Menu
Currently i'm trying to implement a device two factor authentication in which every time a user logs in, if that device wasn't recognized with the user the user will have to perform some sort of two factor authentication.
Currently i'm using System.Web.HttpBrowserCapabilities however, this is becoming a huge inconvenience because of automatic browser upgrades. I'm curious if someone has a better method or any suggestions.
Thanks!
467
asked Oct 26 '25 04:10
Use a device cookie
It says "this user has successfully authenticated on this user agent in the past"
You probably want to include their username (or user id), a timestamp, and a random value (a nonce), and an HMAC of this info
Make sure this cookie is marked "secure" (HTTPS only) and "HttpOnly" (cannot be read by JavaScript)
105
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
