Adding Two-Factor Authentication(2FA) to ActiveAdmin auth in a Ruby on Rails web application

To enhance the security of a web application having a user authentication workflow, we use a security method called 2FA. It is also known as Two Factor Authentication(type of Multi-Factor Authentication). In this blog post, we will see how to implement email-based 2FA in ActiveAdmin auth of a Ruby on Rails application. In the email-based 2FA approach, when logging in with an email and password, an OTP will be sent on a registered email address. Upon entering the OTP, it will successfully authenticate and the session will be started. Also, we will see the following additional functionality and customizations

Basic Security Testing Tips

1) URL manipulation through HTTP GET methods: The tester should check if the application passes important information in the query-string. This happens when the application uses the HTTP GET method to pass information between the client and the server. The information is passed in parameters in the query-string. The tester can modify a parameter value in the query-string to check if the server accepts it. Via HTTP GET request user information is passed to server for authentication or fetching data. Attacker can manipulate every input variable passed from this GET request to server in order to get the required information