

New two factor-authentication gem for Rails - borski
https://www.tinfoilsecurity.com/blog/two-factor-authentication?utm_source=hn

======
scott_karana
Wow. The github repo[1] has pretty thorough usage docs, and the gem itself
seems to be pretty feature-comprehensive.

Kudos to Tinfoil.

[https://github.com/tinfoil/devise-two-
factor](https://github.com/tinfoil/devise-two-factor)

------
jmuguy
Might I suggest a second page after logon that requests the two-factor auth
code? I tested on your site, I use a password manager so it auto-filled my
details and I didn't see the "use two factor" checkbox. Also the error
returned, invalid email or password, so that was confusing. I think if you
redirect to a new page asking for the two factor code that would make more
sense.

Awesome gem though, really appreciate the work!

~~~
ShaneWilton
Thanks for the criticism! This is something I was torn on, but I really
enjoyed the flow of Amazon's single-page MFA sign-on, so I ended up mimicking
their design. I've heard a few comments like yours now though, so I'll
probably add a second page.

The gem itself doesn't impose any restrictions on the UI though, so you're
free to have as many pages as you want!

~~~
jmuguy
Oh, awesome!

------
purephase
This is great. Thanks for putting this together and sharing.

