rails g two_factor_authentication MODEL Where MODEL is your model name (e.g. User or Admin). This generator will add :devise_xfactor_authenticatable to your model's Devise options and create a migration in db/migrate/, which will add the following columns to your table:

:second_factor_attempts_count
:encrypted_otp_secret_key
:encrypted_otp_secret_key_iv
:encrypted_otp_secret_key_salt
:direct_otp
:direct_otp_sent_at
:totp_timestamp
:otp_secret_key
:uses_two_factor

run: rake db:migrate

Add the following line to your model to fully enable two-factor auth:

has_one_time_password(encrypted: true)

Set config values in config/initializers/devise.rb:

config.max_login_attempts = 3  # Maximum second factor attempts count.
config.allowed_otp_drift_seconds = 30  # Allowed TOTP time drift between client and server.
config.otp_length = 6  # TOTP code length
config.direct_otp_valid_for = 5.minutes  # Time before direct OTP becomes invalid
config.direct_otp_length = 6  # Direct OTP code length
config.remember_otp_session_for_seconds = 30.days  # Time before browser has to perform 2fA again. Default is 0.
config.otp_secret_encryption_key = ENV['OTP_SECRET_ENCRYPTION_KEY']
config.second_factor_resource_id = 'id' # Field or method name used to set value for 2fA remember cookie
config.delete_cookie_on_logout = false # Delete cookie when user signs out, to force 2fA again on login

You an also set some of them in your controller as follows an example for a User model:

FAQs

What is devise_xfactor_authentication?

Is devise_xfactor_authentication well maintained?

Package last updated on 23 Nov 2022

Did you know?

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install