Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Two-factor authentication at GDG Riga
Search
Harri Kirik
September 01, 2017
Technology
0
72
Two-factor authentication at GDG Riga
Two-factor authentication presentation at a GDG Riga event.
Harri Kirik
September 01, 2017
Tweet
Share
More Decks by Harri Kirik
See All by Harri Kirik
Secure programming techniques: Mobile Development Security guest lecture
harri35
0
81
Support for HSM-like capabilities in Android
harri35
0
130
Why doesn't my in-app QR code work (on location)?
harri35
0
31
Git merge-base
harri35
1
71
Smoke testing your library
harri35
0
26
Collections in Kotlin
harri35
0
34
Data classes in Kotlin
harri35
0
33
How to do delegation in Kotlin
harri35
0
34
Two-factor authentication at GDG Tartu
harri35
0
55
Other Decks in Technology
See All in Technology
「全員プロダクトマネージャー」を実現する、Cursorによる仕様検討の自動運転
applism118
22
12k
新アイテムをどう使っていくか?みんなであーだこーだ言ってみよう / 20250911-rpi-jam-tokyo
akkiesoft
0
350
スクラムガイドに載っていないスクラムのはじめかた - チームでスクラムをはじめるときに知っておきたい勘所を集めてみました! - / How to start Scrum that is not written in the Scrum Guide 2nd
takaking22
2
200
エンジニアが主導できる組織づくり ー 製品と事業を進化させる体制へのシフト
ueokande
1
100
共有と分離 - Compose Multiplatform "本番導入" の設計指針
error96num
2
1.2k
2つのフロントエンドと状態管理
mixi_engineers
PRO
3
160
Firestore → Spanner 移行 を成功させた段階的移行プロセス
athug
1
500
2025/09/16 仕様駆動開発とAI-DLCが導くAI駆動開発の新フェーズ
masahiro_okamura
0
140
株式会社ログラス - 会社説明資料【エンジニア】/ Loglass Engineer
loglass2019
4
65k
企業の生成AIガバナンスにおけるエージェントとセキュリティ
lycorptech_jp
PRO
2
200
「どこから読む?」コードとカルチャーに最速で馴染むための実践ガイド
zozotech
PRO
0
570
Snowflake Intelligence × Document AIで“使いにくいデータ”を“使えるデータ”に
kevinrobot34
1
120
Featured
See All Featured
Templates, Plugins, & Blocks: Oh My! Creating the theme that thinks of everything
marktimemedia
31
2.5k
Understanding Cognitive Biases in Performance Measurement
bluesmoon
29
1.9k
Optimising Largest Contentful Paint
csswizardry
37
3.4k
Distributed Sagas: A Protocol for Coordinating Microservices
caitiem20
333
22k
Art, The Web, and Tiny UX
lynnandtonic
303
21k
For a Future-Friendly Web
brad_frost
180
9.9k
What’s in a name? Adding method to the madness
productmarketing
PRO
23
3.7k
The Cult of Friendly URLs
andyhume
79
6.6k
Docker and Python
trallard
46
3.6k
Six Lessons from altMBA
skipperchong
28
4k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
248
1.3M
Reflections from 52 weeks, 52 projects
jeffersonlam
352
21k
Transcript
Two-factor authentication GDG Riga, 1st of Sept’17 Harri Kirik, Android
Developer http://lab.mobi
designing & developing for mobile What? Why? How?
designing & developing for mobile What?
designing & developing for mobile Multi-factor authentication (MFA)
designing & developing for mobile Factors of authentication ➔ Knowledge
factors ➔ Posession factors ➔ Inheritance factors
designing & developing for mobile Knowledge factors ➔ Pin ➔
Password ➔ Passphrase ➔ Shape ➔ Hidden compartment ➔ “Secret” question
designing & developing for mobile Posession factors ➔ Key ➔
Code card ➔ Pin generator / calculator ➔ Id card ➔ USB stick based token ➔ Your phone
designing & developing for mobile Inheritance factors ➔ Fingerprints ➔
Retinal scans ➔ Voice ➔ Text typing patterns ➔ Your guard dog
designing & developing for mobile Multi-factor authentication, using ➔ Knowledge
factors ➔ Posession factors ➔ Inheritance factors
designing & developing for mobile Two-factor authentication (2FA)
designing & developing for mobile 2FA - You’ve done it!
➔ Taking money out of the ATM ➔ Accessing banks via web page ➔ Adding a “secret lock” to your car ➔ Getting past your dog
designing & developing for mobile Why?
designing & developing for mobile Extra security
designing & developing for mobile Breach detection
designing & developing for mobile It is easy enough
designing & developing for mobile How?
designing & developing for mobile Use your phone
designing & developing for mobile How, technically?
designing & developing for mobile Use a code, which is
➔ Valid only for one time use ➔ Specific for every use ➔ Human readable ➔ Simple to enter ➔ Nonreversible
designing & developing for mobile SMS based codes
designing & developing for mobile HMAC-based One-time Password Algorithm (HOTP,
RFC 4226)
designing & developing for mobile 1. Generate the Key (once)
2. Calculate Hash = HMAC-SHA-1(Key, Counter); 3. Make it “human-usable” HOTP value = Truncate(Hash)
designing & developing for mobile PS: No need to build
it yourself
designing & developing for mobile “Authenticator” apps
designing & developing for mobile Time-based One-time Password Algorithm (TOTP,
RFC 6238)
designing & developing for mobile 1. Generate and share the
Key (once) 2. Calculate Counter = (Current time - Epoch) / Step 3. Use HOTP TOTP value = HOTP(Key, Counter)
designing & developing for mobile Use one of many multi-account
2fA apps
designing & developing for mobile Uh, all those codes ..
designing & developing for mobile Can I do with less
work?
designing & developing for mobile Device prompts (Google, Valve)
designing & developing for mobile Is this secure?
designing & developing for mobile Which one should I use?
designing & developing for mobile Doesn’t matter. Just use 2FA!
Thank you! Questions? Harri Kirik, Android Developer
[email protected]
http://lab.mobi https://www.facebook.com/lab.mobi