Max Maischein > Auth-GoogleAuthenticator-0.03 > Auth::GoogleAuthenticator

Download:
Auth-GoogleAuthenticator-0.03.tar.gz

Dependencies

Annotate this POD

CPAN RT

Open  0
View/Report Bugs
Module Version: 0.03   Source  

WORKFLOW ^

PASSWORD STORAGE ^

The password should be stored as a hash.

The shared authenticator secret needs to be stored as plaintext.

RECOVERY ^

As phones tend to get lost, the recovery passphrases become important. They also are password equivalent. So, my recommendation is to store the recovery passphrases only as hashes, just like you store passwords.

COMPATIBILITY ^

At least on iDevices, using < or > made registering the generated accounts through QRcodes fail. The QRcodes work with Android devices.

SEE ALSO ^

TOTP: Time-Based One-Time Password Algorithm

http://tools.ietf.org/html/rfc6238

syntax highlighting: