Two Factor Authentication (2FA) using Google Authenticator
What is Google Authenticator?
Google Authenticator is a software token that implements two-step verification services using the Time-based One-time Password Algorithm and HMAC-based One-time Password Algorithm. The passwords are obtained through the Google Authenticator App available for Android and iOS. You can get the Authenticator application from Google
How to Enable Google Authenticator 2FA for Watch My Domains SED
- Download and install Google Authenticator on your phone or tablet.
- Copy the
lib/php/custom/custom.login.googleauth-sample.phpfile to the root folder of your Watch My Domains SED and rename it to
- Open the above custom.login.php in any text editor and specify the required keys. Please see the screen-shot below. You can also read the comments in the file to understand the steps.
- Try to login to Watch My Domains SED. After your usual authenticator you will see
the 2FA screen. Type in your
$google_2fo_superadmin_setupkeyif you have logged in as super-admin) to setup the Authenticator. The super-admin user is the initial user you created to enable password protection. Please avoid logging in as 'super-admin', instead create a user with 'administrator' privileges.
- Open Google Authenticator and use the 'Add' button. Scan the bar code to initialize the application (screen-shot below).
- Enter the password from Google Authenticator to login.
- Provide the
$google_2fo_setupkeyto your users so that they can add the application to their Google AUthenticator. The
$google_2fo_setupkeywill work only once per user.
- To reset the authenticator secret for any user, login to Watch My Domains SED as administrator and deactivate the user. While the user is deactivated open the /custom.login.php (this file) in another tab of your browser. Come back to Watch My Domains SED and reactivate the user.