2FA, WTF!?
•
2 likes•148 views
You may recognize Two-factor Authentication (2FA) as an additional safeguard for protecting accounts, but do you really know how it works? This talk will show you how to implement One Time Passwords (including what's happening under the hood of those expiring tokens) and even provide a legitimate use case for QR codes! You'll come away recognizing the different approaches to implementing a 2FA solution and have a better understanding of the solution that's right for your application.
Report
Share
Report
Share
Download to read offline
Recommended
Recommended
More Related Content
Similar to 2FA, WTF!?
Similar to 2FA, WTF!? (20)
BrightonSEO July 2021: Spilling the T in EAT- Easy CRO Tricks for User Trust
BrightonSEO July 2021: Spilling the T in EAT- Easy CRO Tricks for User Trust
Secure All Teh Things - Add 2 factor authentication to your own CFML projects
Secure All Teh Things - Add 2 factor authentication to your own CFML projects
The life of breached data and the attack lifecycle
The life of breached data and the attack lifecycle
Social Media: Your Secret Weapon in Combating Negative Feedback
Social Media: Your Secret Weapon in Combating Negative Feedback
Breaking vaults: Stealing Lastpass protected secrets
Breaking vaults: Stealing Lastpass protected secrets
More from Kelley Robinson
More from Kelley Robinson (20)
Protecting your phone verification flow from fraud & abuse
Protecting your phone verification flow from fraud & abuse
Designing customer account recovery in a 2FA world
Designing customer account recovery in a 2FA world
Analyzing Pwned Passwords with Spark - OWASP Meetup July 2018
Analyzing Pwned Passwords with Spark - OWASP Meetup July 2018
Recently uploaded
Call girls in delhi ✔️✔️🔝 9953056974 🔝✔️✔️Welcome To Vip Escort Services In Delhi [ ]Noida Gurgaon 24/7 Open Sex Escort Services With Happy Ending ServiCe Done By Most Attractive Charming Soft Spoken Bold Beautiful Full Cooperative Independent Escort Girls ServiCe In All-Star Hotel And Home Service In All Over Delhi, Noida, Gurgaon, Faridabad, Ghaziabad, Greater Noida,
• IN CALL AND OUT CALL SERVICE IN DELHI NCR
• 3* 5* 7* HOTELS SERVICE IN DELHI NCR
• 24 HOURS AVAILABLE IN DELHI NCR
• INDIAN, RUSSIAN, PUNJABI, KASHMIRI ESCORTS
• REAL MODELS, COLLEGE GIRLS, HOUSE WIFE, ALSO AVAILABLE
• SHORT TIME AND FULL TIME SERVICE AVAILABLE
• HYGIENIC FULL AC NEAT AND CLEAN ROOMS AVAIL. IN HOTEL 24 HOURS
• DAILY NEW ESCORTS STAFF AVAILABLE
• MINIMUM TO MAXIMUM RANGE AVAILABLE.
Call Girls in Delhi & Independent Escort Service –
CALL GIRLS SERVICE DELHI NCR
Vip call girls in Delhi
Call Girls in Delhi, Call Girl Service 24×7 open
Call Girls in Delhi Best Delhi Escorts in Delhi
Low Rate Call Girls In Saket Delhi
X~CALL GIRLS IN Ramesh Nagar Metro
best Delhi call girls and Delhi escort service.
CALL GIRLS SERVICE IN ALL DELHI …
(Delhi) Call Girls in (Chanakyapuri)
Hot And Sexy Independent Model Escort Service In Delhi Unlimited Enjoy Genuine 100% Profiles And Trusted Door Step Call Girls Feel Free To Call Us Female Service Hot Busty & Sexy Party Girls Available For Complete Enjoyment. We Guarantee Full Satisfaction & In Case Of Any Unhappy Experience, We Would Refund Your Fees, Without Any Questions Asked. Feel Free To Call Us Female Service Provider Hours Opens Thanks.
Delhi Escorts Services 100% secure Services.Incall_OutCall Available and outcall Services provide.
We are available 24*7 for Full Night and short Time Escort Services all over Delhi NCR.
Delhi All Hotel Services available 3* 4* 5* Call Call
Delhi Escorts Services And Delhi Call Girl Agency 100% secure Services in my agency. Incall and outcall Services provide.
We are available 24*7 for Full Night and short Time Escort Services my agency in all over New Delhi
Delhi All Hotel Services available my agency
SERVICES [✓✓✓]
Housewife
College Girl
VIP Escort
Independent Girl
Aunty
Without a Condom sucking )?
Sexy Aunty.DSL (Dick Sucking Lips)?
DT (Dining at the Toes English Spanking)
Doggie (Sex style from no behind)??
OutCall- All Over Delhi Noida Gurgaon 24/7
FOR APPOINTMENT Call/Whatsop / 9953056974Call Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service9953056974 Low Rate Call Girls In Saket, Delhi NCR
Call girls in delhi ✔️✔️🔝 9953056974 🔝✔️✔️Welcome To Vip Escort Services In Delhi [ ]Noida Gurgaon 24/7 Open Sex Escort Services With Happy Ending ServiCe Done By Most Attractive Charming Soft Spoken Bold Beautiful Full Cooperative Independent Escort Girls ServiCe In All-Star Hotel And Home Service In All Over Delhi, Noida, Gurgaon, Faridabad, Ghaziabad, Greater Noida,
• IN CALL AND OUT CALL SERVICE IN DELHI NCR
• 3* 5* 7* HOTELS SERVICE IN DELHI NCR
• 24 HOURS AVAILABLE IN DELHI NCR
• INDIAN, RUSSIAN, PUNJABI, KASHMIRI ESCORTS
• REAL MODELS, COLLEGE GIRLS, HOUSE WIFE, ALSO AVAILABLE
• SHORT TIME AND FULL TIME SERVICE AVAILABLE
• HYGIENIC FULL AC NEAT AND CLEAN ROOMS AVAIL. IN HOTEL 24 HOURS
• DAILY NEW ESCORTS STAFF AVAILABLE
• MINIMUM TO MAXIMUM RANGE AVAILABLE.
Call Girls in Delhi & Independent Escort Service –
CALL GIRLS SERVICE DELHI NCR
Vip call girls in Delhi
Call Girls in Delhi, Call Girl Service 24×7 open
Call Girls in Delhi Best Delhi Escorts in Delhi
Low Rate Call Girls In Saket Delhi
X~CALL GIRLS IN Ramesh Nagar Metro
best Delhi call girls and Delhi escort service.
CALL GIRLS SERVICE IN ALL DELHI …
(Delhi) Call Girls in (Chanakyapuri)
Hot And Sexy Independent Model Escort Service In Delhi Unlimited Enjoy Genuine 100% Profiles And Trusted Door Step Call Girls Feel Free To Call Us Female Service Hot Busty & Sexy Party Girls Available For Complete Enjoyment. We Guarantee Full Satisfaction & In Case Of Any Unhappy Experience, We Would Refund Your Fees, Without Any Questions Asked. Feel Free To Call Us Female Service Provider Hours Opens Thanks.
Delhi Escorts Services 100% secure Services.Incall_OutCall Available and outcall Services provide.
We are available 24*7 for Full Night and short Time Escort Services all over Delhi NCR.
Delhi All Hotel Services available 3* 4* 5* Call Call
Delhi Escorts Services And Delhi Call Girl Agency 100% secure Services in my agency. Incall and outcall Services provide.
We are available 24*7 for Full Night and short Time Escort Services my agency in all over New Delhi
Delhi All Hotel Services available my agency
SERVICES [✓✓✓]
Housewife
College Girl
VIP Escort
Independent Girl
Aunty
Without a Condom sucking )?
Sexy Aunty.DSL (Dick Sucking Lips)?
DT (Dining at the Toes English Spanking)
Doggie (Sex style from no behind)??
OutCall- All Over Delhi Noida Gurgaon 24/7
FOR APPOINTMENT Call/Whatsop / 9953056974Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service9953056974 Low Rate Call Girls In Saket, Delhi NCR
From customer value engagements to hands-on production support, our Services span across every stage of our customers digital transformation journey, to help ensure that every customer is successful in their adoption of our solutions.
• Implementation, Upgrade, Migration, and Maintenance Services
• On-Premises and On-Cloud
• COTS Training Services; On-Site and Virtual
• Software Support Services; Legacy and 3DEXPERIENCE
• Value Engagement & Blueprinting
• Specialized Consulting and Support Services
• Customized Training Services
• Automation and Configuration Services
• Technical Resource Augmentation Services
• Project Management
• Know-how Training (mentoring) and Resource AugmentationNavigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...Arindam Chakraborty, Ph.D., P.E. (CA, TX)
Welcome to the April edition of WIPAC Monthly, the magazine brought to you by Water Industry Process Automation & Control.
In this month's edition, along with the latest news from the industry we have articles on:
The use of artificial intelligence and self-service platforms to improve water sustainability
A feature article on measuring wastewater spills
An article on the National Underground Asset Register
Have a good month,
OliverWater Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024Water Industry Process Automation & Control
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Girls Waiting For You To Fuck
Booking Contact Details
WhatsApp Chat: +91-6297143586
pune Escort Service includes providing maximum physical satisfaction to their clients as well as engaging conversation that keeps your time enjoyable and entertaining. Plus they look fabulously elegant; making an impressionable.
Independent Escorts pune understands the value of confidentiality and discretion - they will go the extra mile to meet your needs. Simply contact them via text messaging or through their online profiles; they'd be more than delighted to accommodate any request or arrange a romantic date or fun-filled night together.
We provide -
01-may-2024(v.n)
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...Call Girls in Nagpur High Profile
Model Call Girl Services in Delhi reach out to us at 🔝 9953056974 🔝✔️✔️
Our agency presents a selection of young, charming call girls available for bookings at Oyo Hotels. Experience high-class escort services at pocket-friendly rates, with our female escorts exuding both beauty and a delightful personality, ready to meet your desires. Whether it's Housewives, College girls, Russian girls, Muslim girls, or any other preference, we offer a diverse range of options to cater to your tastes.
We provide both in-call and out-call services for your convenience. Our in-call location in Delhi ensures cleanliness, hygiene, and 100% safety, while our out-call services offer doorstep delivery for added ease.
We value your time and money, hence we kindly request pic collectors, time-passers, and bargain hunters to refrain from contacting us.
Our services feature various packages at competitive rates:
One shot: ₹2000/in-call, ₹5000/out-call
Two shots with one girl: ₹3500/in-call, ₹6000/out-call
Body to body massage with sex: ₹3000/in-call
Full night for one person: ₹7000/in-call, ₹10000/out-call
Full night for more than 1 person: Contact us at 🔝 9953056974 🔝. for details
Operating 24/7, we serve various locations in Delhi, including Green Park, Lajpat Nagar, Saket, and Hauz Khas near metro stations.
For premium call girl services in Delhi 🔝 9953056974 🔝. Thank you for considering us!Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...9953056974 Low Rate Call Girls In Saket, Delhi NCR
Recently uploaded (20)
Call Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Netaji Nagar, Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
VIP Model Call Girls Kothrud ( Pune ) Call ON 8005736733 Starting From 5K to ...
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
Call Girls in Ramesh Nagar Delhi 💯 Call Us 🔝9953056974 🔝 Escort Service
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Ankleshwar 7001035870 Whatsapp Number, 24/07 Booking
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls In Bangalore ☎ 7737669865 🥵 Book Your One night Stand
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
Call Girls Walvekar Nagar Call Me 7737669865 Budget Friendly No Advance Booking
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Navigating Complexity: The Role of Trusted Partners and VIAS3D in Dassault Sy...
Water Industry Process Automation & Control Monthly - April 2024
Water Industry Process Automation & Control Monthly - April 2024
Block diagram reduction techniques in control systems.ppt
Block diagram reduction techniques in control systems.ppt
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
Booking open Available Pune Call Girls Pargaon 6297143586 Call Hot Indian Gi...
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
CCS335 _ Neural Networks and Deep Learning Laboratory_Lab Complete Record
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
Call Now ≽ 9953056974 ≼🔝 Call Girls In New Ashok Nagar ≼🔝 Delhi door step de...
2FA, WTF!?
- 2. 2 FA T W O - FAC TO R AU T H E N T I C AT I O N W T F ? !
- 7. haveibeenpw n ed. c om
- 8. haveibeenpw n ed. c om
- 9. Password Count 1 123456 22,390,492 2 123456789 7,481,454 3 qwerty 3,752,262 4 111111 3,006,809 5 12345678 2,840,404 6 abc123 2,803,614 7 1234567 2,425,568 8 12345 2,308,872 9 234567890 2,187,868 10 123123 2,143,807 11 000000 1,910,126 12 iloveyou 1,581,914 MOST COMMON PASSWORDS . . . myspace1 735,605 @kelleyrobinson
- 10. @kelleyrobinson
- 11. PA S S WO R D S A R E N ' T E N O U G H
- 12. Factors • Something you know • Something you have • Something you are @kelleyrobinson
- 13. @kelleyrobinson
- 14. “We learned that SMS-based authentication is not nearly as secure as we would hope. ”Reddit Security Incident Disclosure - 2018-08-01 @kelleyrobinson
- 15. Why is SMS 2FA "Bad"? • SS7 vulnerabilities • SIM swapping (social engineering) Link: The Post SS7 Future of 2FA Artwork Credit: Vitostone @kelleyrobinson
- 16. SMS Alternatives • YubiKey • Push • TOTP
- 17. YubiKey
- 19. TOTP (Time-based One Time Passwords) @kelleyrobinson
- 20. (Time-based One Time Passwords) It works offline. @kelleyrobinson Stop trying to make fetch happen. TOTP
- 21. TOT P A LG O R I T H M
- 22. 1 . S E C R E T K E Y
- 23. 2 . C U R R E N T T I M E
- 24. 3 . S I G N I N G F U N C T I O N
- 25. 4 . T R U N C AT E
- 26. __________________ | | Don't roll your own crypto! |__________________| (__/) || (•ㅅ•) || / づ @kelleyrobinson
- 27. How do you push your users into being more secure?
- 28. “Requiring token-based 2FA [for employees] to gain entry. ”Reddit Security Incident Disclosure - 2018-08-01 @kelleyrobinson
- 29. Employees Moderators Everyone else Potential Reddit 2FA Model Required token based 2FA Required 2FA Optional 2FA * *might be managed by IT, not dev
- 30. Balance over $250k Balance over $10k Everyone else Potential Banking 2FA Model Required token based 2FA Required 2FA Optional 2FA
- 31. The risk profile of your users is specific to your high school business
- 32. SMS 2FA is still better than no 2FA @kelleyrobinson
- 33. Happy October 3rd! @kelleyrobinson On October 3rd, he asked me what day it was. It's October 3rd.