Pointer for two-factor authentication
Hi spring-security users :-)
can someone give some pointers for doing 2-factor authentication ?
The workflow will be that a user will provide username+password, then will be redirected to a second form where he needs to put in a temporary one-time password which was just sent to him/her by email or sms.
Only after that 2nd password was provided correctly, the user can go on and is fully authenticated.
Additionally I would like to have step 2 only happen once a month or every 10th login attempt (based on data from the db), or when using a new computer/browser (cookie based).
I understand that spring web flow could be helpful but I need some pointers or examples on how to get started.
Thanks in advance for any help!