator::verifyCode($secret, $code);
echo $isValid ? "Valid code" : "Invalid code";
// Generate a QR code URL for Google Authenticator
$qrCodeUrl = Authenticator::generateQrCodeUrl("user@example.com", $secret, "MyApp");
echo $qrCodeUrl;
The QR code URL can be scanned directly in any TOTP-compatible authenticator app.
Verification uses timing-safe comparison to ensure maximum security.
Laravel Integration Example
Integrating this library into a Laravel project is straightforward. For example, a route can be defined to test all the functionalities:
use HosseinHezami\TotpAuthenticator\Authenticator;
Route::get('/totp-test', function () {
$secret = Authenticator::createSecret(16);
$code = Authenticator::generateCode($secret);
$isValid = Authenticator::verifyCode($code, $secret);
$qrCodeUrl = Authenticator::generateQrCodeUrl('testuser@example.com', $secret, 'MyApp');
return response()->json([
'secret' => $secret,
'generated_code' => $code,
'verify_code' => $isValid,
'qr_code_url' => $qrCodeUrl
]);
});
This provides a ready-to-use JSON response for testing secret generation, code verification, and QR code creation.
Why Use TOTP Authenticator?
- Lightweight & Minimal Setup: Easy to integrate without heavy dependencies.
- Secure & Standards-Compliant: Follows RFC 6238 and implements cryptographically secure operations.
- Flexible: Works in both plain PHP and frameworks like Laravel.
- Developer-Friendly: Provides all the core TOTP functionality without complexity.
Resources
GitHub: https://github.com/hosseinhezami/totp-authenticator
Packagist: https://packagist.org/packages/hosseinhezami/totp-authenticator
