Upgrade to Pro
— share decks privately, control downloads, hide ads and more …
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Two-factor authentication at GDG Riga
Search
Sponsored
·
SiteGround - Reliable hosting with speed, security, and support you can count on.
→
Harri Kirik
September 01, 2017
Technology
78
0
Share
Embed
Copy iframe code
Copy JS code
Copy link
Start on current slide
Two-factor authentication at GDG Riga
Two-factor authentication presentation at a GDG Riga event.
Harri Kirik
September 01, 2017
More Decks by Harri Kirik
See All by Harri Kirik
Secure programming techniques: Mobile Development Security guest lecture
harri35
0
87
Support for HSM-like capabilities in Android
harri35
0
150
Why doesn't my in-app QR code work (on location)?
harri35
0
38
Git merge-base
harri35
1
81
Smoke testing your library
harri35
0
30
Collections in Kotlin
harri35
0
38
Data classes in Kotlin
harri35
0
40
How to do delegation in Kotlin
harri35
0
40
Two-factor authentication at GDG Tartu
harri35
0
62
Other Decks in Technology
See All in Technology
NAB Show 2026 動画技術関連レポート / NAB Show 2026 Report
cyberagentdevelopers
PRO
0
160
失敗を資産に変えるClaude Code
shinyasaita
0
320
AIの性能が向上しても未解決な組織の重大問題は何か?/An Unsolved Organizational Problem in the Age of AI
moriyuya
3
610
MIERUNE JCT 発表資料「宇宙から伊能忠敬ごっこ」
syuchimu
0
210
Agent Skills設計で柔軟性と硬さのバランスが難しい話
nassy20
0
120
Socrates × Looker 〜セマンティックレイヤーで進化するデータ分析エージェント〜
hanon52_
3
2.1k
2026TECHFRESH畢業分享會 - AI 時代的人生存檔點
line_developers_tw
PRO
0
780
2026TECHFRESH畢業分享會 - Lightning Talk - E起 See See : 電商推薦讀心術? 數據說了算
line_developers_tw
PRO
0
770
10倍の生産性を実現するAI駆動並列エージェントのすべて
kumaiu
5
1.3k
Oracle AI Database@Google Cloud:サービス概要のご紹介
oracle4engineer
PRO
6
1.5k
DevOps Agentで始めるAWS運用 〜フロンティアエージェントが変える運用の現場〜
nyankotaro
1
380
Claude Codeをどのように キャッチアップしているか
oikon48
2
1.5k
Featured
See All Featured
Docker and Python
trallard
47
3.9k
Connecting the Dots Between Site Speed, User Experience & Your Business [WebExpo 2025]
tammyeverts
11
940
Dominate Local Search Results - an insider guide to GBP, reviews, and Local SEO
greggifford
PRO
0
190
The Spectacular Lies of Maps
axbom
PRO
1
800
What's in a price? How to price your products and services
michaelherold
247
13k
Practical Orchestrator
shlominoach
191
11k
WENDY [Excerpt]
tessaabrams
11
38k
Creating an realtime collaboration tool: Agile Flush - .NET Oxford
marcduiker
35
2.5k
Done Done
chrislema
186
16k
Self-Hosted WebAssembly Runtime for Runtime-Neutral Checkpoint/Restore in Edge–Cloud Continuum
chikuwait
0
580
Producing Creativity
orderedlist
PRO
348
40k
4 Signs Your Business is Dying
shpigford
187
22k
Transcript
Two-factor authentication GDG Riga, 1st of Sept’17 Harri Kirik, Android
Developer http://lab.mobi
designing & developing for mobile What? Why? How?
designing & developing for mobile What?
designing & developing for mobile Multi-factor authentication (MFA)
designing & developing for mobile Factors of authentication ➔ Knowledge
factors ➔ Posession factors ➔ Inheritance factors
designing & developing for mobile Knowledge factors ➔ Pin ➔
Password ➔ Passphrase ➔ Shape ➔ Hidden compartment ➔ “Secret” question
designing & developing for mobile Posession factors ➔ Key ➔
Code card ➔ Pin generator / calculator ➔ Id card ➔ USB stick based token ➔ Your phone
designing & developing for mobile Inheritance factors ➔ Fingerprints ➔
Retinal scans ➔ Voice ➔ Text typing patterns ➔ Your guard dog
designing & developing for mobile Multi-factor authentication, using ➔ Knowledge
factors ➔ Posession factors ➔ Inheritance factors
designing & developing for mobile Two-factor authentication (2FA)
designing & developing for mobile 2FA - You’ve done it!
➔ Taking money out of the ATM ➔ Accessing banks via web page ➔ Adding a “secret lock” to your car ➔ Getting past your dog
designing & developing for mobile Why?
designing & developing for mobile Extra security
designing & developing for mobile Breach detection
designing & developing for mobile It is easy enough
designing & developing for mobile How?
designing & developing for mobile Use your phone
designing & developing for mobile How, technically?
designing & developing for mobile Use a code, which is
➔ Valid only for one time use ➔ Specific for every use ➔ Human readable ➔ Simple to enter ➔ Nonreversible
designing & developing for mobile SMS based codes
designing & developing for mobile HMAC-based One-time Password Algorithm (HOTP,
RFC 4226)
designing & developing for mobile 1. Generate the Key (once)
2. Calculate Hash = HMAC-SHA-1(Key, Counter); 3. Make it “human-usable” HOTP value = Truncate(Hash)
designing & developing for mobile PS: No need to build
it yourself
designing & developing for mobile “Authenticator” apps
designing & developing for mobile Time-based One-time Password Algorithm (TOTP,
RFC 6238)
designing & developing for mobile 1. Generate and share the
Key (once) 2. Calculate Counter = (Current time - Epoch) / Step 3. Use HOTP TOTP value = HOTP(Key, Counter)
designing & developing for mobile Use one of many multi-account
2fA apps
designing & developing for mobile Uh, all those codes ..
designing & developing for mobile Can I do with less
work?
designing & developing for mobile Device prompts (Google, Valve)
designing & developing for mobile Is this secure?
designing & developing for mobile Which one should I use?
designing & developing for mobile Doesn’t matter. Just use 2FA!
Thank you! Questions? Harri Kirik, Android Developer
[email protected]
http://lab.mobi https://www.facebook.com/lab.mobi
SiteGround - Reliable hosting with speed, security, and support you can count on.
harri35
cyberagentdevelopers
shinyasaita
moriyuya
syuchimu
nassy20
hanon52_
line_developers_tw
kumaiu
oracle4engineer
nyankotaro
oikon48
trallard
tammyeverts
greggifford
axbom
michaelherold
shlominoach
tessaabrams
marcduiker
chrislema
chikuwait
orderedlist
shpigford
![Thank you! Questions? Harri Kirik, Android Developer [email protected] http://lab.mobi https://www.facebook.com/lab.mobi](https://files.speakerdeck.com/presentations/658dd4b3742d4886a063acf4d4603f62/slide_33.jpg){kind=link}