Best practices for Two Factor Auth / 2FA in 2021?

This page summarizes the projects mentioned and recommended in the original post on /r/rails
Webauthn Passwordless passwordless-login Fido2 Ruby

WorkOS
Our great sponsors
  • WorkOS - The modern identity platform for B2B SaaS
  • InfluxDB - Power Real-Time Data Analytics at Scale
  • SaaSHub - Software Alternatives and Reviews
Our great sponsors

  • rotp

    Ruby One Time Password library

    Use https://github.com/mdp/rotp/ -- it's super simple to get TOTP 2FA set up. Friends don't let friends use SMS 2FA.

  • devise-2fa

    Devise 2FA with Time Based OTP/rfc6238 tokens and encrypted secrets.

    Not sure if still maintained but there's this gem that uses rotp: https://github.com/williamatodd/devise-2fa. If anything, you can peek into how that gem is doing it and just copy that.

  • WorkOS

    The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.

  • devise-otp

    Two Factors authentication for Devise using Time Based OTP/rfc6238 tokens.

    I use a combination of https://github.com/wmlele/devise-otp and https://castle.io/

  • authy-devise

    Discontinued Authy Devise plugin to add Two-Factor Authentication

    We've used Twilio's Authy plugin for Devise with minimal drama: https://github.com/twilio/authy-devise

  • ruby-u2f

    U2F library in Ruby

    All OTP-based 2FA methods are phishable. For real security, you should be looking at FIDO (U2F or WebAuthN)

  • webauthn-ruby

    WebAuthn ruby server library ― Make your Ruby/Rails web server become a conformant WebAuthn Relying Party

    All OTP-based 2FA methods are phishable. For real security, you should be looking at FIDO (U2F or WebAuthN)

NOTE: The number of mentions on this list indicates mentions on common posts plus user suggested alternatives. Hence, a higher number means a more popular project.

Suggest a related project

Related posts