When we originally introduced two factor authentication there weren’t a whole lot of options available to produce one-time-passwords. Since that time a number of applications have popped up for Andriod, Blackberry, and iOS devices. Chief among those is the Google Authenticator.

Using your Google Authenticator with Blesta is pretty straight forward, but requires a little manipulation to get the key in the correct format. Blesta expects TOTP keys to be in hexadecimal format (base16), but Google Authenticator uses base32. So we have to convert our Google Authenticator keys into hexadecimal before storing in Blesta.

There are a number of online utilities to perform this operation. Here’s one: http://www.darkfader.net/toolbox/convert/.

As an example, “PEHMPSDNLXIOG65U” (in base32) becomes “790ec7c86d5dd0e37bb4″ in hexadecimal. Simply select Time-based One Time Password as the two factor authentication method in Blesta then enter the converted (hexdecimal) value and you’re good to go.

You can download the Google Authenticator from the iOS app store, or Android Marketplace.