In Google Authenticator app you can either scan a QR code or manually type a key provided by the issuer.
In the following screenshot you can see the setup of 2FA among Google Security settings, displaying how to get the TOTP by following the 2nd method.
My question is: how is this key generated?
I'm trying to support 2FA with Google Authenticator for my website and I found many references and docs about how to generate the QR code, but none even mentioning the alternate method.
Edit:
To be a bit clearer, I'm supporting 2FA with Google Authenticator in a Grails 3 webapp. I already implemented the whole user flow by generating a secret key (Base32
string) for each user, providing a QR code for users to scan, and verifying the TOTP on login. I used as dependencies:
org.jboss.aerogear:aerogear-otp-java
, aerogear OTP to conveniently verify user secret key against the TOTP from GAorg.grails.plugins:qrcode
, qrcode Grails plugin to generate the QR codeMy question is about the 2 ways to add a new entry in Google Authenticator app: 1. scan QR code (everything ok on my side) 2. manually type the account name along with an alphabetic code (in my 1st screenshot, the code is provided within Google Security Settings)
You can see an explicatory screenshot from GA for Android:
How can I generate and provide such code (starting with fzee
in the 1st screenshot, and named "provided key" in the 2nd one) to the user? I'm sure it's an encoding of the same data string also encoded in the QR code, but I don't know which (not simply Base32
).
key = secret
The key should be the same as the secret you generated. Just test it by opening google authenticator and manually adding it as the key.
Check out the docs at the link below: https://support.google.com/accounts/answer/1066447?co=GENIE.Platform%3DiOS&hl=en