Yesterday someone asked me how I would go about adding two step authentication to a rails app. They didn’t want a system that would send out a short lived shared secret, so didn’t need the complication of something like active_model_otp. They just wanted to be able to ask the user for some additional information (for example, the first and third characters of their national insurance number).
My solution was this:
As I think others may find it useful, I thought I’d share it here.