Many times I had thought to myself "I wish I could use this for other websites too."
Imagine my joy when I discovered that implementing two-step authentication on a website isn't that difficult to do; in-fact, it's open source.
Using 2 step authentication is very straight forward. The user enters their username / password like normal, and when that authentication is validated, they are presented with a text field, and asked to enter a number.
From there, the user loads Google Authenticator on their smartphone, and receives a custom random number to input into the provided text field.
Once that number is confirmed correct, the user can log in as normal.
I was going to write my own tutorial on how to get started using all this, but realized that there was a great running example that implements this TOTP process in javascript. So, I'll direct you there instead ;)
Important bits from the above example, to help you along:
You can create custom QR codes pretty easily; The following QR image was created with this:
https://chart.googleapis.com/chart?chs=150x150&cht=qr&chl=hellomynameismainroach
And google provides a great doucment on how to embed the TOTP keys in the QR code here.
So go forth! Add this ability to your service! There's no reason to hold back!
