PHPackages                             craftblue/google-authenticator-redux - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. [Authentication &amp; Authorization](/categories/authentication)
4. /
5. craftblue/google-authenticator-redux

ActiveLibrary[Authentication &amp; Authorization](/categories/authentication)

craftblue/google-authenticator-redux
====================================

A modern take on a PHP implementation of Google Authenticator 2-Factor Authentication focusing on best practices in security.

1.0.0(9y ago)194BSD-4-ClausePHP

Since Aug 30Pushed 9y agoCompare

[ Source](https://github.com/CraftBlue/GoogleAuthenticatorRedux)[ Packagist](https://packagist.org/packages/craftblue/google-authenticator-redux)[ RSS](/packages/craftblue-google-authenticator-redux/feed)WikiDiscussions master Synced 1mo ago

READMEChangelogDependencies (3)Versions (3)Used By (0)

Google Authenticator Redux PHP Client
=====================================

[](#google-authenticator-redux-php-client)

[![Build Status](https://camo.githubusercontent.com/d2cebdac8ec244165652a22191a2ce86d619c6039b5274f24db7586b1d564ff2/68747470733a2f2f7472617669732d63692e6f72672f4372616674426c75652f476f6f676c6541757468656e74696361746f7252656475782e706e673f6272616e63683d6d6173746572)](https://travis-ci.org/CraftBlue/GoogleAuthenticatorRedux)

The library provides support for 2-Factor authentication, often referred to as **2FA**.

The client is intended to be used with the Google Authenticator mobile app available on both Android and iOS devices. Google Authenticator is merely an implementation of the algorithm defined in [RFC6238](http://tools.ietf.org/html/rfc6238), better known as **TOTP: Time-Based One-Time Password Algorithm**.

The class contains methods which support:

- The generation of RFC6238 compliant secret keys
- The generation of Base32 codes based on the secret key
- Creation of QR Code image URLs to present to the user for scanning into the Google Authenticator app
- Validation of a user-submitted code against a known secret key

Credits
-------

[](#credits)

This project is a full revamp of [PHPGangsta](http://www.phpgangsta.de/)'s original [GoogleAuthenticator](https://github.com/PHPGangsta/GoogleAuthenticator) repository to promote best practices in PHP security and modern PSR-4 standards with Packagist.

Fixes and improvements include:

- Prevention of timing attacks
- Proper pseudo-random secret key generation
- Usage of safe string comparison functions
- Usage of a standardized Base32 library
- Improved examples and documentation
- Improved code comments to point out source of
- Validation and sanitization of QR code labels
- Additional parameter support when generating QR codes
- PSR-4 support

Installation
------------

[](#installation)

The recommended way to install this library is through Composer.

```
# install composer if you don't already have it on your machine
curl -sS https://getcomposer.org/installer | php

# from your project's base directory, run the composer command to install GoogleAuthenticator
php composer.phar require craftblue/google-authenticator-redux

```

Ensure you require Composer's autoloader somewhere in your code:

```