Google Authenticator gets a new wave of interest from the web community, trying to put an extra layer on top of user authentication process. There’s a plethora of plugins and components that let you authenticate with Google, but most of them aim to OAuth and Google+ integration. Two-step auth gets aside.

I took few hours on research for the simple 2FA library available on the net and found TwoFactorAuth that already support Google URI QR-codes, that can be easily embedded into any framework/application running on PHP.

CakePHP3.x Integration

With few minor modifications it nicely got integrated into CakePHP 3.x framework. If you’re using CakePHP 3.x, you can install ‘develop’ branch, of CakeDC/Users plugin, and enable two-factor authentication with few minor modifications.

<?php
//config/app.php or any other config file that suites your app
Configure::write('GoogleAuthenticator.login', true);
/*
some other custom configs you might need
'GoogleAuthenticator' => [
       //enable Google Authenticator
       'login' => false,
       'issuer' => null,
       // The number of digits the resulting codes will be
       'digits' => 6,
       // The number of seconds a code will be valid
       'period' => 30,
       // The algorithm used
       'algorithm' => 'sha1',
       // QR-code provider (more on this later)
       'qrcodeprovider' => null,
       // Random Number Generator provider (more on this later)
       'rngprovider' => null,
       // Key used for encrypting the user credentials, leave this false to use Security.salt
       'encryptionKey' => false
   ],
*/
?>

When you enable it the CakeDC/Users Google Authenticator feature, upon ‘/login’ you will ll be redirected to ‘/verify’, where you should insert your verification code from the mobile app (Google Authenticator for Android).

If you’re already sharing a secret key with the website/app, you won’t have to synchronize an app with it. Otherwise, you’ll have to scan it first, as it’s described in the documentation. QR-code will appear on the ‘/verify’ action of the app.

UPD: CakeDC/Users has upgraded the plugin to 4.x version, which enables Google Authenticator in the master repo.