Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Two-factor authentication at GDG Riga
Search
Harri Kirik
September 01, 2017
Technology
0
72
Two-factor authentication at GDG Riga
Two-factor authentication presentation at a GDG Riga event.
Harri Kirik
September 01, 2017
Tweet
Share
More Decks by Harri Kirik
See All by Harri Kirik
Secure programming techniques: Mobile Development Security guest lecture
harri35
0
81
Support for HSM-like capabilities in Android
harri35
0
130
Why doesn't my in-app QR code work (on location)?
harri35
0
31
Git merge-base
harri35
1
71
Smoke testing your library
harri35
0
26
Collections in Kotlin
harri35
0
34
Data classes in Kotlin
harri35
0
33
How to do delegation in Kotlin
harri35
0
34
Two-factor authentication at GDG Tartu
harri35
0
55
Other Decks in Technology
See All in Technology
Behind Postgres 18: The People, the Code, & the Invisible Work | Claire Giordano | PGConfEU 2025
clairegiordano
0
150
20251029_Cursor Meetup Tokyo #02_MK_「あなたのAI、私のシェル」 - プロンプトインジェクションによるエージェントのハイジャック
mk0721
PRO
5
2k
コンパウンド組織のCRE #cre_meetup
layerx
PRO
1
290
プロダクト開発と社内データ活用での、BI×AIの現在地 / Data_Findy
sansan_randd
1
630
プレイドのユニークな技術とインターンのリアル
plaidtech
PRO
1
500
CNCFの視点で捉えるPlatform Engineering - 最新動向と展望 / Platform Engineering from the CNCF Perspective
hhiroshell
0
140
現場の壁を乗り越えて、 「計装注入」が拓く オブザーバビリティ / Beyond the Field Barriers: Instrumentation Injection and the Future of Observability
aoto
PRO
1
690
オブザーバビリティが育むシステム理解と好奇心
maruloop
3
1.6k
webpack依存からの脱却!快適フロントエンド開発をViteで実現する #vuefes
bengo4com
4
3.7k
AWS DMS で SQL Server を移行してみた/aws-dms-sql-server-migration
emiki
0
260
AI時代の発信活動 ~技術者として認知してもらうための発信法~ / 20251028 Masaki Okuda
shift_evolve
PRO
1
120
Dify on AWS 環境構築手順
yosse95ai
0
170
Featured
See All Featured
The Straight Up "How To Draw Better" Workshop
denniskardys
239
140k
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
48
9.7k
Building a Modern Day E-commerce SEO Strategy
aleyda
44
7.9k
Large-scale JavaScript Application Architecture
addyosmani
514
110k
Intergalactic Javascript Robots from Outer Space
tanoku
272
27k
Code Reviewing Like a Champion
maltzj
526
40k
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
tammyeverts
10
620
Keith and Marios Guide to Fast Websites
keithpitt
411
23k
No one is an island. Learnings from fostering a developers community.
thoeni
21
3.5k
How To Stay Up To Date on Web Technology
chriscoyier
791
250k
Building a Scalable Design System with Sketch
lauravandoore
463
33k
Building Flexible Design Systems
yeseniaperezcruz
329
39k
Transcript
Two-factor authentication GDG Riga, 1st of Sept’17 Harri Kirik, Android
Developer http://lab.mobi
designing & developing for mobile What? Why? How?
designing & developing for mobile What?
designing & developing for mobile Multi-factor authentication (MFA)
designing & developing for mobile Factors of authentication ➔ Knowledge
factors ➔ Posession factors ➔ Inheritance factors
designing & developing for mobile Knowledge factors ➔ Pin ➔
Password ➔ Passphrase ➔ Shape ➔ Hidden compartment ➔ “Secret” question
designing & developing for mobile Posession factors ➔ Key ➔
Code card ➔ Pin generator / calculator ➔ Id card ➔ USB stick based token ➔ Your phone
designing & developing for mobile Inheritance factors ➔ Fingerprints ➔
Retinal scans ➔ Voice ➔ Text typing patterns ➔ Your guard dog
designing & developing for mobile Multi-factor authentication, using ➔ Knowledge
factors ➔ Posession factors ➔ Inheritance factors
designing & developing for mobile Two-factor authentication (2FA)
designing & developing for mobile 2FA - You’ve done it!
➔ Taking money out of the ATM ➔ Accessing banks via web page ➔ Adding a “secret lock” to your car ➔ Getting past your dog
designing & developing for mobile Why?
designing & developing for mobile Extra security
designing & developing for mobile Breach detection
designing & developing for mobile It is easy enough
designing & developing for mobile How?
designing & developing for mobile Use your phone
designing & developing for mobile How, technically?
designing & developing for mobile Use a code, which is
➔ Valid only for one time use ➔ Specific for every use ➔ Human readable ➔ Simple to enter ➔ Nonreversible
designing & developing for mobile SMS based codes
designing & developing for mobile HMAC-based One-time Password Algorithm (HOTP,
RFC 4226)
designing & developing for mobile 1. Generate the Key (once)
2. Calculate Hash = HMAC-SHA-1(Key, Counter); 3. Make it “human-usable” HOTP value = Truncate(Hash)
designing & developing for mobile PS: No need to build
it yourself
designing & developing for mobile “Authenticator” apps
designing & developing for mobile Time-based One-time Password Algorithm (TOTP,
RFC 6238)
designing & developing for mobile 1. Generate and share the
Key (once) 2. Calculate Counter = (Current time - Epoch) / Step 3. Use HOTP TOTP value = HOTP(Key, Counter)
designing & developing for mobile Use one of many multi-account
2fA apps
designing & developing for mobile Uh, all those codes ..
designing & developing for mobile Can I do with less
work?
designing & developing for mobile Device prompts (Google, Valve)
designing & developing for mobile Is this secure?
designing & developing for mobile Which one should I use?
designing & developing for mobile Doesn’t matter. Just use 2FA!
Thank you! Questions? Harri Kirik, Android Developer
[email protected]
http://lab.mobi https://www.facebook.com/lab.mobi
harri35
clairegiordano
mk0721
layerx
sansan_randd
plaidtech
hhiroshell
aoto
maruloop
bengo4com
emiki
shift_evolve
yosse95ai
denniskardys
mongodb
aleyda
addyosmani
tanoku
maltzj
tammyeverts
keithpitt
thoeni
chriscoyier
lauravandoore
yeseniaperezcruz
![Thank you! Questions? Harri Kirik, Android Developer [email protected] http://lab.mobi https://www.facebook.com/lab.mobi](https://files.speakerdeck.com/presentations/658dd4b3742d4886a063acf4d4603f62/slide_33.jpg){kind=link}