Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Two-factor authentication

Two-factor authentication

Talk given at Montreal Ruby in March 2013.

Synopsis of the talk:

Following the recent Rails vulnerabilities we all know that keeping our dependencies up-to-date is important. What is equally important is providing our users with ways of securing their accounts. We’ll look at how two-factor authentication works, a way of implementing it and how to leverage the Google Authenticator mobile app.

Christian Joudrey

March 19, 2013

More Decks by Christian Joudrey

Other Decks in Programming


  1. totp.now # => 281918 sleep 30 totp.verify(281918) # => false

    totp.verify_with_drift(281918, 30) # => true
  2. class User < ActiveRecord::Base # ... before_create :set_auth_secret private def

    set_auth_secret self.auth_secret = ROTP::Base32.random_base32 end end
  3. class AdminController < ApplicationController # ... before_filter :authenticate_user! before_filter :validate_client

    private def validate_client # ... client_id = cookies.signed[:client_id] || SecureRandom.uuid # ... end end