In today’s digital world, security is not optional—it’s a necessity. A simple username and password login system is no longer enough. Hackers can easily steal or guess weak passwords.
To solve this, developers use Two-Factor Authentication (2FA). In this blog, we’ll see how to implement Google Authenticator in a CodeIgniter (CI) application in a simple and user-friendly way.
📌 What is Google Authenticator?
Google Authenticator is a free mobile app available on Android and iOS. It generates a 6-digit OTP (One Time Password) that changes every 30 seconds.
When you integrate it into your CodeIgniter project:
- The user enters their username.
- Instead of a password, they enter the OTP from Google Authenticator.
- If the OTP matches, login is successful.
👉 This makes login faster, safer, and easier for users.
🛠 Step 1: Install Google Authenticator Library
1. Go to this repository: ci-google-authenticator
2. Download the file:
application/libraries/GoogleAuthenticator.php 3. Place it in your CodeIgniter project under:
/application/libraries/GoogleAuthenticator.php 4. Load it in your controller:
$this->load->library('GoogleAuthenticator');
🛠 Step 2: Generate a Secret Key & QR Code
When a user registers for the first time, generate a secret key and QR code for their account. They will scan it in the Google Authenticator app.
Controller Example:
class Login extends CI_Controller {
public function setup_authenticator() {
$ga = new PHPGangsta_GoogleAuthenticator();
// Generate secret key
$secret = $ga->createSecret();
// Generate QR Code
$qrCodeUrl = $ga->getQRCodeGoogleUrl('MyCompanyApp', $secret);
// Save secret key in database for the user
$this->db->set('ga_secret', $secret)
->where('id', $this->session->userdata('user_id'))
->update('users');
// Pass QR code to view
$data['qrCodeUrl'] = $qrCodeUrl;
$this->load->view('authenticator_setup', $data);
}
} 👉 The user scans this QR code in their Google Authenticator app and starts generating OTPs.
🛠 Step 3: Verify OTP During Login
Controller Example:
public function verify_login() {
$ga = new PHPGangsta_GoogleAuthenticator();
$username = $this->input->post('username');
$otp = $this->input->post('otp');
// Fetch user by username
$user = $this->db->get_where('users', ['username' => $username])->row();
if (!$user) {
$this->session->set_flashdata('error', 'Invalid Username');
redirect('login');
}
$secret = $user->ga_secret;
// Verify OTP
$checkResult = $ga->verifyCode($secret, $otp, 2);
if ($checkResult) {
// OTP correct → Login success
$this->session->set_userdata('user_id', $user->id);
redirect('dashboard');
} else {
// OTP incorrect
$this->session->set_flashdata('error', 'Invalid OTP. Try again.');
redirect('login');
}
}
🛠 Step 4: Create a Simple Login Form
<form action="<?= base_url('login/verify_login') ?>" method="post">
<label for="username">Username</label>
<input type="text" name="username" required>
<label for="otp">Authenticator OTP</label>
<input type="text" name="otp" required>
<button type="submit">Login</button>
</form>
✅ Why Use Google Authenticator in CodeIgniter?
- Stronger Security – Protects user accounts even if passwords are leaked.
- No Extra Cost – Free mobile app, no SMS charges.
- User Friendly – Just enter username + OTP, no password required.
- SEO Benefit – Adding 2FA increases trust for your web application and brand.
🎯 Conclusion
By integrating Google Authenticator 2FA directly with username + OTP login, you can make your CodeIgniter application:
- More secure,
- More user-friendly,
- And more professional.
