2FA, WTF? at WebCamp Zagreb

8ec1383b240b5ba15ffb9743fceb3c0e?s=47 Phil Nash
October 29, 2016

2FA, WTF? at WebCamp Zagreb

Everyone is hacking everything. Everything is vulnerable. Your site, your users, even you. Are you worried about this? You should be! Don't worry, Phil is not trying to scare you (that much). You have plenty of safeguards against attempts on your applications' user data. We all (hopefully) recognise Two Factor Auth as one of those safeguards, but what actually goes on under the hood of 2FA?

You will discover how to generate one-time passwords and implement 2FA in your applications, and hear the only real-life compelling use case for QR codes. Together, we'll make the web a more secure place.



notp package: https://github.com/guyht/notp

Authy: https://www.authy.com/developers/

Authy OneTouch: https://www.authy.com/product/options/#onetouch

Top passwords 2015: https://www.teamsid.com/worst-passwords-2015/
Ashley Madison passwords: http://cynosureprime.blogspot.ie/2015/09/how-we-cracked-millions-of-ashley.html

Have I Been Pwned? - https://haveibeenpwned.com/

Deray Mckesson Hacked - https://techcrunch.com/2016/06/10/how-activist-deray-mckessons-twitter-account-was-hacked/

How to hack Facebook with just a phone number - http://www.zdnet.com/article/how-to-hack-facebook-with-a-phone-number/


Phil Nash

October 29, 2016