Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Two-factor authentication at GDG Riga
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Harri Kirik
September 01, 2017
Technology
0
74
Two-factor authentication at GDG Riga
Two-factor authentication presentation at a GDG Riga event.
Harri Kirik
September 01, 2017
Tweet
Share
More Decks by Harri Kirik
See All by Harri Kirik
Secure programming techniques: Mobile Development Security guest lecture
harri35
0
83
Support for HSM-like capabilities in Android
harri35
0
140
Why doesn't my in-app QR code work (on location)?
harri35
0
33
Git merge-base
harri35
1
73
Smoke testing your library
harri35
0
28
Collections in Kotlin
harri35
0
36
Data classes in Kotlin
harri35
0
34
How to do delegation in Kotlin
harri35
0
37
Two-factor authentication at GDG Tartu
harri35
0
57
Other Decks in Technology
See All in Technology
SRE Enabling戦記 - 急成長する組織にSREを浸透させる戦いの歴史
markie1009
0
110
ブロックテーマでサイトをリニューアルした話 / 2026-01-31 Kansai WordPress Meetup
torounit
0
470
Oracle Cloud Observability and Management Platform - OCI 運用監視サービス概要 -
oracle4engineer
PRO
2
14k
名刺メーカーDevグループ 紹介資料
sansan33
PRO
0
1k
Data Hubグループ 紹介資料
sansan33
PRO
0
2.7k
OpenShiftでllm-dを動かそう!
jpishikawa
0
110
Frontier Agents (Kiro autonomous agent / AWS Security Agent / AWS DevOps Agent) の紹介
msysh
3
170
~Everything as Codeを諦めない~ 後からCDK
mu7889yoon
3
370
Tebiki Engineering Team Deck
tebiki
0
24k
プロポーザルに込める段取り八分
shoheimitani
1
270
コミュニティが変えるキャリアの地平線:コロナ禍新卒入社のエンジニアがAWSコミュニティで見つけた成長の羅針盤
kentosuzuki
0
100
フルカイテン株式会社 エンジニア向け採用資料
fullkaiten
0
10k
Featured
See All Featured
Marketing Yourself as an Engineer | Alaka | Gurzu
gurzu
0
130
The browser strikes back
jonoalderson
0
370
Speed Design
sergeychernyshev
33
1.5k
Building a A Zero-Code AI SEO Workflow
portentint
PRO
0
310
GraphQLの誤解/rethinking-graphql
sonatard
74
11k
Automating Front-end Workflow
addyosmani
1371
200k
Amusing Abliteration
ianozsvald
0
100
Chrome DevTools: State of the Union 2024 - Debugging React & Beyond
addyosmani
10
1.1k
Practical Orchestrator
shlominoach
191
11k
Chasing Engaging Ingredients in Design
codingconduct
0
110
Bootstrapping a Software Product
garrettdimon
PRO
307
120k
How Fast Is Fast Enough? [PerfNow 2025]
tammyeverts
3
450
Transcript
Two-factor authentication GDG Riga, 1st of Sept’17 Harri Kirik, Android
Developer http://lab.mobi
designing & developing for mobile What? Why? How?
designing & developing for mobile What?
designing & developing for mobile Multi-factor authentication (MFA)
designing & developing for mobile Factors of authentication ➔ Knowledge
factors ➔ Posession factors ➔ Inheritance factors
designing & developing for mobile Knowledge factors ➔ Pin ➔
Password ➔ Passphrase ➔ Shape ➔ Hidden compartment ➔ “Secret” question
designing & developing for mobile Posession factors ➔ Key ➔
Code card ➔ Pin generator / calculator ➔ Id card ➔ USB stick based token ➔ Your phone
designing & developing for mobile Inheritance factors ➔ Fingerprints ➔
Retinal scans ➔ Voice ➔ Text typing patterns ➔ Your guard dog
designing & developing for mobile Multi-factor authentication, using ➔ Knowledge
factors ➔ Posession factors ➔ Inheritance factors
designing & developing for mobile Two-factor authentication (2FA)
designing & developing for mobile 2FA - You’ve done it!
➔ Taking money out of the ATM ➔ Accessing banks via web page ➔ Adding a “secret lock” to your car ➔ Getting past your dog
designing & developing for mobile Why?
designing & developing for mobile Extra security
designing & developing for mobile Breach detection
designing & developing for mobile It is easy enough
designing & developing for mobile How?
designing & developing for mobile Use your phone
designing & developing for mobile How, technically?
designing & developing for mobile Use a code, which is
➔ Valid only for one time use ➔ Specific for every use ➔ Human readable ➔ Simple to enter ➔ Nonreversible
designing & developing for mobile SMS based codes
designing & developing for mobile HMAC-based One-time Password Algorithm (HOTP,
RFC 4226)
designing & developing for mobile 1. Generate the Key (once)
2. Calculate Hash = HMAC-SHA-1(Key, Counter); 3. Make it “human-usable” HOTP value = Truncate(Hash)
designing & developing for mobile PS: No need to build
it yourself
designing & developing for mobile “Authenticator” apps
designing & developing for mobile Time-based One-time Password Algorithm (TOTP,
RFC 6238)
designing & developing for mobile 1. Generate and share the
Key (once) 2. Calculate Counter = (Current time - Epoch) / Step 3. Use HOTP TOTP value = HOTP(Key, Counter)
designing & developing for mobile Use one of many multi-account
2fA apps
designing & developing for mobile Uh, all those codes ..
designing & developing for mobile Can I do with less
work?
designing & developing for mobile Device prompts (Google, Valve)
designing & developing for mobile Is this secure?
designing & developing for mobile Which one should I use?
designing & developing for mobile Doesn’t matter. Just use 2FA!
Thank you! Questions? Harri Kirik, Android Developer
[email protected]
http://lab.mobi https://www.facebook.com/lab.mobi
SiteGround - Reliable hosting with speed, security, and support you can count on.
harri35
markie1009
torounit
oracle4engineer
sansan33
jpishikawa
msysh
mu7889yoon
tebiki
shoheimitani
kentosuzuki
fullkaiten
gurzu
jonoalderson
sergeychernyshev
portentint
sonatard
addyosmani
ianozsvald
shlominoach
codingconduct
garrettdimon
tammyeverts
![Thank you! Questions? Harri Kirik, Android Developer [email protected] http://lab.mobi https://www.facebook.com/lab.mobi](https://files.speakerdeck.com/presentations/658dd4b3742d4886a063acf4d4603f62/slide_33.jpg){kind=link}