SecureKey is a comprehensive Two-Factor Authentication (2FA) solution for PHP. Commonly referred to as 'App-based 2FA', 'Time-based 2FA', or 'TOTP', this robust package ensures seamless integration into your PHP scripts, offering top-notch security for your web applications.
Encountered a bug or have an idea for improvement? Open a GitHub issue issue and help us refine SecureKey!
Please ensure that you have reviewed the security note.
SecureKey is a powerful and versatile Two-Factor Authentication (2FA) solution designed specifically for PHP. It adds an additional layer of security to web applications by requiring a second form of authentication, thus minimizing the risk of unauthorized access.
Developed with developers in mind, SecureKey is both easy to implement and highly reliable. It leverages Time-based One-Time Passwords (TOTP), which are generated by an app on the user's device and are only valid for a short period. This means that even if a user's password is compromised, an attacker would still need the TOTP to gain access, significantly enhancing security.
SecureKey is the simplest solution for Two-Factor Authentication protection. With just one line of code, you can add instant 2FA to your PHP script, enhancing the security of your application.
- Ease of Use: SecureKey is designed to be straightforward. Developers can integrate it with minimal effort, reducing the time and resources needed for implementation.
- Open Source: As an open-source solution, SecureKey allows you to inspect and verify its code. This transparency helps ensure the integrity and security of the application.
- Enhanced Security: By requiring a second form of authentication, SecureKey significantly reduces the risk of unauthorized access. Even if a password is stolen, the account remains secure thanks to the additional authentication step.
- User Trust: Offering 2FA as part of your web application can improve user trust and satisfaction, as users know their accounts are well-protected.
- Flexibility: SecureKey can be easily integrated into various types of PHP applications, making it a versatile choice for different projects.
- Easy Integration: Add a single line of code to your PHP script to enable 2FA instantly.
- Open Source: Verify the integrity of the application yourself.
- Securing Logins: If your website has a login or profile system, adding 2FA with SecureKey is an excellent option for users to secure their accounts.
- Protecting Sensitive Information: Ensure that sensitive user data remains secure with an additional layer of authentication.
- Preventing Unauthorized Access: Minimize the risk of unauthorized access to user accounts and critical systems.
- Enhancing User Trust: Provide users with peace of mind by offering an additional security feature.
SecureKey is straightforward to integrate into your PHP scripts, with no need for server-side installations.
-
Download and Add SecureKey:
- Download the latest SecureKey release
- Add the
securekeyfolder to your project
-
Include SecureKey in Your Script:
- At the top of your PHP file, include SecureKey with this line of code:
Note: Replace
require_once("path/to/securekey/main.php");
path/to/securekeywith the actual path to thesecurekeyfolder.
- At the top of your PHP file, include SecureKey with this line of code:
Once included, you can start using SecureKey immediately in your script.
After you include SecureKey in your script, you can start off with one of our examples to build your 2FA application.
Verifying 2FA codes is essential for Two-Factor Authentication. You can use the verifyTotp() method to verify the user-provided code with the secret. Here's an example using PHP and HTML:
PHP
<?php
require_once("path/to/securekey/main.php"); // Replace path/to/securekey with the actual path to the securekey folder.
// Set default timezone (fallback)
date_default_timezone_set('UTC');
// Set the user's timezone if provided
if (isset($_POST['timezone'])) {
date_default_timezone_set($_POST['timezone']);
}
$secret = "NR2NX7SEQCP5DDZB"; // For testing purposes, replace with the actual secret.
// Process form submission
$result = '';
if ($_SERVER['REQUEST_METHOD'] === 'POST' && isset($_POST['code'])) {
$userProvidedCode = $_POST['code'];
if (verifyTotp($secret, $userProvidedCode)) {
$result = '2FA success!';
} else {
$result = 'Invalid code.';
}
}
?>HTML
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<title>2FA Example</title>
</head>
<body>
<h1>Two-Factor Authentication</h1>
<form method="POST">
<label for="code">Enter TOTP Code:</label>
<input type="text" name="code" id="code" required>
<input type="hidden" name="timezone" id="timezone">
<button type="submit">Verify</button>
</form>
<p><?php echo $result; ?></p>
<script>
// Get the user's timezone
document.getElementById('timezone').value = Intl.DateTimeFormat().resolvedOptions().timeZone;
</script>
</body>
</html>This is an effective way to verify users using 2FA in PHP and HTML. Make sure to replace $secret with the actual secret for the user.
Generating a secret is essential for Two-Factor Authentication. The secret key is the foundation of 2FA. The codes are generated and verified with the secret. You can use the generateSecret() method to generate a 16-character secret key that the user will install in their Two-Factor Authentication app (e.g., Microsoft Authenticator, Google Authenticator, Twilio Authy, etc.) to generate a 6-digit code that you verify. The generateSecret() function is simple to use. Here's an example using PHP:
<?php
require_once("path/to/securekey/main.php"); // Replace path/to/securekey with the actual path to the securekey folder.
$secret = generateSecret();
echo($secret); // Prints a 16-character secret key for the user to install in their 2FA app
?>And that's it.
This is useful if you need to generate codes using secret keys. You can use the generateTotp() method to generate codes using secret 2FA keys. Here's a quick example in PHP:
<?php
require_once("path/to/securekey/main.php"); // Replace path/to/securekey with the actual path to the securekey folder.
$secret = "NR2NX7SEQCP5DDZB"; // For testing purposes, replace with the actual secret.
echo(generateTotp($secret));
?>Feel free to explore these examples and tailor them to fit your specific application needs. SecureKey makes implementing robust security measures straightforward and efficient.