Lock in $30 Savings on PRO—Offer Ends Soon! ⏳
Speaker Deck
Features
Speaker Deck
PRO
Sign in
Sign up for free
Search
Search
Two-factor authentication at GDG Riga
Search
Harri Kirik
September 01, 2017
Technology
0
74
Two-factor authentication at GDG Riga
Two-factor authentication presentation at a GDG Riga event.
Harri Kirik
September 01, 2017
Tweet
Share
More Decks by Harri Kirik
See All by Harri Kirik
Secure programming techniques: Mobile Development Security guest lecture
harri35
0
82
Support for HSM-like capabilities in Android
harri35
0
130
Why doesn't my in-app QR code work (on location)?
harri35
0
32
Git merge-base
harri35
1
72
Smoke testing your library
harri35
0
27
Collections in Kotlin
harri35
0
35
Data classes in Kotlin
harri35
0
34
How to do delegation in Kotlin
harri35
0
37
Two-factor authentication at GDG Tartu
harri35
0
56
Other Decks in Technology
See All in Technology
AIBuildersDay_track_A_iidaxs
iidaxs
4
1.1k
マイクロサービスへの5年間 ぶっちゃけ何をしてどうなったか
joker1007
18
7.4k
Bedrock AgentCore Memoryの新機能 (Episode) を試してみた / try Bedrock AgentCore Memory Episodic functionarity
hoshi7_n
2
1.6k
Strands Agents × インタリーブ思考 で変わるAIエージェント設計 / Strands Agents x Interleaved Thinking AI Agents
takanorig
4
1.8k
ExpoのインダストリーブースでみたAWSが見せる製造業の未来
hamadakoji
0
190
シニアソフトウェアエンジニアになるためには
kworkdev
PRO
3
250
会社紹介資料 / Sansan Company Profile
sansan33
PRO
11
390k
2025年 開発生産「可能」性向上報告 サイロ解消からチームが能動性を獲得するまで/ 20251216 Naoki Takahashi
shift_evolve
PRO
2
210
20251218_AIを活用した開発生産性向上の全社的な取り組みの進め方について / How to proceed with company-wide initiatives to improve development productivity using AI
yayoi_dd
0
610
NIKKEI Tech Talk #41: セキュア・バイ・デザインからクラウド管理を考える
sekido
PRO
0
200
AgentCore BrowserとClaude Codeスキルを活用した 『初手AI』を実現する業務自動化AIエージェント基盤
ruzia
7
1k
まだ間に合う! Agentic AI on AWSの現在地をやさしく一挙おさらい
minorun365
17
2.3k
Featured
See All Featured
Money Talks: Using Revenue to Get Sh*t Done
nikkihalliwell
0
120
Navigating the Design Leadership Dip - Product Design Week Design Leaders+ Conference 2024
apolaine
0
110
Making Projects Easy
brettharned
120
6.5k
技術選定の審美眼(2025年版) / Understanding the Spiral of Technologies 2025 edition
twada
PRO
115
91k
Avoiding the “Bad Training, Faster” Trap in the Age of AI
tmiket
0
34
実際に使うSQLの書き方 徹底解説 / pgcon21j-tutorial
soudai
PRO
196
70k
Building the Perfect Custom Keyboard
takai
1
660
Java REST API Framework Comparison - PWX 2021
mraible
34
9k
JavaScript: Past, Present, and Future - NDC Porto 2020
reverentgeek
52
5.8k
How to Create Impact in a Changing Tech Landscape [PerfNow 2023]
tammyeverts
55
3.2k
Abbi's Birthday
coloredviolet
0
3.6k
A designer walks into a library…
pauljervisheath
210
24k
Transcript
Two-factor authentication GDG Riga, 1st of Sept’17 Harri Kirik, Android
Developer http://lab.mobi
designing & developing for mobile What? Why? How?
designing & developing for mobile What?
designing & developing for mobile Multi-factor authentication (MFA)
designing & developing for mobile Factors of authentication ➔ Knowledge
factors ➔ Posession factors ➔ Inheritance factors
designing & developing for mobile Knowledge factors ➔ Pin ➔
Password ➔ Passphrase ➔ Shape ➔ Hidden compartment ➔ “Secret” question
designing & developing for mobile Posession factors ➔ Key ➔
Code card ➔ Pin generator / calculator ➔ Id card ➔ USB stick based token ➔ Your phone
designing & developing for mobile Inheritance factors ➔ Fingerprints ➔
Retinal scans ➔ Voice ➔ Text typing patterns ➔ Your guard dog
designing & developing for mobile Multi-factor authentication, using ➔ Knowledge
factors ➔ Posession factors ➔ Inheritance factors
designing & developing for mobile Two-factor authentication (2FA)
designing & developing for mobile 2FA - You’ve done it!
➔ Taking money out of the ATM ➔ Accessing banks via web page ➔ Adding a “secret lock” to your car ➔ Getting past your dog
designing & developing for mobile Why?
designing & developing for mobile Extra security
designing & developing for mobile Breach detection
designing & developing for mobile It is easy enough
designing & developing for mobile How?
designing & developing for mobile Use your phone
designing & developing for mobile How, technically?
designing & developing for mobile Use a code, which is
➔ Valid only for one time use ➔ Specific for every use ➔ Human readable ➔ Simple to enter ➔ Nonreversible
designing & developing for mobile SMS based codes
designing & developing for mobile HMAC-based One-time Password Algorithm (HOTP,
RFC 4226)
designing & developing for mobile 1. Generate the Key (once)
2. Calculate Hash = HMAC-SHA-1(Key, Counter); 3. Make it “human-usable” HOTP value = Truncate(Hash)
designing & developing for mobile PS: No need to build
it yourself
designing & developing for mobile “Authenticator” apps
designing & developing for mobile Time-based One-time Password Algorithm (TOTP,
RFC 6238)
designing & developing for mobile 1. Generate and share the
Key (once) 2. Calculate Counter = (Current time - Epoch) / Step 3. Use HOTP TOTP value = HOTP(Key, Counter)
designing & developing for mobile Use one of many multi-account
2fA apps
designing & developing for mobile Uh, all those codes ..
designing & developing for mobile Can I do with less
work?
designing & developing for mobile Device prompts (Google, Valve)
designing & developing for mobile Is this secure?
designing & developing for mobile Which one should I use?
designing & developing for mobile Doesn’t matter. Just use 2FA!
Thank you! Questions? Harri Kirik, Android Developer
[email protected]
http://lab.mobi https://www.facebook.com/lab.mobi
harri35
iidaxs
joker1007
hoshi7_n
takanorig
hamadakoji
kworkdev
sansan33
shift_evolve
yayoi_dd
sekido
ruzia
minorun365
nikkihalliwell
apolaine
brettharned
twada
tmiket
soudai
takai
mraible
reverentgeek
tammyeverts
coloredviolet
pauljervisheath
![Thank you! Questions? Harri Kirik, Android Developer [email protected] http://lab.mobi https://www.facebook.com/lab.mobi](https://files.speakerdeck.com/presentations/658dd4b3742d4886a063acf4d4603f62/slide_33.jpg){kind=link}