How to add Google Authenticator to my website?

The key phrase that you’re looking for is “TOTP” (Time-Based One-time Password) – and it is a specification, rather than an API maintained by Google.

At a very high level, your backend will generate a secret that it will share with your users’ Google Authenticator app. At login, both the Authenticator app and your backend with use the stored secret and current time to generate a single-use key. If the keys match, it means that the secrets match, and the user may be logged in.

The SpeakEasy node implementation seems to be pretty popular on github.

Leave a Comment