devise-two-factor
pwned
| devise-two-factor | pwned | |
|---|---|---|
| 5 | 1 | |
| 1,186 | 419 | |
| 0.5% | - | |
| 6.0 | 3.9 | |
| about 1 month ago | 5 months ago | |
| Ruby | Ruby | |
| MIT License | MIT License |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
devise-two-factor
-
Rails Authentication for Compliance
Your authentication mechanism should include multiple factors, something the user knows and something the user has. If you are using Devise, you can use the devise-two-factor gem. If you have custom authentication, you can use the rotp gem to generate OTP codes and verify those during login.
-
Ask HN: Why doesn't MFA as a stand alone API exist?
In Ruby-on-Rails it's part of the authentication framework Devise https://github.com/tinfoil/devise-two-factor and related modules including creating QR codes, backup codes etc. PHP Laraval has similar libraries https://jetstream.laravel.com/2.x/features/two-factor-authen...
Auth0 and similar commercial companies might very good at marketing. Try replacing "API" with "library" or a programming language name.
> It's just not valuable enough for anyone to create
For a commercial API you need to charge $10 USD/month, or equivalent in terms of per-API-call, otherwise your service won't be profitable. You call 5 US cent already expensive, so I think you're right, it's not valuable enough.
-
I resurrected devise-otp from the dead
I've used https://github.com/tinfoil/devise-two-factor before – it's good to know there is a maintained alternative that implements the UI already and is compatible to Rails 7.
-
What's going on with Devise for Rails 7 ?!
Are you referring to the devise two factor authentication gem at https://github.com/tinfoil/devise-two-factor? If so, I have posted a ticket that modifies the gem to use the Rails 7 Active Record encryption capabilities and some folks have been asking if a pull request could be created for it. There is some discussion going on in the issue thread on how to proceed. See https://github.com/tinfoil/devise-two-factor/issues/192 for details.
-
Modern 2FA gem for Devise
devise-two-factor: https://github.com/tinfoil/devise-two-factor
pwned
-
Rails Authentication for Compliance
Additionally, you should validate that the password is not leaked. Luckily, there is a gem for that: https://github.com/philnash/pwned. After installing the gem, All you need to do is add the following validation to the model:
What are some alternatives?
active_model_otp - Adds methods to set and authenticate against one time passwords (Two-Factor Authentication). Inspired in AM::SecurePassword
Rack::Attack - Rack middleware for blocking & throttling
rodauth-rails - Rails integration for Rodauth authentication framework
rotp - Ruby One Time Password library
authtrail - Track Devise login activity
authentication-zero - An authentication system generator for Rails applications.
warden - General Rack Authentication Framework
Clearance - Rails authentication with email & password.
devise-otp - Two Factors authentication for Devise using Time Based OTP/rfc6238 tokens.
devise - Flexible authentication solution for Rails with Warden.