Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Two-factor authentication at GDG Riga
Search
Harri Kirik
September 01, 2017
Technology
0
72
Two-factor authentication at GDG Riga
Two-factor authentication presentation at a GDG Riga event.
Harri Kirik
September 01, 2017
Tweet
Share
More Decks by Harri Kirik
See All by Harri Kirik
Secure programming techniques: Mobile Development Security guest lecture
harri35
0
81
Support for HSM-like capabilities in Android
harri35
0
130
Why doesn't my in-app QR code work (on location)?
harri35
0
31
Git merge-base
harri35
1
71
Smoke testing your library
harri35
0
26
Collections in Kotlin
harri35
0
34
Data classes in Kotlin
harri35
0
33
How to do delegation in Kotlin
harri35
0
34
Two-factor authentication at GDG Tartu
harri35
0
55
Other Decks in Technology
See All in Technology
Autonomous Database - Dedicated 技術詳細 / adb-d_technical_detail_jp
oracle4engineer
PRO
4
10k
Oracle Base Database Service 技術詳細
oracle4engineer
PRO
10
75k
CDK CLIで使ってたあの機能、CDK Toolkit Libraryではどうやるの?
smt7174
4
190
「どこから読む?」コードとカルチャーに最速で馴染むための実践ガイド
zozotech
PRO
0
520
AI開発ツールCreateがAnythingになったよ
tendasato
0
130
20250913_JAWS_sysad_kobe
takuyay0ne
2
230
ブロックテーマ時代における、テーマの CSS について考える Toro_Unit / 2025.09.13 @ Shinshu WordPress Meetup
torounit
0
130
新規プロダクトでプロトタイプから正式リリースまでNext.jsで開発したリアル
kawanoriku0
1
160
2025年になってもまだMySQLが好き
yoku0825
8
4.8k
株式会社ログラス - 会社説明資料【エンジニア】/ Loglass Engineer
loglass2019
4
65k
Rustから学ぶ 非同期処理の仕組み
skanehira
1
140
AWSで始める実践Dagster入門
kitagawaz
1
680
Featured
See All Featured
Scaling GitHub
holman
463
140k
Bash Introduction
62gerente
615
210k
Statistics for Hackers
jakevdp
799
220k
The Power of CSS Pseudo Elements
geoffreycrofte
77
6k
Build your cross-platform service in a week with App Engine
jlugia
231
18k
Unsuck your backbone
ammeep
671
58k
Making Projects Easy
brettharned
117
6.4k
Speed Design
sergeychernyshev
32
1.1k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
113
20k
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
31
2.5k
Large-scale JavaScript Application Architecture
addyosmani
513
110k
StorybookのUI Testing Handbookを読んだ
zakiyama
31
6.1k
Transcript
Two-factor authentication GDG Riga, 1st of Sept’17 Harri Kirik, Android
Developer http://lab.mobi
designing & developing for mobile What? Why? How?
designing & developing for mobile What?
designing & developing for mobile Multi-factor authentication (MFA)
designing & developing for mobile Factors of authentication ➔ Knowledge
factors ➔ Posession factors ➔ Inheritance factors
designing & developing for mobile Knowledge factors ➔ Pin ➔
Password ➔ Passphrase ➔ Shape ➔ Hidden compartment ➔ “Secret” question
designing & developing for mobile Posession factors ➔ Key ➔
Code card ➔ Pin generator / calculator ➔ Id card ➔ USB stick based token ➔ Your phone
designing & developing for mobile Inheritance factors ➔ Fingerprints ➔
Retinal scans ➔ Voice ➔ Text typing patterns ➔ Your guard dog
designing & developing for mobile Multi-factor authentication, using ➔ Knowledge
factors ➔ Posession factors ➔ Inheritance factors
designing & developing for mobile Two-factor authentication (2FA)
designing & developing for mobile 2FA - You’ve done it!
➔ Taking money out of the ATM ➔ Accessing banks via web page ➔ Adding a “secret lock” to your car ➔ Getting past your dog
designing & developing for mobile Why?
designing & developing for mobile Extra security
designing & developing for mobile Breach detection
designing & developing for mobile It is easy enough
designing & developing for mobile How?
designing & developing for mobile Use your phone
designing & developing for mobile How, technically?
designing & developing for mobile Use a code, which is
➔ Valid only for one time use ➔ Specific for every use ➔ Human readable ➔ Simple to enter ➔ Nonreversible
designing & developing for mobile SMS based codes
designing & developing for mobile HMAC-based One-time Password Algorithm (HOTP,
RFC 4226)
designing & developing for mobile 1. Generate the Key (once)
2. Calculate Hash = HMAC-SHA-1(Key, Counter); 3. Make it “human-usable” HOTP value = Truncate(Hash)
designing & developing for mobile PS: No need to build
it yourself
designing & developing for mobile “Authenticator” apps
designing & developing for mobile Time-based One-time Password Algorithm (TOTP,
RFC 6238)
designing & developing for mobile 1. Generate and share the
Key (once) 2. Calculate Counter = (Current time - Epoch) / Step 3. Use HOTP TOTP value = HOTP(Key, Counter)
designing & developing for mobile Use one of many multi-account
2fA apps
designing & developing for mobile Uh, all those codes ..
designing & developing for mobile Can I do with less
work?
designing & developing for mobile Device prompts (Google, Valve)
designing & developing for mobile Is this secure?
designing & developing for mobile Which one should I use?
designing & developing for mobile Doesn’t matter. Just use 2FA!
Thank you! Questions? Harri Kirik, Android Developer
[email protected]
http://lab.mobi https://www.facebook.com/lab.mobi