Some applications contain sensitive information, therefore require an extra layer of security besides just username and password. There are a lot of ways to add that extra layer of security, and they all have their pros and cons. One specific and quite popular way to add an extra layer of security, is to use Two Factor Authentication (2FA).
2FA is a process in which you are requiring to provide two different methods to identify yourself. The first method is usually the username & password. The other method that we are talking about in this article, is One Time Password (OTP). The OTP can be sent in a lot of ways, such as: email, SMS, etc. One of those ways is the Google Authenticator application.
The Google Authenticator application is a mobile app that you install on your mobile device. Once you registered your web/mobile app to use the Google 2FA, you will be asked to provide the username & password. Then, an OTP will be generated for you in the Authenticator app and you will have to copy and paste it in the OTP field to complete the login process.
So, the question that arises is: How can I automate such a thing? Obviously, it was meant to be used manually to make the application much safer but still, how can I automate it? Well, there is a way to do it! 😉
The Google Authenticator app uses a time-based OTP (TOTP) that specified in IETF’s RFC 6238. This RFC 6238 algorithm generates a 6-digits password every 30 seconds. During the registration process to the Google 2FA, you are required to scan a QR code. You can also type manually a secret key instead of scanning the QR code. This secret key, using the TestProject Addon, can generate you a valid OTP that you can sign in with, simple as that!
- How to Get the Secret Key From Google 2FA
- How to Use the Google Authenticator OTP Automation Addon
- A TestProject account (It’s completely FREE!).
- An application (Web/Mobile) that requires authentication with Google Authenticator.
- Install the “Google Authenticator OTP Automation” Addon from TestProject.
How to Get the Secret Key from Google 2FA
In this section, I’m going to show you how to enable Google 2FA for your Gmail account. You can, of course, enable this service for many other applications and not only for Gmail.
1. Navigate to your Google security settings: https://myaccount.google.com/security.
2. Click on the “Security” tab:
3. Click on the 2-Step Verification:
4. Click on “GET STARTED”:
5. Enter your password:
6. Enter your phone number for the Google verification:
7. Enter the code that was sent to your phone number:
8. Click on “TURN ON”:
9. You should see that your device is verified:
10. Scroll down and click on “Authenticator app” and click on “SET UP”:
11. Choose your platform and click “NEXT”:
12. To verify that it’s you, Google asks you to type your password again. Type it and click “Next”:
13. You will get a code for your device. Type it and click “Next”:
14. Scroll down again and click on “Authenticator app” and click on “SET UP”:
15. You will see a QR Code that you need to scan with your Authenticator app with your mobile. Instead of scanning it, click on “CAN’T SCAN”:
16. You will find a key that can be used instead of the QR Code. This key will be the input for our addon to generate the OTP. Copy it and save it on your computer:
17. Before you click next, open the Authenticator app on your device and provide this key to connect it to your Gmail account.
18. Enter the key that was generated in the Authenticator app:
19. Verify yourself by providing the account password:
20. That’s it! Now, let’s see how to use the addon! ✨
How to Use the Google Authenticator OTP Automation Addon
In this section, I will demonstrate how to use the Google Authenticator OTP Addon in a real-life example. The idea is to use this Addon for generating an OTP, save this OTP in an input parameter and then, use it when we need to provide it to complete the login to our application.
1. Create a new test (it can be Web/Android/iOS):
2. To generate a new OTP, create a new step of type “Action”:
3. Click on “Select action”:
4. In the search box, type “OTP”. Then, select the action called: “Get OTP code for Google Authenticator”:
5. Now, we need to provide the secret key. Since it’s a secret key, we would like to encrypt its value so that others won’t be able to see it. We will create a new secret parameter that will store the secret key’s value. Click on the blue plus icon:
6. Click again on the blue plus icon to add a new parameter:
7. Select a name for your parameter in the “Name” field and paste the secret key value in the “Value” field. Then, make sure that the “Secret” option is checked. To finish the creation process, click on “Add”.
8. You will now be able to see the newly added parameter with the encrypted value. Click on the “V” button:
9. Now you can see that the newly created parameter is being used in the “Key” field:
10. To save the returned OTP, click on the “Select parameter” and create a new output parameter:
11. Once we execute this step, we’ll get the result OTP that we can use:
12. Now, the only thing left to do is to type this OTP parameter to the text box that requires this OTP.
In this tutorial, we’ve discussed Two Factors Authentication (2FA) and how it works. Although it’s meant to be used manually to increase the security level of your application, there’s a way to automate this process using the secret key (that is known only to you). We’ve also seen how we can use the “Google Authenticator OTP Automation” Addon in order to overcome this 2FA challenge during our tests using TestProject. Go ahead and try it yourself! 💪
For any questions or assistance, feel free to leave a comment below or contact us using one of our support channels:
- TestProject Forum
- TestProject’s in-app chat
- Email us at [email protected]
In this addon, we’ve used this great Java library to generate the OTP code based on the secret key: https://github.com/aerogear/aerogear-otp-java (Apache License 2.0).
Comments6 2 comments
1.First Point–>How to get the select platform file?
2.How to fire url like if i want to hit gmail.com then where i have to enter my username? & what about the secret key? is it my gmail password?
Thanks for reaching out!
1. What do you mean by platform file? You only need to select which platform you are going to install the Google Authenticator on.
2. Once you registered your app/website to the Google Authenticator service, you don’t need to enter anything. Each time you would like to login, the addon will calculate the OTP for you. The secret key is not your email. I’ve explained in the tutorial how to get it. Simply store it somewhere and use it with the addon whenever you need.