How to Build a 2FA Application in Python

It’s easier than you might think to add two-factor authentication (2FA) to your applications.

The secret is to use APIs provided by a cloud communications platform like Plivo.

Sometimes the best way to learn how to code something is by looking at an example, so we’ve created a sample application on GitHub.

To use it, you need a Plivo account; you can sign up for free and get enough free credits to lease a phone number with which to send or receive messages and build some starter applications.

If this is your first time using Plivo APIs, Plivo’s documentation provides instructions on how to set up a Python development environment, including installing the Plivo Python SDK, setting up a Flask server, and installing ngrok, which exposes local servers running behind NATs and firewalls to the public internet over secure tunnels.

The sample application uses Redis, an in-memory key–value database, cache, and message broker.

If it’s not already running (or installed), type redis-server in a terminal window to start it.

Once you have the prerequisites out of the way, use git to clone the repository for the sample application into its own directory, or you can just view it on GitHub.

Install the sample application’s dependencies using the included requirements.txt file by running pip install -r requirements.txt in the application directory.

Edit config.py and change a few items.

Replace the auth placeholders with your authentication credentials from the Plivo console.

• Replace the phone number placeholder with an actual phone number in E.164 format (for example, +12025551234). Use your own Plivo number so you can test the code easily.

  
  

• Replace the PHLO ID with an empty string, since we’re doing our 2FA solely using code.

A Look at the Code

The application runs under the Flask framework. The file twofactor.py defines a function that uses the Time-Based OTP algorithm to generate a random six-digit one-time password (OTP), and other functions that send the OTP to the specified destination number.

The file routes.py uses the functions to generate an OTP, send it out, and verify the user’s entry.

When you’re ready to see it in action, Plivo’s Postman collection can help you test your code.

Simple and Reliable

Our simple APIs work in tandem with our comprehensive global network. Plivo’s premium direct routes guarantee highest possible delivery rates and the shortest possible delivery times for your 2FA SMS and voice messages. See for yourself — sign up for a free trial account.