Should 2FA secret codes be hashed for storage?

I'm working on implementing 2FA with Google Authenticator on our website. If I understand correctly every user will have their own secret code, which I will need on login to verify the 6 digit code they enter. Storing these secret codes in the same...
more »

2017-09-05 14:09 (2) Answers

Two factor registration with react and php api

What is the proper way to do two factor registration when dealing with api? 1) On frontend there is a form - email and phone - sending data to api method 2) I have an API that register user, by email and phone, generate code and send it over sms on...
more »

2017-05-05 19:05 (1) Answers