Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Two-factor authentication at GDG Riga
Search
Harri Kirik
September 01, 2017
Technology
0
74
Two-factor authentication at GDG Riga
Two-factor authentication presentation at a GDG Riga event.
Harri Kirik
September 01, 2017
Tweet
Share
More Decks by Harri Kirik
See All by Harri Kirik
Secure programming techniques: Mobile Development Security guest lecture
harri35
0
83
Support for HSM-like capabilities in Android
harri35
0
140
Why doesn't my in-app QR code work (on location)?
harri35
0
33
Git merge-base
harri35
1
73
Smoke testing your library
harri35
0
28
Collections in Kotlin
harri35
0
36
Data classes in Kotlin
harri35
0
34
How to do delegation in Kotlin
harri35
0
37
Two-factor authentication at GDG Tartu
harri35
0
57
Other Decks in Technology
See All in Technology
Embedded SREの終わりを設計する 「なんとなく」から計画的な自立支援へ
sansantech
PRO
3
2.5k
コスト削減から「セキュリティと利便性」を担うプラットフォームへ
sansantech
PRO
3
1.5k
Data Hubグループ 紹介資料
sansan33
PRO
0
2.7k
M&A 後の統合をどう進めるか ─ ナレッジワーク × Poetics が実践した組織とシステムの融合
kworkdev
PRO
1
450
2026年、サーバーレスの現在地 -「制約と戦う技術」から「当たり前の実行基盤」へ- /serverless2026
slsops
2
240
Introduction to Sansan for Engineers / エンジニア向け会社紹介
sansan33
PRO
6
68k
ファインディの横断SREがTakumi byGMOと取り組む、セキュリティと開発スピードの両立
rvirus0817
1
1.4k
30万人の同時アクセスに耐えたい!新サービスの盤石なリリースを支える負荷試験 / SRE Kaigi 2026
genda
4
1.3k
量子クラウドサービスの裏側 〜Deep Dive into OQTOPUS〜
oqtopus
0
120
日本の85%が使う公共SaaSは、どう育ったのか
taketakekaho
1
190
変化するコーディングエージェントとの現実的な付き合い方 〜Cursor安定択説と、ツールに依存しない「資産」〜
empitsu
4
1.4k
ブロックテーマ、WordPress でウェブサイトをつくるということ / 2026.02.07 Gifu WordPress Meetup
torounit
0
180
Featured
See All Featured
The untapped power of vector embeddings
frankvandijk
1
1.6k
The Organizational Zoo: Understanding Human Behavior Agility Through Metaphoric Constructive Conversations (based on the works of Arthur Shelley, Ph.D)
kimpetersen
PRO
0
240
Building an army of robots
kneath
306
46k
The Illustrated Children's Guide to Kubernetes
chrisshort
51
51k
Chasing Engaging Ingredients in Design
codingconduct
0
110
Designing for humans not robots
tammielis
254
26k
Heart Work Chapter 1 - Part 1
lfama
PRO
5
35k
Have SEOs Ruined the Internet? - User Awareness of SEO in 2025
akashhashmi
0
270
職位にかかわらず全員がリーダーシップを発揮するチーム作り / Building a team where everyone can demonstrate leadership regardless of position
madoxten
57
50k
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
46
2.7k
The B2B funnel & how to create a winning content strategy
katarinadahlin
PRO
1
270
Agile Leadership in an Agile Organization
kimpetersen
PRO
0
82
Transcript
Two-factor authentication GDG Riga, 1st of Sept’17 Harri Kirik, Android
Developer http://lab.mobi
designing & developing for mobile What? Why? How?
designing & developing for mobile What?
designing & developing for mobile Multi-factor authentication (MFA)
designing & developing for mobile Factors of authentication ➔ Knowledge
factors ➔ Posession factors ➔ Inheritance factors
designing & developing for mobile Knowledge factors ➔ Pin ➔
Password ➔ Passphrase ➔ Shape ➔ Hidden compartment ➔ “Secret” question
designing & developing for mobile Posession factors ➔ Key ➔
Code card ➔ Pin generator / calculator ➔ Id card ➔ USB stick based token ➔ Your phone
designing & developing for mobile Inheritance factors ➔ Fingerprints ➔
Retinal scans ➔ Voice ➔ Text typing patterns ➔ Your guard dog
designing & developing for mobile Multi-factor authentication, using ➔ Knowledge
factors ➔ Posession factors ➔ Inheritance factors
designing & developing for mobile Two-factor authentication (2FA)
designing & developing for mobile 2FA - You’ve done it!
➔ Taking money out of the ATM ➔ Accessing banks via web page ➔ Adding a “secret lock” to your car ➔ Getting past your dog
designing & developing for mobile Why?
designing & developing for mobile Extra security
designing & developing for mobile Breach detection
designing & developing for mobile It is easy enough
designing & developing for mobile How?
designing & developing for mobile Use your phone
designing & developing for mobile How, technically?
designing & developing for mobile Use a code, which is
➔ Valid only for one time use ➔ Specific for every use ➔ Human readable ➔ Simple to enter ➔ Nonreversible
designing & developing for mobile SMS based codes
designing & developing for mobile HMAC-based One-time Password Algorithm (HOTP,
RFC 4226)
designing & developing for mobile 1. Generate the Key (once)
2. Calculate Hash = HMAC-SHA-1(Key, Counter); 3. Make it “human-usable” HOTP value = Truncate(Hash)
designing & developing for mobile PS: No need to build
it yourself
designing & developing for mobile “Authenticator” apps
designing & developing for mobile Time-based One-time Password Algorithm (TOTP,
RFC 6238)
designing & developing for mobile 1. Generate and share the
Key (once) 2. Calculate Counter = (Current time - Epoch) / Step 3. Use HOTP TOTP value = HOTP(Key, Counter)
designing & developing for mobile Use one of many multi-account
2fA apps
designing & developing for mobile Uh, all those codes ..
designing & developing for mobile Can I do with less
work?
designing & developing for mobile Device prompts (Google, Valve)
designing & developing for mobile Is this secure?
designing & developing for mobile Which one should I use?
designing & developing for mobile Doesn’t matter. Just use 2FA!
Thank you! Questions? Harri Kirik, Android Developer
[email protected]
http://lab.mobi https://www.facebook.com/lab.mobi
harri35
sansantech
sansan33
kworkdev
slsops
rvirus0817
genda
oqtopus
taketakekaho
empitsu
torounit
frankvandijk
kimpetersen
kneath
chrisshort
codingconduct
tammielis
lfama
akashhashmi
madoxten
bcantrill
katarinadahlin
![Thank you! Questions? Harri Kirik, Android Developer [email protected] http://lab.mobi https://www.facebook.com/lab.mobi](https://files.speakerdeck.com/presentations/658dd4b3742d4886a063acf4d4603f62/slide_33.jpg){kind=link}