• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

Abhishek Tanwar

I build web & mobile experiences

  • HOME
  • BLOG
  • CONTACT ME
  • DISCLAIMER & COPYRIGHTS
You are here: Home / Building Web Apps / How to enable MFA for your application in Node.JS?

How to enable MFA for your application in Node.JS?

November 1, 2020 by Abhishek Tanwar

MFA enabled secured login

Authentication needs to be more and more secure day by day. Well, that from a security point of view. From a user experience point of view remembering a password is not a requirement anymore. The application needs to be sufficient security while adapting to this new user requirement. There are multiple ways to achieve this in today’s world – SSO, 2FA, PasswordLess, Authentication link, and so on. I will try to create some content and “How To” for each of them.

This is about how to enable MFA for your application to make it more secure and have users log in with token once registered and authenticated. Guiding principles for such authentication:

  • Users of the application are registered with secured password
  • As part of registration – an MFA authentication is registered as well. There are lot of tools that provide token based authentication – Microsoft Authentication, Google Authenticator..
  • Once the user sign in, for a limited period of time – the user can login with just the token on that device without providing password. This is ensured because the user is remembering the device from where the sign in happens.

Below I am describing a quick approach to enable this on an express app created on top of Node.JS platform. This article doesn’t detail on how to create an express app.

Libraries required

To be able to achieve this we require two packages from NPM. The two packages are speakeasy and qrcode. speakeasy – handles the token management part of it and qrcode manages the generation of QRCode for easy onboarding.

Registration

Register MFA Logic

This enables a new user to register into the MFA by creating a new code based on a secret by generates a QR code that can be scanned by an authenticator app for faster onboarding. Once that is done, an entry is added to the authenticator app for this application. Post a user registration, the secret generating for the registration needs to be stored for future authentication purposes.

Login

Now post a successful login, the user can log in using the token to avoid entering any passwords for the account. This should however be controlled for a limited time and tied to a device to ensure maximum security.

Based on the login email, the secret is fetched and the token is verified to ensure that the user is authentic and MFA is ensured.

Conclusion

Security is not a requirement anymore – it’s a must. I am sure this article has given you some insights and motivation to at least tryout MFA for your next application.

Feel free to share your thoughts on the approach that you have followed for MFA for your application in the comments section.

Share this:

  • Facebook
  • X

Like this:

Like Loading...

Filed Under: Building Web Apps, Fullstack, Tips & Tricks Tagged With: express, how to implement mfa in nodejs, mfa, security

Primary Sidebar

  • Behance
  • Email
  • Facebook
  • GitHub
  • LinkedIn

Popular Posts

How To Integrate React in JSP Application
SaaS, PaaS, IaaS
XQuery highlighting in Notepad++
Standard Design Patterns – Applied to JAVA
XQDT Installation on Eclipse JUNO

Categories

  • Building APIs
  • Building Mobile Apps
  • Building Web Apps
  • Coding Challenges
  • Extensions
  • Fullstack
  • Patterns
  • Tips & Tricks
  • Uncategorized
  • VSCode

Tags

2022 vscode extensions Abstract Factory alienware amazing vscode extensions apple challenges coding coding-challenges Design Patterns dota2 dota2 items dynamic web service call dynamic webservice invocation enterprise integration express flex helpful vscode extensions how to implement mfa in nodejs increasing productivity using vscode integration pattern macro message channel message endpoint message pattern message router message translator messaging mfa offline action processing offline actions in struts pipes and filters PRG in struts react Steam struts System Emulator threads in struts utilities vscode vscode customization vscode extensions vscode productivity extensions xquery xquery 1.0 xquery design principles

Recent Posts

  • 15+ VSCode Extensions To Improve Your Productivity
  • Productivity and Quality Extensions for ReactJS in VSCode..
  • My goto VSCode plugins for 2022…
  • How to enable MFA for your application in Node.JS?
  • Structuring Express Application – How I do it?

Categories

  • Building APIs (8)
  • Building Mobile Apps (1)
  • Building Web Apps (7)
  • Coding Challenges (3)
  • Extensions (1)
  • Fullstack (6)
  • Patterns (8)
  • Tips & Tricks (41)
  • Uncategorized (43)
  • VSCode (2)

Tags

2022 vscode extensions Abstract Factory alienware amazing vscode extensions apple challenges coding coding-challenges Design Patterns dota2 dota2 items dynamic web service call dynamic webservice invocation enterprise integration express flex helpful vscode extensions how to implement mfa in nodejs increasing productivity using vscode integration pattern macro message channel message endpoint message pattern message router message translator messaging mfa offline action processing offline actions in struts pipes and filters PRG in struts react Steam struts System Emulator threads in struts utilities vscode vscode customization vscode extensions vscode productivity extensions xquery xquery 1.0 xquery design principles

Archives

  • August 2023 (1)
  • March 2022 (1)
  • February 2022 (1)
  • November 2020 (1)
  • April 2020 (2)
  • May 2019 (1)
  • April 2019 (1)
  • March 2019 (1)
  • December 2018 (1)
  • July 2018 (4)
  • June 2018 (3)
  • March 2018 (1)
  • May 2016 (1)
  • December 2015 (1)
  • May 2015 (1)
  • April 2015 (2)
  • March 2015 (1)
  • December 2014 (2)
  • November 2014 (2)
  • October 2014 (1)
  • August 2014 (2)
  • July 2014 (1)
  • April 2014 (1)
  • March 2014 (1)
  • February 2014 (2)
  • January 2014 (1)
  • December 2013 (4)
  • November 2013 (4)
  • October 2013 (3)
  • September 2013 (4)
  • August 2013 (2)
  • July 2013 (5)
  • June 2013 (9)
  • May 2013 (6)
  • April 2013 (2)
  • March 2013 (2)
  • January 2013 (1)
  • November 2012 (2)
  • HOME
  • BLOG
  • CONTACT ME
  • DISCLAIMER & COPYRIGHTS

Copyright © 2025

%d