Our great sponsors
-
Use https://github.com/mdp/rotp/ -- it's super simple to get TOTP 2FA set up. Friends don't let friends use SMS 2FA.
-
Not sure if still maintained but there's this gem that uses rotp: https://github.com/williamatodd/devise-2fa. If anything, you can peek into how that gem is doing it and just copy that.
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
-
I use a combination of https://github.com/wmlele/devise-otp and https://castle.io/
-
We've used Twilio's Authy plugin for Devise with minimal drama: https://github.com/twilio/authy-devise
-
All OTP-based 2FA methods are phishable. For real security, you should be looking at FIDO (U2F or WebAuthN)
-
webauthn-ruby
WebAuthn ruby server library ― Make your Ruby/Rails web server become a conformant WebAuthn Relying Party
All OTP-based 2FA methods are phishable. For real security, you should be looking at FIDO (U2F or WebAuthN)