Golang : How to implement two-factor authentication?

Nowadays, having a password no longer protects your account or website been hacked. This is because password is a "something you know" and it can be shared, leaked and reuse by someone else.

To improve online security, the 2FA or better known as two-factor authentication adoption is growing worldwide because 2FA has the additional benefit of "something you have" -- such as a token( a string) -- which is unique to the person holding the token generator.

Cyber criminals(or some state sponsored crackers) will have harder time to access your account or server even with plaintext password...when the password is used together with a one time token generated by app such as Authy (https://www.authy.com/) or Google Authentication App.

To implement 2FA on your website. Basically the steps are:

  1. Create a button to let your user to enable 2FA on their own account.
  2. Generate a QR code that compliant to Authy or Google Authentication.
  3. Show the QR code and have an input prompt for the token.
  4. Have the user scan the QR code and enter the one time unique token for verification.
  5. Once the user is authenticated, mark the user's account as 2FA enabled in the database and memory.
  6. For best result, logout the user and force the user to login again with 2FA.

For step 2, see this tutorial on how to generate QR codes that are compliant with Google Authenticator App.


For step 3 to 4 :


Anything that I've missed out or suggestion to add? Leave your comment below.

References :




  See also : Golang : Generate QR codes for Google Authenticator App and fix "Cannot interpret QR code" error

By Adam Ng

IF you gain some knowledge or the information here solved your programming problem. Please consider donating to the less fortunate or some charities that you like. Apart from donation, planting trees, volunteering or reducing your carbon footprint will be great too.