Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Two-factor authentication at GDG Tartu

Harri Kirik
August 03, 2017
Technology
0
52

Two-factor authentication at GDG Tartu

Harri talks about why two-factor authentication matters and how it is most commonly used on mobile phones.

Harri Kirik

August 03, 2017
Tweet

More Decks by Harri Kirik

See All by Harri Kirik
Secure programming techniques: Mobile Development Security guest lecture
harri35
0
76
Support for HSM-like capabilities in Android
harri35
0
120
Why doesn't my in-app QR code work (on location)?
harri35
0
26
Git merge-base
harri35
1
66
Smoke testing your library
harri35
0
24
Collections in Kotlin
harri35
0
32
Data classes in Kotlin
harri35
0
27
How to do delegation in Kotlin
harri35
0
31
Two-factor authentication at GDG Riga
harri35
0
69

Other Decks in Technology

See All in Technology
依存関係があるコンポーネントは Barrel ファイルでまとめよう
azukiazusa1
3
530
Kubernetes x k6 で負荷試験基盤を開発して 負荷試験を民主化した話 / Kubernetes x k6
sansan_randd
2
730
Ask! NIKKEIの運用基盤と改善に向けた取り組み / NIKKEI TECH TALK #30
kaitomajima
1
450
エンジニアのためのドキュメント力基礎講座〜構造化思考から始めよう〜(2025/02/15jbug広島#15発表資料)
yasuoyasuo
15
5.5k
Oracle Base Database Service 技術詳細
oracle4engineer
PRO
6
57k
【Developers Summit 2025】プロダクトエンジニアから学ぶ、 ユーザーにより高い価値を届ける技術
niwatakeru
2
890
PL900試験から学ぶ Power Platform 基礎知識講座
kumikeyy
0
110
バックエンドエンジニアのためのフロントエンド入門 #devsumiC
panda_program
16
6.5k
『衛星データ利用の方々にとって近いようで触れる機会のなさそうな小話 ~ 衛星搭載ソフトウェアと衛星運用ソフトウェア (実物) を動かしながらわいわいする編 ~』 @日本衛星データコミニティ勉強会
meltingrabbit
0
120
WAF に頼りすぎない AWS WAF 運用術 meguro sec #1
izzii
0
460
日経電子版 x AIエージェントの可能性とAgentic RAGによって提案書生成を行う技術
masahiro_nishimi
1
290
The 5 Obstacles to High-Performing Teams
mdalmijn
0
270

Featured

See All Featured
Sharpening the Axe: The Primacy of Toolmaking
bcantrill
40
2k
Navigating Team Friction
lara
183
15k
The Art of Programming - Codeland 2020
erikaheidi
53
13k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
248
1.3M
YesSQL, Process and Tooling at Scale
rocio
171
14k
Practical Tips for Bootstrapping Information Extraction Pipelines
honnibal
PRO
12
950
Visualizing Your Data: Incorporating Mongo into Loggly Infrastructure
mongodb
44
9.4k
Making Projects Easy
brettharned
116
6k
GraphQLとの向き合い方2022年版
quramy
44
13k
Intergalactic Javascript Robots from Outer Space
tanoku
270
27k
The World Runs on Bad Software
bkeepers
PRO
67
11k
Mobile First: as difficult as doing things right
swwweet
223
9.3k

Transcript

  1. Two-factor authentication GDG Tartu, 3rd of August’17 Harri Kirik, Android

    Developer http://lab.mobi

  2. designing & developing for mobile What? Why? How?

  3. designing & developing for mobile What?

  4. designing & developing for mobile Multi-factor authentication (MFA)

  5. designing & developing for mobile Factors of authentication ➔ Knowledge

    factors ➔ Posession factors ➔ Inheritance factors

  6. designing & developing for mobile Knowledge factors ➔ Pin ➔

    Password ➔ Passphrase ➔ Shape ➔ Hidden compartment ➔ “Secret” question

  7. designing & developing for mobile Posession factors ➔ Key ➔

    Code card ➔ Pin generator / calculator ➔ Id card ➔ USB stick based token ➔ Your phone

  8. designing & developing for mobile Inheritance factors ➔ Fingerprints ➔

    Retinal scans ➔ Voice ➔ Text typing patterns ➔ Your guard dog

  9. designing & developing for mobile Multi-factor authentication, using ➔ Knowledge

    factors ➔ Posession factors ➔ Inheritance factors

  10. designing & developing for mobile Two-factor authentication (2FA)

  11. designing & developing for mobile 2FA - You’ve done it!

    ➔ Taking money out of the ATM ➔ Accessing banks via web page ➔ Adding a “secret lock” to your car ➔ Getting past your dog

  12. designing & developing for mobile Why?

  13. designing & developing for mobile Extra security

  14. designing & developing for mobile Breach detection

  15. designing & developing for mobile How?

  16. designing & developing for mobile Use your phone

  17. designing & developing for mobile How, technically?

  18. designing & developing for mobile Use a code, which is

    ➔ Valid only for one time use ➔ Specific for every use ➔ Human readable ➔ Simple to enter ➔ Nonreversible

  19. designing & developing for mobile SMS based codes

  20. designing & developing for mobile HMAC-based One-time Password Algorithm (HOTP,

    RFC 4226)

  21. designing & developing for mobile 1. Generate the Key (once)

    2. Calculate Hash = HMAC-SHA-1(Key, Counter); 2. Make it “human-usable” HOTP value = Truncate(Hash)

  22. designing & developing for mobile PS: No need to build

    it yourself

  23. designing & developing for mobile “Authenticator” apps

  24. designing & developing for mobile Time-based One-time Password Algorithm (TOTP,

    RFC 6238)

  25. designing & developing for mobile 1. Generate and share the

    Key (once) 2. Calculate Counter = (Current time - Epoch) / Step 2. Use HOTP TOTP value = HOTP(Key, Counter)

  26. designing & developing for mobile Use one of many multi

    account apps

  27. designing & developing for mobile Uh, all those codes ..

  28. designing & developing for mobile Can I do with less

    work?

  29. designing & developing for mobile Device prompts (Google, Valve)

  30. designing & developing for mobile Is this secure?

  31. designing & developing for mobile Which one should I use?

  32. designing & developing for mobile Doesn’t matter. Just use 2FA!

  33. Thank you! Questions? Harri Kirik, Android Developer [email protected] http://lab.mobi https://www.facebook.com/lab.mobi