Two Factor Authentication (2FA) using Google Authenticator

What is Google Authenticator?

Google Authenticator

Google Authenticator is a software token that implements two-step verification services using the Time-based One-time Password Algorithm and HMAC-based One-time Password Algorithm. The passwords are obtained through the Google Authenticator App available for Android and iOS. You can get the Authenticator application from Google

Get Google Authenticator

How to Enable Google Authenticator 2FA for Watch My Domains SED

  • Download and install Google Authenticator on your phone or tablet.
  • Copy the lib/php/custom/custom.login.googleauth-sample.php file to the root folder of your Watch My Domains SED and rename it to custom.login.php.
  • Open the above custom.login.php in any text editor and specify the required keys. Please see the screen-shot below. You can also read the comments in the file to understand the steps.
  • Try to login to Watch My Domains SED. After your usual authenticator you will see the 2FA screen. Type in your $google_2fo_setupkey (or the $google_2fo_superadmin_setupkey if you have logged in as super-admin) to setup the Authenticator. The super-admin user is the initial user you created to enable password protection. Please avoid logging in as 'super-admin', instead create a user with 'administrator' privileges.
  • Open Google Authenticator and use the 'Add' button. Scan the bar code to initialize the application (screen-shot below).
  • Enter the password from Google Authenticator to login.
  • Provide the $google_2fo_setupkey to your users so that they can add the application to their Google AUthenticator. The $google_2fo_setupkey will work only once per user.
  • To reset the authenticator secret for any user, login to Watch My Domains SED as administrator and deactivate the user. While the user is deactivated open the /custom.login.php (this file) in another tab of your browser. Come back to Watch My Domains SED and reactivate the user.

Use Google Authenticator in Watch My Domains SED for 2FA

Add Watch My Domains SED to Authenticator