DEV Community

Cover image for How to Create Two-Factor Authentication (2FA) in Python
Felix Kiprotich
Felix Kiprotich

Posted on

How to Create Two-Factor Authentication (2FA) in Python

Introduction

Two-factor authentication (2FA) is a security process that requires users to provide two different authentication factors to verify their identity before gaining access to a system or service. Typically, these factors fall into three categories: something the user knows (like a password or PIN), something the user has (such as a smartphone or token), or something the user is (biometric data like fingerprints or facial recognition). By combining two factors from different categories, 2FA adds an extra layer of security beyond just a password, making it significantly more difficult for unauthorized users to access sensitive information or accounts.

Understanding the code

We are going to use to a python library ‘pyotp’ which enables us to easily implement one-time password (OTP) generation and verification for two-factor authentication (2FA).

1. Importing required library
To get started we import ‘pyotp’ and ‘qrcode’

import pyotp
import qrcode
Enter fullscreen mode Exit fullscreen mode

2. We then initialize a Time-Based One-Time Password (TOTP)

key = 'NeuralNineMySuperSecretKey'

# initializes a Time-Based One-Time Password (TOTP)
totp = pyotp.TOTP(key)
Enter fullscreen mode Exit fullscreen mode

3. Generate a qrcode for our authentication app

uri = pyotp.totp.TOTP(key).provisioning_uri(name='penscola',
                                            issuer_name='Penscola@Tech'
                                            )
Enter fullscreen mode Exit fullscreen mode

4. Save the qrcode image

qrcode.make(uri).save('totp.png')
Enter fullscreen mode Exit fullscreen mode

Image description
You can scan the qrcode to get the One Time Password which changes after 30 seconds.
5. Verify the code if it is true or false

while True:
    print(totp.verify(input('Enter code: ')))
Enter fullscreen mode Exit fullscreen mode

Image description

Conclusion

In conclusion, two-factor authentication (2FA) stands as a critical component in modern cybersecurity practices, significantly bolstering the security of user accounts and sensitive information. By requiring users to provide two different authentication factors, typically something they know (like a password) and something they have (such as a smartphone or token), 2FA adds an extra layer of protection against unauthorized access. This approach mitigates the risks associated with password breaches and phishing attacks, enhancing the overall resilience of authentication mechanisms. As cyber threats continue to evolve, the widespread adoption of 2FA remains paramount in safeguarding digital identities and preserving the integrity of online services and systems.

You’ve come a long way; thanks for reading this article. For more related posts and articles, follow me on LinkedIn, GitHub and Twitter.

Top comments (0)

Read next

thedammyking profile image

Authentication with Clerk in NestJS Server Application

Oluwadamilola Babalola -

briansuarezsantiago profile image

Cómo instalar ownCloud en una instancia EC2 con Amazon Linux 2023

Brian -

panasenco profile image

Rights for human and AI minds are needed to prevent a dystopia

Aram Panasenco -

jetthoughts-dev profile image

Revolutionizing Productivity: The Future of Developer Tooling in 2025

JetThoughts Dev -