Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Two-factor authentication at GDG Riga
Search
Harri Kirik
September 01, 2017
Technology
0
71
Two-factor authentication at GDG Riga
Two-factor authentication presentation at a GDG Riga event.
Harri Kirik
September 01, 2017
Tweet
Share
More Decks by Harri Kirik
See All by Harri Kirik
Secure programming techniques: Mobile Development Security guest lecture
harri35
0
79
Support for HSM-like capabilities in Android
harri35
0
130
Why doesn't my in-app QR code work (on location)?
harri35
0
28
Git merge-base
harri35
1
70
Smoke testing your library
harri35
0
25
Collections in Kotlin
harri35
0
33
Data classes in Kotlin
harri35
0
31
How to do delegation in Kotlin
harri35
0
32
Two-factor authentication at GDG Tartu
harri35
0
53
Other Decks in Technology
See All in Technology
LLM時代の検索とコンテキストエンジニアリング
shibuiwilliam
2
1.1k
そのコンポーネント、サーバー?クライアント?App Router開発のモヤモヤを可視化する補助輪
makotot
3
220
あなたの知らない OneDrive
murachiakira
0
230
[OCI Skill Mapping] AWSユーザーのためのOCI(2025年8月20日開催)
oracle4engineer
PRO
2
110
Amazon Bedrock AgentCore でプロモーション用動画生成エージェントを開発する
nasuvitz
6
370
第64回コンピュータビジョン勉強会@関東(後編)
tsukamotokenji
0
220
人を動かすことについて考える
ichimichi
2
300
AIとTDDによるNext.js「隙間ツール」開発の実践
makotot
4
130
ウォンテッドリーのアラート設計と Datadog 移行での知見
donkomura
0
300
OpenAPIから画面生成に挑戦した話
koinunopochi
0
130
広島銀行におけるAWS活用の取り組みについて
masakimori
0
110
キャリアを支え組織力を高める「多層型ふりかえり」 / 20250821 Kazuki Mori
shift_evolve
PRO
2
280
Featured
See All Featured
Testing 201, or: Great Expectations
jmmastey
45
7.6k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
110
20k
Practical Orchestrator
shlominoach
190
11k
I Don’t Have Time: Getting Over the Fear to Launch Your Podcast
jcasabona
33
2.4k
Fashionably flexible responsive web design (full day workshop)
malarkey
407
66k
Java REST API Framework Comparison - PWX 2021
mraible
33
8.8k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
333
22k
Navigating Team Friction
lara
188
15k
Save Time (by Creating Custom Rails Generators)
garrettdimon
PRO
32
1.4k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
53k
Dealing with People You Can't Stand - Big Design 2015
cassininazir
367
26k
A Modern Web Designer's Workflow
chriscoyier
695
190k
Transcript
Two-factor authentication GDG Riga, 1st of Sept’17 Harri Kirik, Android
Developer http://lab.mobi
designing & developing for mobile What? Why? How?
designing & developing for mobile What?
designing & developing for mobile Multi-factor authentication (MFA)
designing & developing for mobile Factors of authentication ➔ Knowledge
factors ➔ Posession factors ➔ Inheritance factors
designing & developing for mobile Knowledge factors ➔ Pin ➔
Password ➔ Passphrase ➔ Shape ➔ Hidden compartment ➔ “Secret” question
designing & developing for mobile Posession factors ➔ Key ➔
Code card ➔ Pin generator / calculator ➔ Id card ➔ USB stick based token ➔ Your phone
designing & developing for mobile Inheritance factors ➔ Fingerprints ➔
Retinal scans ➔ Voice ➔ Text typing patterns ➔ Your guard dog
designing & developing for mobile Multi-factor authentication, using ➔ Knowledge
factors ➔ Posession factors ➔ Inheritance factors
designing & developing for mobile Two-factor authentication (2FA)
designing & developing for mobile 2FA - You’ve done it!
➔ Taking money out of the ATM ➔ Accessing banks via web page ➔ Adding a “secret lock” to your car ➔ Getting past your dog
designing & developing for mobile Why?
designing & developing for mobile Extra security
designing & developing for mobile Breach detection
designing & developing for mobile It is easy enough
designing & developing for mobile How?
designing & developing for mobile Use your phone
designing & developing for mobile How, technically?
designing & developing for mobile Use a code, which is
➔ Valid only for one time use ➔ Specific for every use ➔ Human readable ➔ Simple to enter ➔ Nonreversible
designing & developing for mobile SMS based codes
designing & developing for mobile HMAC-based One-time Password Algorithm (HOTP,
RFC 4226)
designing & developing for mobile 1. Generate the Key (once)
2. Calculate Hash = HMAC-SHA-1(Key, Counter); 3. Make it “human-usable” HOTP value = Truncate(Hash)
designing & developing for mobile PS: No need to build
it yourself
designing & developing for mobile “Authenticator” apps
designing & developing for mobile Time-based One-time Password Algorithm (TOTP,
RFC 6238)
designing & developing for mobile 1. Generate and share the
Key (once) 2. Calculate Counter = (Current time - Epoch) / Step 3. Use HOTP TOTP value = HOTP(Key, Counter)
designing & developing for mobile Use one of many multi-account
2fA apps
designing & developing for mobile Uh, all those codes ..
designing & developing for mobile Can I do with less
work?
designing & developing for mobile Device prompts (Google, Valve)
designing & developing for mobile Is this secure?
designing & developing for mobile Which one should I use?
designing & developing for mobile Doesn’t matter. Just use 2FA!
Thank you! Questions? Harri Kirik, Android Developer
[email protected]
http://lab.mobi https://www.facebook.com/lab.mobi
harri35
shibuiwilliam
makotot
murachiakira
oracle4engineer
nasuvitz
tsukamotokenji
ichimichi
donkomura
.jpeg){kind=avatar}
koinunopochi
![Avatar for Masaki Mori[JAWS-UG広島]](https://secure.gravatar.com/avatar/17bd9feb58eff0e71010ccd4719ddf4a?s=24){kind=avatar}
masakimori
shift_evolve
jmmastey
panda_program
shlominoach
jcasabona
malarkey
mraible
caitiem20
lara
garrettdimon
destraynor
cassininazir
chriscoyier
![Thank you! Questions? Harri Kirik, Android Developer [email protected] http://lab.mobi https://www.facebook.com/lab.mobi](https://files.speakerdeck.com/presentations/658dd4b3742d4886a063acf4d4603f62/slide_33.jpg){kind=link}