在使用authy的2FA中,我不希望在同一设备上使用OTP在接下来的30天内进行身份验证
[英]In 2FA using authy I want not requires authentication using OTP for next 30 days on same device
问题描述
I implementing a web application using laravel framework. 
我使用laravel框架实现Web应用程序。 I used twilio /Authy 2FA for adding an extra layer of security for users to make login their account. 我使用twilio / Authy 2FA为用户添加额外的安全层以登录他们的帐户。 Authenticate with email and password they are asked for OTP to login, that is working fine. 通过电子邮件和密码进行身份验证,他们被要求OTP登录,这是正常的。 But now I want is their any solution for my problem- "If user login using 2FA then , they are not required OTP to next login for one month on same device. Means I did not want every user requested for OTP on every login from same device, and want also stores thier trusted device". 但现在我想要的是他们对我的问题的任何解决方案 - “如果用户使用2FA登录,那么他们不需要在同一台设备上下次登录一个月的OTP。意味着我不希望每次登录时每个用户都请求OTP设备,并希望还存储他们的可信设备“。 please suggests me solution. 请建议我解决方案。
Is their any third party library or api that provide soltion of this problem. 他们的任何第三方库或api是否解决了这个问题。
Thank you 谢谢
1 个解决方案
解决方案1
0 已采纳 2016-07-25 11:03:15
Authy developer evangelist here. Authy开发者传道者在这里。
If you want to avoid users having to 2FA every time they log in then you'll want to drop a cookie that signifies that the user trusts this device. 如果您希望每次登录时都避免用户使用2FA,那么您将要删除表示用户信任此设备的Cookie 。 You can make the cookie live as long as you want, 30 days is probably a good idea here. 你可以随心所欲地制作饼干,30天可能是个好主意。
Then, when the user is logging in, check for the existence of the cookie, if it is there then there is no need to 2FA again. 然后,当用户登录时,检查cookie是否存在,如果存在,则不再需要2FA。 If the cookie isn't there, then present the 2FA flow. 如果cookie不存在,则显示2FA流。
Let me know if this helps at all. 如果这有帮助,请告诉我。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.