Current section: Enable Two-Factor Authentication (2FA) 5 exercises

Testing the Two-Factor Authentication Setup

Loading exercise


00:00 So, now we're going to need to actually test this out and there are a couple ways you can go about doing that. You can either pull up your phone and scan the QR code and enter the code manually there. You could pull up one password and it can scan your screen and get the one-time password

00:19 there. Or, you can just copy this. I will put this in the instructions and this will do the exact same thing. So, what we're doing is we get the generateTOTP from EpicWebTOTP and then we just paste the code right here.

00:33 So, if we take this right there, paste that right in here, and then save that, then we can open up our terminal and run OTP.js, so wherever you put that code, just run that

00:46 and it will output for you the one-time password that you can actually use to verify things. Now, this part doesn't actually work yet, so it's just going to send us back here. So, that's your job. You're supposed to actually verify that the code is valid and then on top of that, once

01:02 you've verified that it's valid, you're going to change it from the 2FA verify verification type to just a regular 2FA verification type. So, now it's active and the user now will eventually require them to enter that two-factor

01:19 authentication code when they're logging in or doing the highly sensitive operations. And so, once they've verified that they can in fact enter valid codes, then we swap it over to the regular 2FA verification type and we need to update the loader for this

01:37 to determine whether or not the user has 2FA enabled. And we also want to do that on the profile page as well, so that we can say, hey, you've got it enabled and give them a way to disable it, which we will also do later. So, you've got a couple of places where you need to make some updates and that is going

01:56 to be a really fun time for you. I think that, yeah, you'll probably want this. So, just grab this from the instructions, stick it in a file somewhere so that you can generate one-time passwords with the URI that you're given.