2FA, WTF at Web Directions Summit 2017

8ec1383b240b5ba15ffb9743fceb3c0e?s=47 Phil Nash
November 10, 2017

2FA, WTF at Web Directions Summit 2017

Everyone is hacking everything. Everything is vulnerable. Your site, your users, even you. Are you worried about this? You should be!

Don't worry, I'm not trying to scare you (that much). We have plenty of safeguards against attempts on our applications' user data. We all (hopefully) recognise Two Factor Auth as one of those safeguards, but what actually goes on under the hood of 2FA?

We'll take a look into generating one time passwords, implementing 2FA in web applications and the only real life compelling use case for QR codes. Together, we'll make the web a more secure place.

----

Links:

notp package: https://github.com/guyht/notp

Twilio Authy: https://www.twilio.com/two-factor-authentication

The Authy app: https://authy.com/

Top passwords 2015: https://www.teamsid.com/worst-passwords-2015/
Ashley Madison passwords: http://cynosureprime.blogspot.ie/2015/09/how-we-cracked-millions-of-ashley.html

Have I Been Pwned? - https://haveibeenpwned.com/

Deray Mckesson Hacked - https://techcrunch.com/2016/06/10/how-activist-deray-mckessons-twitter-account-was-hacked/

How to hack Facebook with just a phone number - http://www.zdnet.com/article/how-to-hack-facebook-with-a-phone-number/

8ec1383b240b5ba15ffb9743fceb3c0e?s=128

Phil Nash

November 10, 2017
Tweet