PHPackages                             phpgangsta/googleauthenticator - PHPackages - PHPackages  [Skip to content](#main-content)[PHPackages](/)[Directory](/)[Categories](/categories)[Trending](/trending)[Leaderboard](/leaderboard)[Changelog](/changelog)[Analyze](/analyze)[Collections](/collections)[Log in](/login)[Sign up](/register)

1. [Directory](/)
2. /
3. phpgangsta/googleauthenticator

ActiveLibrary

phpgangsta/googleauthenticator
==============================

Google Authenticator 2-factor authentication

2.3k2.6M↓16.6%720[47 issues](https://github.com/PHPGangsta/GoogleAuthenticator/issues)[13 PRs](https://github.com/PHPGangsta/GoogleAuthenticator/pulls)7PHP

Since Mar 20Pushed 2y ago124 watchersCompare

[ Source](https://github.com/PHPGangsta/GoogleAuthenticator)[ Packagist](https://packagist.org/packages/phpgangsta/googleauthenticator)[ RSS](/packages/phpgangsta-googleauthenticator/feed)WikiDiscussions master Synced 1mo ago

READMEChangelog (1)DependenciesVersions (1)Used By (7)

Google Authenticator PHP class
==============================

[](#google-authenticator-php-class)

- Copyright (c) 2012-2016,
- Author: Michael Kliewe, [@PHPGangsta](http://twitter.com/PHPGangsta) and [contributors](https://github.com/PHPGangsta/GoogleAuthenticator/graphs/contributors)
- Licensed under the BSD License.

[![Build Status](https://camo.githubusercontent.com/befdec2485d1872f270dabed2855dbbb730e6f138ea3875e2a08f5407c3ddf04/68747470733a2f2f7472617669732d63692e6f72672f50485047616e677374612f476f6f676c6541757468656e74696361746f722e706e673f6272616e63683d6d6173746572)](https://travis-ci.org/PHPGangsta/GoogleAuthenticator)

This PHP class can be used to interact with the Google Authenticator mobile app for 2-factor-authentication. This class can generate secrets, generate codes, validate codes and present a QR-Code for scanning the secret. It implements TOTP according to [RFC6238](https://tools.ietf.org/html/rfc6238)

For a secure installation you have to make sure that used codes cannot be reused (replay-attack). You also need to limit the number of verifications, to fight against brute-force attacks. For example you could limit the amount of verifications to 10 tries within 10 minutes for one IP address (or IPv6 block). It depends on your environment.

Usage:
------

[](#usage)

See following example:

```