Easy Steps to Enable Two-Factor Authentication With Laravel

Two-factor authentication is an extra security step that makes your accounts safer. It works by asking for two things: something you know, like your password, and something you have, like your phone. This way, even if someone steals your password, they cannot access your account without the second step. Adding 2FA to your Laravel application is a great way to protect sensitive information and make your users feel secure. Laravel has tools and packages that make setting up 2FA easy. In this blog, we will explain step-by-step how to add Two-Factor Authentication with Laravel application so your users’ accounts stay safer.

Steps to Create Two-Factor Authentication with Laravel

The best Laravel development company can set up Two-Factor Authentication in Laravel in just 7 easy steps for you. We will go through each step individually to show you how to add this extra layer of security to your Laravel app. Let’s make your application safer by adding step-by-step two-factor authentication with Laravel!

Step 1: Install Laravel Fortify

To get started, you need to install Laravel Fortify in your Laravel application. You can do this via Composer:

bash
composer require laravel/fortify

After installing Fortify, publish its configuration file:

bash
php artisan vendor:publish --provider="Laravel\Fortify\FortifyServiceProvider"

This command will create a fortify.php configuration file in the config directory.

Step 2: Configure Fortify

Next, you need to configure Fortify to enable two-factor authentication. Open the config/fortify.php file and ensure that the features array includes the twoFactorAuthentication option:

php
'features' => [
    // Other features...
    Features::twoFactorAuthentication(),
],

Step 3: Update the Users Table

To store two-factor authentication data, you need to update your users' table. Run the following Artisan command to create a migration:

bash
php artisan make:migration add_two_factor_columns_to_users_table --table=users

In the migration file, add the following columns:

php
public function up()
{
    Schema::table('users', function (Blueprint $table) {
        $table->string('two_factor_secret')->nullable();
        $table->text('two_factor_recovery_codes')->nullable();
    });
}

Then run the migration:

bash
php artisan migrate

Step 4: Enable Two-Factor Authentication for Users

To allow users to enable 2FA, you need to create a controller method that handles this process. Here’s a simplified version of what that might look like:

php
use Illuminate\Http\Request;
use App\Models\User;

public function enableTwoFactorAuthentication(Request $request)
{
    $user = $request->user();

    // Generate a secret key for TOTP
    $user->two_factor_secret = encrypt($this->generateSecret());
    $user->save();

    return response()->json(['message' => 'Two-factor authentication enabled.']);
}

You would also want to provide users with a QR code that they can scan using an authenticator app (like Google Authenticator). You can use packages like endroid/qr-code to generate QR codes.

Step 5: Verify Two-Factor Authentication Code

When users log in, you need to prompt them for their 2FA code after they enter their password. You can do this by modifying the login method in your authentication controller:

php
public function login(Request $request)
{
    // Validate credentials...
    
    if ($user->two_factor_secret) {
        // Prompt for 2FA code
        return response()->json(['message' => 'Please enter your two-factor authentication code.']);
    }

    // Proceed with login...
}

You will also need to create an endpoint that verifies the provided code against the user's stored secret.

Step 6: Provide Recovery Codes

In case users lose access to their authenticator app, it's essential to provide recovery codes during the setup process. These codes should be securely generated and stored in the database:

php
public function generateRecoveryCodes()
{
    return collect(range(1, 8))->map(function () {
        return Str::random(10);
    })->toArray();
}

Display these codes to users during their setup process so they can store them safely.

Step 7: Disabling Two-Factor Authentication

Users should also have the option to disable 2FA if needed. You can create a method in your controller that handles this:

php
public function disableTwoFactorAuthentication(Request $request)
{
    $user = $request->user();
    $user->two_factor_secret = null;
    $user->two_factor_recovery_codes = null;
    $user->save();

    return response()->json(['message' => 'Two-factor authentication disabled.']);
}

Final Thoughts

Adding Two-factor authentication with Laravel application is a great way to boost security and keep user accounts safe from hackers. With Laravel Fortify, setting up 2FA is simple and effective. If you run into any problems, you can hire Laravel developers to handle them and ensure everything is secure. 2FA helps protect sensitive information and builds trust with your users. Encourage your users to turn on 2FA and give them easy-to-follow steps to set it up. By focusing on security in your app, you not only protect your users but also show that your company is reliable and takes safety seriously.