You may recognize Two-factor Authentication (2FA) as an additional safeguard for protecting accounts, but do you really know how it works? This talk will show you how to implement One Time Passwords (including what's happening under the hood of those expiring tokens) and even provide a legitimate use case for QR codes! You'll come away recognizing the different approaches to implementing a 2FA solution and have a better understanding of the solution that's right for your application.
14. “We learned that SMS-based
authentication is not nearly as secure as
we would hope.
”Reddit Security Incident Disclosure - 2018-08-01
@kelleyrobinson
15. Why is SMS 2FA "Bad"?
• SS7 vulnerabilities
• SIM swapping
(social engineering)
Link: The Post SS7 Future of 2FA
Artwork Credit: Vitostone
@kelleyrobinson