Shulou(Shulou.com)06/02 Report--

In this issue, the editor will bring you about the virtual host how to do security authentication, the article is rich in content and professional analysis and description for you, I hope you can get something after reading this article.

In order to ensure the security of the virtual host, the administrator can choose to add two-factor security authentication. Two-factor authentication means that the certification requires evidence of two factors at the same time.

For the sake of security, many domestic websites or servers add mobile CAPTCHA to prove the identity of users when they enter their passwords.

The full name of TOTP is "time-based one-time password". It is recognized as a reliable solution and has been written into the international standard RFC6238. The steps to add it are as follows:

First, after the user turns on two-factor authentication, the server generates a key.

Second: the server prompts the user to scan the QR code (or use other means) and save the key to the user's mobile phone. In other words, the server and the user's mobile phone now have the same key.

Note that the key must be bound to the phone. Once the user changes the phone, a brand new key must be generated.

Third, when the user logs in to the virtual space, the mobile client uses this key and the current timestamp to generate a hash. The validity period is 30 seconds by default. Within the validity period, the user submits the hash to the server.

Fourth, the server also uses the key and the current timestamp to generate a hash and compare it with the hash submitted by the user. Login is refused as long as the two are inconsistent.

The advantage of two-factor authentication is that the space of the website is much more secure than simple password login. Even if the password is leaked, the account is secure as long as the phone is there. All kinds of password cracking methods are invalid for two-factor authentication.

The disadvantage is that logging in to the host is one more step, which is time-consuming and troublesome, and users will feel impatient. Moreover, it does not mean that the account is absolutely secure, and intruders can still hijack the entire conversation by stealing cookie or token.

The above is the virtual host shared by Xiaobian how to do security authentication, if you happen to have similar doubts, you might as well refer to the above analysis to understand. If you want to know more about it, you are welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.