I want to implement a two factor authentication into my Laravel app.
I want that the person, after entering username and password, get's an email with a link which he has to click to get logged in into the system.
Is two factor auth by email a bad practice or considered unsecure for some reason?
Or is it so simple to implement manually, that there are no packages for that?
I don't think it's a bad practice. But I don't really see the value of it. To keep it simple, you can just add a column to your user's table like login_token or something similar, and create a random string token when the user hits the LoginController method. You would have to override a method in one of the traits to avoid Laravel from logging the user in. Use the mail facade to send an email to the user. You can create an endpoint like: /users/login/{token} where it hits a TokenLoginController and you search for a User with that login token, and manually log them in.
I don't think it's a bad practice because it qualifies as a two-step verification process where on sign in, a user will enter their password as usual and then they'll be asked for something else to confirm their claimed identity. However, '
Hey, thank you for your evaluation of my situation, the links and the hints! Yeah, I guess I have to read about the basics of multi factor auth a little bit more and probably then I will try to implement the logic described by @wilburpowery.
Thank you both very much, this really helps me! :)
