TaCode Tuesdays: How to Set-Up Two-Factor Authentication on Android (Part 1)

Posted by Alex Misevski on September 6, 2016

tacode-tues-blog-wk11

Welcome back to TaCode Tuesdays! This is the only place you can find snippets of code for use in your very own text/voice apps, along with a weekly dose of taco puns. I’m a developer here at Zang and not only am I a big fan of tacos (if that wasn’t already apparent), I’m also a fan of open source. My goal is to share a new app idea each week that you're free to use “as is” or modify and use as the basis for your next app.

Last week, we outlined a free voicemail app—you can check that out here, and as always, if you’d like to learn how to get started on Zang, take a look at our very first post.

This week I’m going to kick off a 2-part article that'll walk through how to create a two-factor autentication (2FA) app for Android. I'll set the stage in this post and then follow up with the code next week. Anyways, let's skip our taco tip for the week and get straight into some background on just what a 2FA app is, what you'll need to start making one, and why you need to start building one today!

Internet breaches are steadily increasing. According to Symantec’s recent Internet Security Report, there was a 2 percent increase in internet breaches in 2015, leading to over nine million identities being exposed to online vulnerabilities. To prevent this, applications are moving away from single-factor password-based authentication and are starting to adopt two-factor authentication technologies.

Two-factor authentication is a user-driven security process in which, instead of asking for a password alone, the application will undertake two steps to verify the user’s identity: their already existing password and a code sent directly to their mobile phones.

Implementing two step-verification has become imperative not only to websites but also to mobile applications, particularly Android. The same Symantec study revealed that there was a 214% increase in new mobile vulnerabilities year over year, with almost 4,000 new malware variants introduced in 2015. Due to this, mobile authentication must be a priority in every Android application architecture.

There are generally two ways in which you can implement two-factor authentication in Android. The first option is to use an already existing software development kit (SDK) such as Symantec, SafeNet, RSA, or Entrust. The more cost-effective option is to use one-time password (OTP) tokens or out-of-band (OOB) authentication methods.

If you’re starting with two-step verification, it’s wise to use OTPs and OOBs and scale up in the future once your market demands for it. To effectively implement this in Android applications, there are a few pre-requisites:

  1. You should have beginner-to-intermediate level experience with Android development.
  2. Android Studio should be installed.
  3. You should have experience with Android REST API connectivity.
  4. You should have a subscription to a VOIP provider, such as Zang.
  5. Zang Account SID and Auth Token; these will be provided on your Zang dashboard.

Once you’re done with the preliminaries, it’s time to start the two-step authentication set-up.

Step 1: Verify that you’re able to establish a successful connection with Zang

To authenticate the access to Zang REST resources, you’ll need to either use an HTTP client library such as a CURL or HTTP basic authorization.

For example: https://{AccountSid}:{AuthToken}@api.zang.io/

If your authentication request is successful, you should get the below response for requesting connectivity with the Zang platform using the authentication credentials provided after registration. Note: A Google Chrome developer extension named DHC was used to take the screenshot below.

2FA_image.png

Step 2: Use the Android Volley Library to establish REST API call with Zang

The Android Volley Library enables you to efficiently call the Zang API in Android. Released by Google at I/O 2013, it claims to be 10 times faster in performing network requests and remote image loading than its counterparts. To implement, clone the Volley repository and set it as a library project.

Git clone the repository through this code:

git clone https://android.googlesource.com/platform/frameworks/volley

After this, import the downloaded source into your app project as an Android library module.

Step 3: Create your basic OTP code by creating a new instance of the class Random();

int min = 1;
int max = 6;
 
Random r = new Random();
int OtpCode = r.nextInt(max - min + 1) + min;
 

Step 4: Concatenate (or Link) your OTP Code with the body of your message.

String OtpMessageString = "The value of your OTP Code is: " + String.valueOf(OtpCode);

Once you’re done with Step 4, you’re ready to send your OTP.

And I'll talk about Step 4 in our next post, when I cover the rest of our 2FA app in next week's TaCode Tuesday.

Well, that’s it for this week! If you have any thoughts about the app or just want to share your own taco-related thoughts, you can comment below. If you want a reminder, sign up to get notifications of new blog posts.

Topics: Communication Apps, Ideas, TaCode Tuesday, cPaaS

IMAGINE IT. BUILD IT.

Communicate better. 

Cloud communication technology that transforms your conversations — and your business.

 

Subscribe to Email Updates