0

I’m looking for Term Or Some platform for managing Password Authentication with this way : Password construct from 2 Part , First one is static and you can make it and second Part Generate From TOTP System as an example :

In 13:00 Jinx password for login Is Abc627028 And in 13:01 Jinx Password for login Is Abc002839

As you can see First part is static and for jinx user always Abc and second Part is dynamic send to Jinx with expiration time

I don’t Need to chains , for example first authenticate user with A static password and then ( if static password correctly) send TOTP to it for Second Step Authentication. I don’t what’s that term , some things like Multi Factor Authentication just in One Step.

learner
  • 1
  • 2
  • You can create two fields in the form, one for the static part (the password) and one for the dynamic part (the TOTP), and send everything in one step. – ThoriumBR Mar 08 '22 at 21:17

1 Answers1

0

The typical way you do this is with two forms on the login page. You can simply allow the user to enter the password in one and then store the TOTP code in the other. Then, the user can send both at the same time when they submit the form.

Some systems do provide both items in the same field, either in web form, or over a connection like SSH, but this makes it hard to use password managers, which are a best practice and should be encouraged. Using a dedicated field for the TOTP code is much better from a user experience perspective and is simpler to handle on the server side as well.

I would also encourage you to support WebAuth if you're using a website, since this allows users to use secure and convenient methods for a second factor, like security keys (e.g., Yubikeys), Touch ID, Windows Hello, or their phone's unlock mechanism. WebAuthn, unlike TOTP, is also resistant to phishing.

bk2204
  • 7,828
  • 16
  • 15
  • Tanks for your guidance , but I saw this approach in an Enterprise Organization Used for Vpn password, they designed a application delivered TOTP and you have to append that at the end of your static section of chosen password , I was attracted to that , and now looking for some things like this , but in the end I accept and many tanks for all of your opinions – learner Mar 08 '22 at 23:29
  • Sure, I think it's a tool that some environments use, but I'd actually say it's an anti-pattern and should be avoided. It's better than not having 2FA, but it's much worse than using a regular 2FA solution. – bk2204 Mar 09 '22 at 22:18