loading...
Cover image for How to Build 2 Factor Auth for Home Wi-Fi?

How to Build 2 Factor Auth for Home Wi-Fi?

vinayhegde1990 profile image Vinay Hegde Updated on ・2 min read

Since we use the Internet 24x7x365 nowadays, it occurred to me very few of us are keen to invest time in our ubiquitous router's security or tweaking it to be more optimum. This stems from the fact that most of current OEMs often provide cryptic features that we setup once & forget when it's required again.

From what I've found out, firmware like DD-WRT, OpenWRT, VyOS, Tomato, PfSense do exist to bridge that gap but they have a very steep learning curve which places too much dependency on the person who masters it.

I also recently discovered that all home/enterprise Wi-Fi devices are potentially susceptible to being broken due to the WPA2 vulnerability so I'm looking to implement 2 Factor Authentication & below are my requirements:

Hardware:

A regular router with RJ-45 WAN input 4 RJ-45 LAN ports and Wi-Fi 802.11 b/g/n/ac capabilities within a decent budget within $100.

Software:

  1. Linux OS having a web-UI / CLI to view traffic statistics, track & manage users, logging, bandwidth tracking / throttling.
  2. Ability to add customized plugins in (Python, Go, Ruby or Shell).
  3. Easy to understand documentation in case of problems.
  4. Any external application (again open source) for 2-Factor Authentication via SMS.

Process Flow for 2 Factor Authentication:

  1. People use their smartphones or other mobile devices to pair up with my Wi-Fi and enter the password (standard method, no RADIUS or Active Directory involved here)
  2. They see a Splash page to input their mobile number (like the public Wi-Fi hotspots, e.g: Google RailWire Wi-Fi in India)
  3. Then they enter their mobile number that my router will store along with possibly the MAC ID & few key details of the mobile device.
  4. My router will now send an OTP via SMS to the number provided above.
  5. People use the OTP to connect to my Wi-Fi post which router authenticates to gives them access.
  6. Router then tracks usage of that MAC ID as long connection persists.
  7. If connection breaks, user has to re-authenticate using step 2 β†’ step 5

Could anyone please share any information about a system that allows to implement all of the above?

Posted on Jul 24 '18 by:

vinayhegde1990 profile

Vinay Hegde

@vinayhegde1990

Site Reliability Engineer with 5+ years of experience. Otherwise an avid artist, reader, cinephile & football fan. Looking forward to connecting with everyone :)

Discussion

markdown guide