Be the first to like this
Service providers have a responsibility to provide two factor authentication (2FA) and help their users make informed decisions about which 2FA method(s) to enable.
In this talk, I discuss the AWS Shared Responsibility Model and highlight that implementing 2FA follows a similar pattern. I dive into the details of the 4 most common methods of 2FA and explain the security and usability tradeoffs of each. I cover SMS, time-based one-time passwords (TOTP), push notifications, and Universal 2nd Factor (U2F).
Audio and slides on YouTube: https://www.youtube.com/watch?v=ub7tU6ZLxAs