2FA and OTP
•
0 likes•634 views
The document discusses two-factor authentication (2FA) and one-time passwords (OTP) using HMAC-based OTP (HOTP) and time-based OTP (TOTP). HOTP uses HMAC to sign a counter, meeting requirements like being hardware-friendly. TOTP extends HOTP by using Unix time as a moving factor between the prover and verifier, requiring them to share secrets, time steps, and unique keys per user. The document recommends settings for TOTP and contrasts it with random number generators.
Report
Share
Report
Share
Download to read offline
Recommended
Timer Part 11
This document discusses timers in AVR microcontrollers. It explains that timers count clock cycles and can be prescaled to achieve greater values at the cost of precision. Timer 0 is an 8-bit timer while Timer 1 is 16-bit. The key registers for Timer 1 are TCNT1 for counting, TCCR1A/B for control, and TIMSK/TIFR for interrupts. Accessing 16-bit registers requires using a temporary register to ensure precise timing of the high and low byte writes and reads.
MobiWeb - OTP SMS Two Factor Authentication
SMS is a technology that has many applications. Today huge numbers of products and services use SMS in a variety of ways. It can be used for additional security in service access and mobile identity verification. Since most of the world population have mobile phones (smartphones or feature phones), businesses can turn subscribers’ mobile phones to tools of additional security.
This guide describes Two-factor Authentication through OTP (One-time PIN) delivered by SMS.
Since its establishment in 1999, MobiWeb is providing global SMS Messaging for B2B, B2C and C2C mobile interaction.
Visit us at www.solutions4mobiles.com
Qr code based secure otp distribution scheme for Online banking
This document proposes a new authentication scheme for secure OTP distribution in net banking using QR codes and email. It describes existing OTP distribution methods like text messages and proprietary tokens that have drawbacks like being text-based and increase risk of tampering or identification over long periods. The proposed system generates one-time passwords using a pseudorandom number and timestamp, encrypts it with AES using the user's ATM PIN as the key, converts it to a QR code and distributes it via email. It aims to provide a more secure authentication method compared to existing text-based approaches.
Mobile messaging trends capgemini consulting
Mobile messaging trends show:
1) Growth in SMS sent and revenues is forecast to decline significantly over the next few years as alternatives like IM, email, and MMS grow.
2) By 2015, SMS is forecast to contribute only 68% of mobile messaging revenues compared to 80% in 2010.
3) Facebook and WhatsApp have captured a large share of the SMS market, with WhatsApp users sending an estimated 2 billion messages daily in 2012.
4) While person-to-person SMS will decline, application-to-person SMS providing services like alerts and notifications is forecast to continue growing through 2016.
87559489 auth
This document provides an overview of a proposed mobile-based software token system for two-factor authentication. The system aims to replace existing hardware and computer-based software tokens by using mobile phones. It consists of software installed on client mobile phones, a server, and a GSM modem. The system can generate one-time passwords locally on the phone or via SMS from the server. Algorithms and factors like IMEI, IMSI, username, and PIN are used to securely generate unique passwords. Functional requirements include modules for password generation, client design, and server design. Non-functional requirements address availability, efficiency, flexibility, portability, integrity, and scalability.
Infoblast – Interactive 2-way Messaging Service
Infoblast is a suite of communication and messaging services that is available via a fixed line number, offered to TM customers through a single portal or an Infoblaster
MobiWeb - SMS for App Promotion & Engagement
Today’s life is mobile. Literally people spend a considerable amount of their daytime on the way and use their mobile phones more than ever.
By early 2015, there will be more mobile phone subscribers than the world's population, while smartphone penetration is rapidly increasing in many markets around the world. It is expected that by 2015 smartphone users will total for at least 2 billion.
Mobile apps and smartphones are the latest trend in the industry, offering rich functionality. The mobile app market is booming and is predicted that it will be worth US$25 billion by 2015.
Growing profitable and loyal user bases is critical to mobile applications. However, the mobile app market is very competitive. There are over 2 million mobile applications published in the major app stores. Furthermore, 25% of mobile apps are downloaded just once and then never used again, while each user uses on average no more than 29 apps per month.
All these facts generate intense competition in the mobile app market. Mobile apps face difficulties getting noticed in crowded app stores and converting desktop and ad traffic to app installations.
SMS can help mobile application developers & publishers in app promotion and distribution, user conversion, user engagement and user retention. SMS is a well-established, mature technology that is compatible across all mobile phones, requires no data and is cost-effective. With an open-rate of 98% it leads engagement in the mobile channel. World-renowned and successful mobile apps already use SMS for promotion, distribution and user engagement.
Since its establishment in 1999, MobiWeb is providing global SMS Messaging for B2B, B2C and C2C mobile interaction.
Visit us at www.solutions4mobiles.com
Two Factor Authentication Made Easy ICWE 2015
This is the presentation slides for Two Factor Authentication Made Easy at ICWE 2015. You can download the paper at http://dx.doi.org/10.1007/978-3-319-19890-3_29
Recommended
Timer Part 11
This document discusses timers in AVR microcontrollers. It explains that timers count clock cycles and can be prescaled to achieve greater values at the cost of precision. Timer 0 is an 8-bit timer while Timer 1 is 16-bit. The key registers for Timer 1 are TCNT1 for counting, TCCR1A/B for control, and TIMSK/TIFR for interrupts. Accessing 16-bit registers requires using a temporary register to ensure precise timing of the high and low byte writes and reads.
MobiWeb - OTP SMS Two Factor Authentication
SMS is a technology that has many applications. Today huge numbers of products and services use SMS in a variety of ways. It can be used for additional security in service access and mobile identity verification. Since most of the world population have mobile phones (smartphones or feature phones), businesses can turn subscribers’ mobile phones to tools of additional security.
This guide describes Two-factor Authentication through OTP (One-time PIN) delivered by SMS.
Since its establishment in 1999, MobiWeb is providing global SMS Messaging for B2B, B2C and C2C mobile interaction.
Visit us at www.solutions4mobiles.com
Qr code based secure otp distribution scheme for Online banking
This document proposes a new authentication scheme for secure OTP distribution in net banking using QR codes and email. It describes existing OTP distribution methods like text messages and proprietary tokens that have drawbacks like being text-based and increase risk of tampering or identification over long periods. The proposed system generates one-time passwords using a pseudorandom number and timestamp, encrypts it with AES using the user's ATM PIN as the key, converts it to a QR code and distributes it via email. It aims to provide a more secure authentication method compared to existing text-based approaches.
Mobile messaging trends capgemini consulting
Mobile messaging trends show:
1) Growth in SMS sent and revenues is forecast to decline significantly over the next few years as alternatives like IM, email, and MMS grow.
2) By 2015, SMS is forecast to contribute only 68% of mobile messaging revenues compared to 80% in 2010.
3) Facebook and WhatsApp have captured a large share of the SMS market, with WhatsApp users sending an estimated 2 billion messages daily in 2012.
4) While person-to-person SMS will decline, application-to-person SMS providing services like alerts and notifications is forecast to continue growing through 2016.
87559489 auth
This document provides an overview of a proposed mobile-based software token system for two-factor authentication. The system aims to replace existing hardware and computer-based software tokens by using mobile phones. It consists of software installed on client mobile phones, a server, and a GSM modem. The system can generate one-time passwords locally on the phone or via SMS from the server. Algorithms and factors like IMEI, IMSI, username, and PIN are used to securely generate unique passwords. Functional requirements include modules for password generation, client design, and server design. Non-functional requirements address availability, efficiency, flexibility, portability, integrity, and scalability.
Infoblast – Interactive 2-way Messaging Service
Infoblast is a suite of communication and messaging services that is available via a fixed line number, offered to TM customers through a single portal or an Infoblaster
MobiWeb - SMS for App Promotion & Engagement
Today’s life is mobile. Literally people spend a considerable amount of their daytime on the way and use their mobile phones more than ever.
By early 2015, there will be more mobile phone subscribers than the world's population, while smartphone penetration is rapidly increasing in many markets around the world. It is expected that by 2015 smartphone users will total for at least 2 billion.
Mobile apps and smartphones are the latest trend in the industry, offering rich functionality. The mobile app market is booming and is predicted that it will be worth US$25 billion by 2015.
Growing profitable and loyal user bases is critical to mobile applications. However, the mobile app market is very competitive. There are over 2 million mobile applications published in the major app stores. Furthermore, 25% of mobile apps are downloaded just once and then never used again, while each user uses on average no more than 29 apps per month.
All these facts generate intense competition in the mobile app market. Mobile apps face difficulties getting noticed in crowded app stores and converting desktop and ad traffic to app installations.
SMS can help mobile application developers & publishers in app promotion and distribution, user conversion, user engagement and user retention. SMS is a well-established, mature technology that is compatible across all mobile phones, requires no data and is cost-effective. With an open-rate of 98% it leads engagement in the mobile channel. World-renowned and successful mobile apps already use SMS for promotion, distribution and user engagement.
Since its establishment in 1999, MobiWeb is providing global SMS Messaging for B2B, B2C and C2C mobile interaction.
Visit us at www.solutions4mobiles.com
Two Factor Authentication Made Easy ICWE 2015
This is the presentation slides for Two Factor Authentication Made Easy at ICWE 2015. You can download the paper at http://dx.doi.org/10.1007/978-3-319-19890-3_29
Welcome to the 3rd generation in user authentication
Christian Larsen, Regional Manager, International, SMS Passcode
Virtualization Forum 2014, Prague, 22.10.2014
Jestliže SlideShare nezobrazí prezentaci korektně, můžete si ji stáhnout ve formátu .ppsx nebo .pdf (kliknutím na tlačitko v dolní liště snímků).
Securing ChatOps - DevSecCon Asia 2017 arun n
Securing chat apps with multi factor authentication.
This slide details out the loopholes in chat ops and how they can be managed with multi factor authentication (2fa) luke yubikey and google authentication.
Mobile Cybercrime - Don’t Leave Your Customers Vulnerable
Based on the results of a survey commissioned by Xura, this webinar co-hosted with TMCnet, explored the mobile consumer’s view of the risks they face from mobile network vulnerabilities, and the role of the mobile network operator in protecting them.
Adding Two Factor Authentication to your App with Authy
This talk explains what two factor authentication is, and how to implement it in a Ruby on Rails app with Authy.
Originally presented at Auckland Ruby Nights on April 23 2015: http://www.meetup.com/aucklandruby/events/221958178/
E voting authentication with qr-codes
The document proposes an e-voting authentication scheme that uses QR codes and visual cryptography. Voters are issued two "shares" - one containing a QR code with their password, and one stored in a database. To vote, a voter scans the QR code to reveal the password, enters it, and is authenticated. The scheme aims to be highly usable by requiring only a QR code scanner, with no technical background needed. It evaluates the scheme's security against attacks like intercepting transmitted shares or manipulating scanning software.
Back to the Future of Marketing - #DubaiLynx 2017
Presentation by Jerry Daykin & Mark Brown from Carat at the 2017 Dubai Lynx event, exploring 3 key media trends: where they've come from, where they are now and where they may one day lead.
Secured qr code [Pankaj Jeswani and Team]
Secured QR Code Authentication System
Two Way Encryption used to Enhance the security for QR Code. With Banking Application and Shopping Cart
Project by Pankaj Jeswani | Vishal Chhabria | Sagar Chawla
Under the guidance of Naveen Vaswani Sir
Secure QR code payment
Secure QR code payment is one of the Mobile payment solution of Mobile Money.
jrsys Patented Secure QR code contains not only the URL but also a digital signed data.
www.jrsys.com.tw
Trends and innovation in Fintech
Mahesh Ramachandran gave a presentation on trends and innovations in financial technology (FinTech) that will change customer expectations and experiences. He discussed how demonetization, mobile payments, peer-to-peer lending, robo-advisors, blockchain technology, and other trends will impact customers. A key innovation he highlighted was the Unified Payments Interface, which allows simple and effective money transfers between bank accounts using just a smartphone and virtual payment addresses instead of account numbers. The presentation explained how this new payment system will benefit customers, banks, merchants and the broader financial ecosystem through features like one-click authentication and universal access across interfaces.
Presentation9
The document discusses the benefits of exercise for mental health. Regular physical activity can help reduce anxiety and depression and improve mood and cognitive function. Exercise causes chemical changes in the brain that may help protect against mental illness and improve symptoms for those who already suffer from conditions like anxiety and depression.
2FA, WTF? - Phil Nash - Codemotion Amsterdam 2016
Everyone is hacking everything. Everything is vulnerable. Your site, your users, even you. Are you worried about this? You should be! Don't worry, I'm not trying to scare you (that much). We have plenty of safeguards against attempts on our applications' user data. We all (hopefully) recognise Two Factor Auth as one of those safeguards, but what actually goes on under the hood of 2FA? We'll take a look into generating one time passwords, implementing 2FA in web applications and the only real life compelling use case for QR codes. Together, we'll make the web a more secure place.
The Future of Mobile Payments
The document discusses the future of mobile payments, including the transition to a cashless society through new identification technologies like fingerprint and vein scanning. It describes how devices will identify users through biometrics and location data, allowing new payment methods via technologies like Bluetooth and connected "Internet of Things" devices. This will change both how people pay for items and entire store experiences. Overall, the document outlines emerging mobile and identification technologies that will transform how payments are made.
MOBtexting : Leading A2P Messaging & Cloud Telephony Service Provider
MOBtextng is the leading and premier communications platform as a Service (CPaaS) that provide A2P Messaging and Cloud Telephony Services which can be integrated with any applications, websites, CRM, ERP etc. providing highly integrated communication tools that enable real time collaboration.
Two factor authentication presentation mcit
This document discusses two-factor authentication (2FA) as a method to strengthen user authentication beyond just a username and password. It describes how 2FA uses two different factors, something you know and something you have/are, to verify identity. Specifically, it evaluates using one-time passwords (OTPs) with hard tokens, mobile tokens, and SMS. While hardware tokens are very secure, they are also expensive and inconvenient. Mobile tokens are cheaper but still vulnerable to attacks. The best approach recommends sending the OTP via mobile token while sending transaction details via SMS to separate the factors and prevent SIM swap attacks. The document provides recommendations like using HTTPS and hashing to further improve security with 2FA.
10 1 otp all
This document discusses one-time password (OTP) authentication. It describes how OTPs provide two-factor authentication by requiring a password and a unique, time-based code. It outlines Open Authentication (OATH) standards for OTP algorithms like HOTP, TOTP, and OCRA. The document also summarizes different OTP authentication devices like tokens and soft tokens, comparing their security levels and generation mechanisms.
BSides Rochester 2018: Esteban Rodriguez: Ducky In The Middle: Injecting keys...
This document summarizes Esteban Rodriguez's talk on injecting keystrokes into plaintext protocols. It discusses how protocols like VNC, HippoRemote, and early versions of Synergy sent keystrokes in plaintext, allowing them to be intercepted using tools like Wireshark. It then demonstrates how intercepted keystrokes could be cracked, monitored, or injected using tools like Metasploit, custom Python scripts, and rogue Synergy servers implemented with Dissonance. Mitigations discussed include encrypting protocols with SSL and verifying server fingerprints. The overall message is that encryption is important and security research helps improve protocols.
One Time Password - A two factor authentication system
This document provides an overview of one-time passwords (OTP), including a brief history, benefits and costs, categories, generation methods like HOTP and TOTP, delivery methods, relevant RFCs and standards, potential attacks, and development libraries. It defines an OTP as a single-use password or code used to authenticate over untrusted channels, complementing a user password for two-factor authentication. Common OTP types are event-based HOTP, which uses a HMAC to generate codes based on a key and counter, and time-based TOTP, which extends HOTP to generate codes based on time.
Track 5 session 2 - st dev con 2016 - security iot best practices
This document summarizes a presentation on IoT security good practices. It discusses various types of invasive and non-invasive attacks on IoT devices, as well as solutions to improve security such as adding a secure element, using an MCU's security features, and risk management practices. Cryptography methods that can be used for authentication, encryption and integrity are explained. The document also covers topics like secure boot, secure storage, secure communications, and the importance of security over the entire product lifecycle. Recommendations are made to design fortified products, understand risks, use security features and tools, and work with trusted partners.
Virtual Private Networks
Virtual private networks (VPNs) allow secure communications over the public Internet by encrypting data and tunneling it through virtual connections. VPNs function like private leased lines but provide a more cost-effective way to connect remote users and offices. Essential VPN components include encryption endpoints, tunnels to encapsulate data, and authentication of users and devices on the private network. Common VPN setups are either mesh architectures with direct connections between all sites or hub-and-spoke with connections terminating at a central server. Protocols like IPSec and IKE enable encryption and key exchange to securely transmit data over VPN tunnels.
Trick or XFLTReaT a.k.a. Tunnel All The Things
XFLTReaT presentation from RuxCon 2017
This presentation will sum up how to do tunnelling with different protocols and will have different perspectives detailed. For example, companies are fighting hard to block exfiltration from their network: they use http(s) proxies, DLP, IPS technologies to protect their data, but are they protected against tunnelling? There are so many interesting questions to answer for users, abusers, companies and malware researchers. Mitigation and bypass techniques will be shown you during this presentation, which can be used to filter any tunnelling on your network or to bypass misconfigured filters.
Our new tool XFLTReaT is an open-source tunnelling framework that handles all the boring stuff and gives users the capability to take care of only the things that matter. It provides significant improvements over existing tools. From now on there is no need to write a new tunnel for each and every protocol or to deal with interfaces and routing. Any protocol can be converted to a module, which works in a plug-and-play fashion; authentication and encryption can be configured and customised on all traffic and it is also worth mentioning that the framework was designed to be easy to configure, use and develop. In case there is a need to send packets over ICMP type 0 or HTTPS TLS v1.2 with a special header, then this can be done in a matter of minutes, instead of developing a new tool from scratch. The potential use (or abuse) cases are plentiful, such as bypassing network restrictions of an ISP, the proxy of a workplace or obtaining Internet connectivity through bypassing captive portals in the middle of the Atlantic Ocean or at an altitude of 33000ft on an airplane.
This framework is not just a tool; it unites different technologies in the field of tunnelling. While we needed to use different tunnels and VPNs for different protocols in the past like OpenVPN for TCP and UDP, ptunnel for ICMP or iodined for DNS tunnelling, it changes now. After taking a look at these tools it was easy to see some commonality, all of them are doing the same things only the means of communication are different. We simplified the whole process and created a framework that is responsible for everything but the communication itself, we rethought the old way of tunnelling and tried to give something new to the community. After the initial setup the framework takes care of everything. With the check functionality we can even find out, which module can be used on the network, there is no need for any low-level packet fu and hassle. I guarantee that you won’t be disappointed with the tool and the talk, actually you will be richer with an open-source tool.
Making and breaking security in embedded devices
This document discusses security issues in embedded devices and techniques for analyzing and attacking them. It covers identifying debug ports, sniffing communication protocols like SPI and I2C, analyzing radio signals with software-defined radios, extracting firmware from flash memory, analyzing code for vulnerabilities, and defending against such attacks. A variety of open-source tools are recommended for reverse engineering tasks like bus pirate, hackRF, binwalk, and JTAGulator.
2013.devcon3 liferay and google authenticator integration rafik_harabi
Today, with expand of the web portal, many customers are seeking for more secure solutions to access to their web portal outside of their own networks.
For Liferay portal customers, this request has been increased due to the number of portal deployed on Cloud and the increase of deployment of Liferay portal for internet sites (B2C …).
One of the proposed solutions is the use of Multi-factor authentication mechanism.
Google Authenticator is one of the lead open source dual factor authentication systems.
In this presentation, we will explain the integration technical solution of Liferay and Google Authenticator in order to deliver a two-factor authentication system. The presentation will be followed by a live demo.
More Related Content
Viewers also liked
Welcome to the 3rd generation in user authentication
Christian Larsen, Regional Manager, International, SMS Passcode
Virtualization Forum 2014, Prague, 22.10.2014
Jestliže SlideShare nezobrazí prezentaci korektně, můžete si ji stáhnout ve formátu .ppsx nebo .pdf (kliknutím na tlačitko v dolní liště snímků).
Securing ChatOps - DevSecCon Asia 2017 arun n
Securing chat apps with multi factor authentication.
This slide details out the loopholes in chat ops and how they can be managed with multi factor authentication (2fa) luke yubikey and google authentication.
Mobile Cybercrime - Don’t Leave Your Customers Vulnerable
Based on the results of a survey commissioned by Xura, this webinar co-hosted with TMCnet, explored the mobile consumer’s view of the risks they face from mobile network vulnerabilities, and the role of the mobile network operator in protecting them.
Adding Two Factor Authentication to your App with Authy
This talk explains what two factor authentication is, and how to implement it in a Ruby on Rails app with Authy.
Originally presented at Auckland Ruby Nights on April 23 2015: http://www.meetup.com/aucklandruby/events/221958178/
E voting authentication with qr-codes
The document proposes an e-voting authentication scheme that uses QR codes and visual cryptography. Voters are issued two "shares" - one containing a QR code with their password, and one stored in a database. To vote, a voter scans the QR code to reveal the password, enters it, and is authenticated. The scheme aims to be highly usable by requiring only a QR code scanner, with no technical background needed. It evaluates the scheme's security against attacks like intercepting transmitted shares or manipulating scanning software.
Back to the Future of Marketing - #DubaiLynx 2017
Presentation by Jerry Daykin & Mark Brown from Carat at the 2017 Dubai Lynx event, exploring 3 key media trends: where they've come from, where they are now and where they may one day lead.
Secured qr code [Pankaj Jeswani and Team]
Secured QR Code Authentication System
Two Way Encryption used to Enhance the security for QR Code. With Banking Application and Shopping Cart
Project by Pankaj Jeswani | Vishal Chhabria | Sagar Chawla
Under the guidance of Naveen Vaswani Sir
Secure QR code payment
Secure QR code payment is one of the Mobile payment solution of Mobile Money.
jrsys Patented Secure QR code contains not only the URL but also a digital signed data.
www.jrsys.com.tw
Trends and innovation in Fintech
Mahesh Ramachandran gave a presentation on trends and innovations in financial technology (FinTech) that will change customer expectations and experiences. He discussed how demonetization, mobile payments, peer-to-peer lending, robo-advisors, blockchain technology, and other trends will impact customers. A key innovation he highlighted was the Unified Payments Interface, which allows simple and effective money transfers between bank accounts using just a smartphone and virtual payment addresses instead of account numbers. The presentation explained how this new payment system will benefit customers, banks, merchants and the broader financial ecosystem through features like one-click authentication and universal access across interfaces.
Presentation9
The document discusses the benefits of exercise for mental health. Regular physical activity can help reduce anxiety and depression and improve mood and cognitive function. Exercise causes chemical changes in the brain that may help protect against mental illness and improve symptoms for those who already suffer from conditions like anxiety and depression.
2FA, WTF? - Phil Nash - Codemotion Amsterdam 2016
Everyone is hacking everything. Everything is vulnerable. Your site, your users, even you. Are you worried about this? You should be! Don't worry, I'm not trying to scare you (that much). We have plenty of safeguards against attempts on our applications' user data. We all (hopefully) recognise Two Factor Auth as one of those safeguards, but what actually goes on under the hood of 2FA? We'll take a look into generating one time passwords, implementing 2FA in web applications and the only real life compelling use case for QR codes. Together, we'll make the web a more secure place.
The Future of Mobile Payments
The document discusses the future of mobile payments, including the transition to a cashless society through new identification technologies like fingerprint and vein scanning. It describes how devices will identify users through biometrics and location data, allowing new payment methods via technologies like Bluetooth and connected "Internet of Things" devices. This will change both how people pay for items and entire store experiences. Overall, the document outlines emerging mobile and identification technologies that will transform how payments are made.
MOBtexting : Leading A2P Messaging & Cloud Telephony Service Provider
MOBtextng is the leading and premier communications platform as a Service (CPaaS) that provide A2P Messaging and Cloud Telephony Services which can be integrated with any applications, websites, CRM, ERP etc. providing highly integrated communication tools that enable real time collaboration.
Two factor authentication presentation mcit
This document discusses two-factor authentication (2FA) as a method to strengthen user authentication beyond just a username and password. It describes how 2FA uses two different factors, something you know and something you have/are, to verify identity. Specifically, it evaluates using one-time passwords (OTPs) with hard tokens, mobile tokens, and SMS. While hardware tokens are very secure, they are also expensive and inconvenient. Mobile tokens are cheaper but still vulnerable to attacks. The best approach recommends sending the OTP via mobile token while sending transaction details via SMS to separate the factors and prevent SIM swap attacks. The document provides recommendations like using HTTPS and hashing to further improve security with 2FA.
Viewers also liked (14)
Welcome to the 3rd generation in user authentication
Welcome to the 3rd generation in user authentication
Mobile Cybercrime - Don’t Leave Your Customers Vulnerable
Mobile Cybercrime - Don’t Leave Your Customers Vulnerable
Adding Two Factor Authentication to your App with Authy
Adding Two Factor Authentication to your App with Authy
MOBtexting : Leading A2P Messaging & Cloud Telephony Service Provider
MOBtexting : Leading A2P Messaging & Cloud Telephony Service Provider
Similar to 2FA and OTP
10 1 otp all
This document discusses one-time password (OTP) authentication. It describes how OTPs provide two-factor authentication by requiring a password and a unique, time-based code. It outlines Open Authentication (OATH) standards for OTP algorithms like HOTP, TOTP, and OCRA. The document also summarizes different OTP authentication devices like tokens and soft tokens, comparing their security levels and generation mechanisms.
BSides Rochester 2018: Esteban Rodriguez: Ducky In The Middle: Injecting keys...
This document summarizes Esteban Rodriguez's talk on injecting keystrokes into plaintext protocols. It discusses how protocols like VNC, HippoRemote, and early versions of Synergy sent keystrokes in plaintext, allowing them to be intercepted using tools like Wireshark. It then demonstrates how intercepted keystrokes could be cracked, monitored, or injected using tools like Metasploit, custom Python scripts, and rogue Synergy servers implemented with Dissonance. Mitigations discussed include encrypting protocols with SSL and verifying server fingerprints. The overall message is that encryption is important and security research helps improve protocols.
One Time Password - A two factor authentication system
This document provides an overview of one-time passwords (OTP), including a brief history, benefits and costs, categories, generation methods like HOTP and TOTP, delivery methods, relevant RFCs and standards, potential attacks, and development libraries. It defines an OTP as a single-use password or code used to authenticate over untrusted channels, complementing a user password for two-factor authentication. Common OTP types are event-based HOTP, which uses a HMAC to generate codes based on a key and counter, and time-based TOTP, which extends HOTP to generate codes based on time.
Track 5 session 2 - st dev con 2016 - security iot best practices
This document summarizes a presentation on IoT security good practices. It discusses various types of invasive and non-invasive attacks on IoT devices, as well as solutions to improve security such as adding a secure element, using an MCU's security features, and risk management practices. Cryptography methods that can be used for authentication, encryption and integrity are explained. The document also covers topics like secure boot, secure storage, secure communications, and the importance of security over the entire product lifecycle. Recommendations are made to design fortified products, understand risks, use security features and tools, and work with trusted partners.
Virtual Private Networks
Virtual private networks (VPNs) allow secure communications over the public Internet by encrypting data and tunneling it through virtual connections. VPNs function like private leased lines but provide a more cost-effective way to connect remote users and offices. Essential VPN components include encryption endpoints, tunnels to encapsulate data, and authentication of users and devices on the private network. Common VPN setups are either mesh architectures with direct connections between all sites or hub-and-spoke with connections terminating at a central server. Protocols like IPSec and IKE enable encryption and key exchange to securely transmit data over VPN tunnels.
Trick or XFLTReaT a.k.a. Tunnel All The Things
XFLTReaT presentation from RuxCon 2017
This presentation will sum up how to do tunnelling with different protocols and will have different perspectives detailed. For example, companies are fighting hard to block exfiltration from their network: they use http(s) proxies, DLP, IPS technologies to protect their data, but are they protected against tunnelling? There are so many interesting questions to answer for users, abusers, companies and malware researchers. Mitigation and bypass techniques will be shown you during this presentation, which can be used to filter any tunnelling on your network or to bypass misconfigured filters.
Our new tool XFLTReaT is an open-source tunnelling framework that handles all the boring stuff and gives users the capability to take care of only the things that matter. It provides significant improvements over existing tools. From now on there is no need to write a new tunnel for each and every protocol or to deal with interfaces and routing. Any protocol can be converted to a module, which works in a plug-and-play fashion; authentication and encryption can be configured and customised on all traffic and it is also worth mentioning that the framework was designed to be easy to configure, use and develop. In case there is a need to send packets over ICMP type 0 or HTTPS TLS v1.2 with a special header, then this can be done in a matter of minutes, instead of developing a new tool from scratch. The potential use (or abuse) cases are plentiful, such as bypassing network restrictions of an ISP, the proxy of a workplace or obtaining Internet connectivity through bypassing captive portals in the middle of the Atlantic Ocean or at an altitude of 33000ft on an airplane.
This framework is not just a tool; it unites different technologies in the field of tunnelling. While we needed to use different tunnels and VPNs for different protocols in the past like OpenVPN for TCP and UDP, ptunnel for ICMP or iodined for DNS tunnelling, it changes now. After taking a look at these tools it was easy to see some commonality, all of them are doing the same things only the means of communication are different. We simplified the whole process and created a framework that is responsible for everything but the communication itself, we rethought the old way of tunnelling and tried to give something new to the community. After the initial setup the framework takes care of everything. With the check functionality we can even find out, which module can be used on the network, there is no need for any low-level packet fu and hassle. I guarantee that you won’t be disappointed with the tool and the talk, actually you will be richer with an open-source tool.
Making and breaking security in embedded devices
This document discusses security issues in embedded devices and techniques for analyzing and attacking them. It covers identifying debug ports, sniffing communication protocols like SPI and I2C, analyzing radio signals with software-defined radios, extracting firmware from flash memory, analyzing code for vulnerabilities, and defending against such attacks. A variety of open-source tools are recommended for reverse engineering tasks like bus pirate, hackRF, binwalk, and JTAGulator.
2013.devcon3 liferay and google authenticator integration rafik_harabi
Today, with expand of the web portal, many customers are seeking for more secure solutions to access to their web portal outside of their own networks.
For Liferay portal customers, this request has been increased due to the number of portal deployed on Cloud and the increase of deployment of Liferay portal for internet sites (B2C …).
One of the proposed solutions is the use of Multi-factor authentication mechanism.
Google Authenticator is one of the lead open source dual factor authentication systems.
In this presentation, we will explain the integration technical solution of Liferay and Google Authenticator in order to deliver a two-factor authentication system. The presentation will be followed by a live demo.
CNIT 152: 9 Network Evidence
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia, at City College San Francisco.
Website: https://samsclass.info/152/152_F18.shtml
BSIDES-PR Keynote Hunting for Bad Guys
This document discusses techniques for hunting bad guys on networks, including identifying client-side attacks, malware command and control channels, post-exploitation activities, and hunting artifacts. It provides examples of using DNS logs, firewall logs, HTTP logs, registry keys, installed software inventories, and the AMCache registry hive to look for anomalous behaviors that could indicate security compromises. The goal is to actively hunt for threats rather than just detecting known bad behaviors.
CNIT 121: 9 Network Evidence
Slides for a college course based on "Incident Response & Computer Forensics, Third Edition" by by Jason Luttgens, Matthew Pepe, and Kevin Mandia.
Teacher: Sam Bowne
Twitter: @sambowne
Website: https://samsclass.info/121/121_F16.shtml
seminar presentation
1) Users often use simple passwords that are easy to guess or crack, compromising security. The document proposes a 3-level authentication system using passwords, pattern locks, and one-time passwords to address this.
2) The methodology follows a waterfall model, with phases for requirements analysis, system design, implementation, testing, deployment, and maintenance.
3) A time-based one-time password algorithm is used where a password is generated based on the current time and a secret key, changing every 30 seconds for added security.
XFLTReaT: a new dimension in tunnelling (BruCON 0x09 2017)
XFLTReaT presentation from BruCON 0x09 2017
https://www.youtube.com/watch?v=0hnxgu8lkfc
This presentation will sum up how to do tunnelling with different protocols and will have different perspectives detailed. For example, companies are fighting hard to block exfiltration from their network: they use http(s) proxies, DLP, IPS technologies to protect their data, but are they protected against tunnelling? There are so many interesting questions to answer for users, abusers, companies and malware researchers. Mitigation and bypass techniques will be shown you during this presentation, which can be used to filter any tunnelling on your network or to bypass misconfigured filters.
Our new tool XFLTReaT is an open-source tunnelling framework that handles all the boring stuff and gives users the capability to take care of only the things that matter. It provides significant improvements over existing tools. From now on there is no need to write a new tunnel for each and every protocol or to deal with interfaces and routing. Any protocol can be converted to a module, which works in a plug-and-play fashion; authentication and encryption can be configured and customised on all traffic and it is also worth mentioning that the framework was designed to be easy to configure, use and develop. In case there is a need to send packets over ICMP type 0 or HTTPS TLS v1.2 with a special header, then this can be done in a matter of minutes, instead of developing a new tool from scratch. The potential use (or abuse) cases are plentiful, such as bypassing network restrictions of an ISP, the proxy of a workplace or obtaining Internet connectivity through bypassing captive portals in the middle of the Atlantic Ocean or at an altitude of 33000ft on an airplane.
This framework is not just a tool; it unites different technologies in the field of tunnelling. While we needed to use different tunnels and VPNs for different protocols in the past like OpenVPN for TCP and UDP, ptunnel for ICMP or iodined for DNS tunnelling, it changes now. After taking a look at these tools it was easy to see some commonality, all of them are doing the same things only the means of communication are different. We simplified the whole process and created a framework that is responsible for everything but the communication itself, we rethought the old way of tunnelling and tried to give something new to the community. After the initial setup the framework takes care of everything. With the check functionality we can even find out, which module can be used on the network, there is no need for any low-level packet fu and hassle. I guarantee that you won’t be disappointed with the tool and the talk, actually you will be richer with an open-source tool.
Building Awesome APIs with Lumen
An overview of how to structure your Lumen APIs to make them awesome. Topics covered: requests, responses, logging, documentation and testing.
Slides assume some background in Laravel.
Parallel and Asynchronous Programming - ITProDevConnections 2012 (English)
This document discusses parallel and asynchronous programming. It begins by explaining how processors are getting smaller while networks are getting worse, requiring more efficient parallel programming approaches. It then covers different parallel programming models in .NET like data parallelism using PLINQ, task parallelism using TPL, asynchronous programming with async/await, and concurrent collections. It also discusses challenges like cancellation, progress reporting, and synchronization, and how modern .NET addresses these.
Slidecast - Workshop
The document discusses authenticated encryption and the ASC-1 authenticated encryption stream cipher. It describes how authenticated encryption provides both confidentiality and authenticity. Generic composition methods for combining encryption and authentication are analyzed, but are not very efficient. ASC-1 performs encryption and authentication in a single pass using leak extraction from intermediate cipher rounds. Bits are leaked and XORed with the plaintext to generate the ciphertext. ASC-1 specification and decryption/encryption processes are also outlined.
CISSP - Chapter 3 - Cryptography
Cryptography is the science of encrypting and decrypting data using mathematical concepts. It allows sensitive information to be stored or transmitted securely over insecure networks so that only the intended recipient can read it. The key concepts in cryptography include symmetric and asymmetric encryption algorithms, cryptosystems, cryptanalysis, cryptographic primitives like block ciphers and stream ciphers, and elements like keys, initialization vectors, and cryptographic services like confidentiality, integrity, authentication, and non-repudiation. Proper implementation with secure algorithms, large random keys, and protection of actual keys is important for cryptosystem strength.
Virtual Private Network
Virtual Private Networks (VPNs) allow private networks to be connected securely over the public Internet. VPNs use encryption and authentication to protect data as it travels between networks. There are two main types of VPNs - those that operate at the network level using IPSec, and those that operate at the transport level using SSL. VPNs provide cheaper and easier connections than dedicated private networks but are slower and less reliable than direct private network connections.
WebRTC security+more @ KamailioWorld 2018
This document discusses security challenges related to WebRTC. It provides background on security threats to real-time communications protocols. It then summarizes approaches to securing the Session Initiation Protocol (SIP) and Real-time Transport Protocol (RTP), including using Secure RTP (SRTP) with key exchange mechanisms like Secure Description (SDES) and Datagram Transport Layer Security (DTLS-SRTP). It notes the emphasis WebRTC places on mandatory use of DTLS-SRTP to secure media.
Information and network security 28 blowfish
Blowfish is a symmetric block cipher designed as a replacement for DES. It encrypts data in 64-bit blocks using a variable-length key. The algorithm uses substitution boxes and a complex key schedule to encrypt the data in multiple rounds. It is very fast, uses little memory, and is resistant to cryptanalysis due to its complex key schedule and substitution boxes.
Similar to 2FA and OTP (20)
BSides Rochester 2018: Esteban Rodriguez: Ducky In The Middle: Injecting keys...
BSides Rochester 2018: Esteban Rodriguez: Ducky In The Middle: Injecting keys...
One Time Password - A two factor authentication system
One Time Password - A two factor authentication system
Track 5 session 2 - st dev con 2016 - security iot best practices
Track 5 session 2 - st dev con 2016 - security iot best practices
2013.devcon3 liferay and google authenticator integration rafik_harabi
2013.devcon3 liferay and google authenticator integration rafik_harabi
XFLTReaT: a new dimension in tunnelling (BruCON 0x09 2017)
XFLTReaT: a new dimension in tunnelling (BruCON 0x09 2017)
Parallel and Asynchronous Programming - ITProDevConnections 2012 (English)
Parallel and Asynchronous Programming - ITProDevConnections 2012 (English)
More from Tristan Gomez
The Art of Tracking
Presented in the KL Ruby Brigade September 2018
Tracking pixels are used everywhere, but what's the underlying technology to make it work?
We might be very good web developers, but to achieve mastery we need to start going back to the basics and ask ourselves "How exactly does this technology work?"
Maker's Schedule, Manager's Schedule
This document contrasts the schedules of managers and makers (such as programmers and writers). Managers operate on a schedule broken into short time blocks, often hourly, where meetings fill empty slots. Makers require longer uninterrupted blocks of half a day or more to focus on complex tasks without distraction. Interrupting makers cuts their productivity as it takes time to regain focus. The document provides suggestions for reconciling the schedules such as flexitime, communicating availability, and sending meeting questions in advance.
When Javascript isn't Javascript
This document discusses using Ruby code in the browser through a Ruby to JavaScript compiler called Opal. Opal allows you to write Ruby code and compile it to JavaScript, enabling the use of Ruby concepts and syntax directly in web applications. Some key points covered include how Opal maps Ruby concepts like self, nil, and truthy values to their JavaScript equivalents, a demo of a calculator application built with Opal, and answers to common questions about whether and how Ruby and JavaScript can interact when using Opal. Benchmarks are also mentioned comparing performance of Ruby code compiled to JS versus interpreting Ruby directly in the browser.
Slack Bots in Ruby
The document discusses using Slack bots built with Ruby, including core Slack concepts like channels, files, users and APIs, and provides examples of bots like Lunch Roulette that facilitate random connections between users by suggesting places to meet or topics to discuss. It also shares stories about the original design of Fitnesse and the development of the Lunch Roulette bot, and encourages considering frameworks like Rails as a means to an end rather than the defining aspect of an application.
Vue on rails
A gentle introduction to modern clien-side web frameworks for Rails developers
See
https://github.com/parasquid/blog_sample_rails/tree/introducing-vue-js-to-your-rails-devs for the repository
Life Beyond Rails: Creating Cross Platform Ruby Apps
This document discusses building cross-platform applications. It argues that cross-platform support allows reuse of significant portions of code across multiple platforms. Common tools can operate on different things through techniques like encapsulation and polymorphism. While object-oriented programming is about organizing a program with objects, cross-platform development focuses on connecting elements in a modular way to manage complexity.
Refactoring @ Mindvalley: Smells, Techniques and Patterns
Every week my team commits really good, clean code. I decided to get the best of the commits and showcase what makes them good, what smells they address, and what techniques they used.
NuBank - Hyperlocal Banking
This is the pitch I made that won SGD10,000 (second place) for the 2015 DBS Blockchain Hackathon.
https://www.coingecko.com/buzz/3-winning-hacks-from-the-dbs-blockchain-hackathon-in-singapore
How I Hire Developers
The document describes how to hire good developers. It outlines a hiring pipeline that includes a technical test with coding challenges, followed by an interview. The technical test evaluates skills like application design, algorithms, and code quality. The interview focuses more on attitude by asking questions about curiosity, learning, side projects, mistakes made, and what makes a good developer. The goal is to find developers who are passionate about problem solving and enjoyable to work with every day.
Nosql kl-2013-04-25
This document provides an overview and comparison of key-value stores and document databases. It discusses that while they are conceptually similar in storing and accessing data via keys or queries, key-value stores treat aggregates as opaque while document databases are aware of data structures. Sample use cases are given for each: key-value stores for session data and shopping carts, document databases for content management and analytics where structure is important. The document concludes that the right database depends on the job and tradeoffs.
Meaningful metrics
The document discusses meaningful metrics for measuring digital marketing performance. It outlines some common metrics like page views, click-through rates, and signups that provide only superficial insights. More meaningful metrics answer questions about impact on business goals and highlight areas for improvement. The presenter discusses how their company Mindvalley measures the lifetime value of leads to determine how much a lead is worth over time through a system called Oathkeeper. It tracks marketing attribution and monetization across multiple channels. Implementing custom analytics requires flexibility and the ability to attach dollar values to collected data and insights.
More from Tristan Gomez (11)
Life Beyond Rails: Creating Cross Platform Ruby Apps
Life Beyond Rails: Creating Cross Platform Ruby Apps
Refactoring @ Mindvalley: Smells, Techniques and Patterns
Refactoring @ Mindvalley: Smells, Techniques and Patterns
Recently uploaded
“I’m still / I’m still / Chaining from the Block”
“An Outlook of the Ongoing and Future Relationship between Blockchain Technologies and Process-aware Information Systems.” Invited talk at the joint workshop on Blockchain for Information Systems (BC4IS) and Blockchain for Trusted Data Sharing (B4TDS), co-located with with the 36th International Conference on Advanced Information Systems Engineering (CAiSE), 3 June 2024, Limassol, Cyprus.
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Are you ready to revolutionize how you handle data? Join us for a webinar where we’ll bring you up to speed with the latest advancements in Generative AI technology and discover how leveraging FME with tools from giants like Google Gemini, Amazon, and Microsoft OpenAI can supercharge your workflow efficiency.
During the hour, we’ll take you through:
Guest Speaker Segment with Hannah Barrington: Dive into the world of dynamic real estate marketing with Hannah, the Marketing Manager at Workspace Group. Hear firsthand how their team generates engaging descriptions for thousands of office units by integrating diverse data sources—from PDF floorplans to web pages—using FME transformers, like OpenAIVisionConnector and AnthropicVisionConnector. This use case will show you how GenAI can streamline content creation for marketing across the board.
Ollama Use Case: Learn how Scenario Specialist Dmitri Bagh has utilized Ollama within FME to input data, create custom models, and enhance security protocols. This segment will include demos to illustrate the full capabilities of FME in AI-driven processes.
Custom AI Models: Discover how to leverage FME to build personalized AI models using your data. Whether it’s populating a model with local data for added security or integrating public AI tools, find out how FME facilitates a versatile and secure approach to AI.
We’ll wrap up with a live Q&A session where you can engage with our experts on your specific use cases, and learn more about optimizing your data workflows with AI.
This webinar is ideal for professionals seeking to harness the power of AI within their data management systems while ensuring high levels of customization and security. Whether you're a novice or an expert, gain actionable insights and strategies to elevate your data processes. Join us to see how FME and AI can revolutionize how you work with data!
Presentation of the OECD Artificial Intelligence Review of Germany
Consult the full report at https://www.oecd.org/digital/oecd-artificial-intelligence-review-of-germany-609808d6-en.htm
Full-RAG: A modern architecture for hyper-personalization
Mike Del Balso, CEO & Co-Founder at Tecton, presents "Full RAG," a novel approach to AI recommendation systems, aiming to push beyond the limitations of traditional models through a deep integration of contextual insights and real-time data, leveraging the Retrieval-Augmented Generation architecture. This talk will outline Full RAG's potential to significantly enhance personalization, address engineering challenges such as data management and model training, and introduce data enrichment with reranking as a key solution. Attendees will gain crucial insights into the importance of hyperpersonalization in AI, the capabilities of Full RAG for advanced personalization, and strategies for managing complex data integrations for deploying cutting-edge AI solutions.
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
Webinar Recording: https://www.panagenda.com/webinars/hcl-notes-und-domino-lizenzkostenreduzierung-in-der-welt-von-dlau/
DLAU und die Lizenzen nach dem CCB- und CCX-Modell sind für viele in der HCL-Community seit letztem Jahr ein heißes Thema. Als Notes- oder Domino-Kunde haben Sie vielleicht mit unerwartet hohen Benutzerzahlen und Lizenzgebühren zu kämpfen. Sie fragen sich vielleicht, wie diese neue Art der Lizenzierung funktioniert und welchen Nutzen sie Ihnen bringt. Vor allem wollen Sie sicherlich Ihr Budget einhalten und Kosten sparen, wo immer möglich. Das verstehen wir und wir möchten Ihnen dabei helfen!
Wir erklären Ihnen, wie Sie häufige Konfigurationsprobleme lösen können, die dazu führen können, dass mehr Benutzer gezählt werden als nötig, und wie Sie überflüssige oder ungenutzte Konten identifizieren und entfernen können, um Geld zu sparen. Es gibt auch einige Ansätze, die zu unnötigen Ausgaben führen können, z. B. wenn ein Personendokument anstelle eines Mail-Ins für geteilte Mailboxen verwendet wird. Wir zeigen Ihnen solche Fälle und deren Lösungen. Und natürlich erklären wir Ihnen das neue Lizenzmodell.
Nehmen Sie an diesem Webinar teil, bei dem HCL-Ambassador Marc Thomas und Gastredner Franz Walder Ihnen diese neue Welt näherbringen. Es vermittelt Ihnen die Tools und das Know-how, um den Überblick zu bewahren. Sie werden in der Lage sein, Ihre Kosten durch eine optimierte Domino-Konfiguration zu reduzieren und auch in Zukunft gering zu halten.
Diese Themen werden behandelt
- Reduzierung der Lizenzkosten durch Auffinden und Beheben von Fehlkonfigurationen und überflüssigen Konten
- Wie funktionieren CCB- und CCX-Lizenzen wirklich?
- Verstehen des DLAU-Tools und wie man es am besten nutzt
- Tipps für häufige Problembereiche, wie z. B. Team-Postfächer, Funktions-/Testbenutzer usw.
- Praxisbeispiele und Best Practices zum sofortigen Umsetzen
Mind map of terminologies used in context of Generative AI
Mind map of common terms used in context of Generative AI.
UiPath Test Automation using UiPath Test Suite series, part 5
Welcome to UiPath Test Automation using UiPath Test Suite series part 5. In this session, we will cover CI/CD with devops.
Topics covered:
CI/CD with in UiPath
End-to-end overview of CI/CD pipeline with Azure devops
Speaker:
Lyndsey Byblow, Test Suite Sales Engineer @ UiPath, Inc.
Removing Uninteresting Bytes in Software Fuzzing
Imagine a world where software fuzzing, the process of mutating bytes in test seeds to uncover hidden and erroneous program behaviors, becomes faster and more effective. A lot depends on the initial seeds, which can significantly dictate the trajectory of a fuzzing campaign, particularly in terms of how long it takes to uncover interesting behaviour in your code. We introduce DIAR, a technique designed to speedup fuzzing campaigns by pinpointing and eliminating those uninteresting bytes in the seeds. Picture this: instead of wasting valuable resources on meaningless mutations in large, bloated seeds, DIAR removes the unnecessary bytes, streamlining the entire process.
In this work, we equipped AFL, a popular fuzzer, with DIAR and examined two critical Linux libraries -- Libxml's xmllint, a tool for parsing xml documents, and Binutil's readelf, an essential debugging and security analysis command-line tool used to display detailed information about ELF (Executable and Linkable Format). Our preliminary results show that AFL+DIAR does not only discover new paths more quickly but also achieves higher coverage overall. This work thus showcases how starting with lean and optimized seeds can lead to faster, more comprehensive fuzzing campaigns -- and DIAR helps you find such seeds.
- These are slides of the talk given at IEEE International Conference on Software Testing Verification and Validation Workshop, ICSTW 2022.
UiPath Test Automation using UiPath Test Suite series, part 6
Welcome to UiPath Test Automation using UiPath Test Suite series part 6. In this session, we will cover Test Automation with generative AI and Open AI.
UiPath Test Automation with generative AI and Open AI webinar offers an in-depth exploration of leveraging cutting-edge technologies for test automation within the UiPath platform. Attendees will delve into the integration of generative AI, a test automation solution, with Open AI advanced natural language processing capabilities.
Throughout the session, participants will discover how this synergy empowers testers to automate repetitive tasks, enhance testing accuracy, and expedite the software testing life cycle. Topics covered include the seamless integration process, practical use cases, and the benefits of harnessing AI-driven automation for UiPath testing initiatives. By attending this webinar, testers, and automation professionals can gain valuable insights into harnessing the power of AI to optimize their test automation workflows within the UiPath ecosystem, ultimately driving efficiency and quality in software development processes.
What will you get from this session?
1. Insights into integrating generative AI.
2. Understanding how this integration enhances test automation within the UiPath platform
3. Practical demonstrations
4. Exploration of real-world use cases illustrating the benefits of AI-driven test automation for UiPath
Topics covered:
What is generative AI
Test Automation with generative AI and Open AI.
UiPath integration with generative AI
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for life science domain, where you retriever information from biomedical knowledge graphs using LLMs to increase the accuracy and performance of generated answers
Microsoft - Power Platform_G.Aspiotis.pdf
Revolutionizing Application Development
with AI-powered low-code, presentation by George Aspiotis, Sr. Partner Development Manager, Microsoft
Essentials of Automations: The Art of Triggers and Actions in FME
In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation.
We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios.
Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
Imagine a world where machines not only perform tasks but also learn, adapt, and make decisions. This is the promise of Artificial Intelligence (AI), a technology that's not just enhancing our lives but revolutionizing entire industries.
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
ここ3000字までしか入らないけどタイトルの方がたくさん文字入ると思います。
TrustArc Webinar - 2024 Global Privacy Survey
How does your privacy program stack up against your peers? What challenges are privacy teams tackling and prioritizing in 2024?
In the fifth annual Global Privacy Benchmarks Survey, we asked over 1,800 global privacy professionals and business executives to share their perspectives on the current state of privacy inside and outside of their organizations. This year’s report focused on emerging areas of importance for privacy and compliance professionals, including considerations and implications of Artificial Intelligence (AI) technologies, building brand trust, and different approaches for achieving higher privacy competence scores.
See how organizational priorities and strategic approaches to data security and privacy are evolving around the globe.
This webinar will review:
- The top 10 privacy insights from the fifth annual Global Privacy Benchmarks Survey
- The top challenges for privacy leaders, practitioners, and organizations in 2024
- Key themes to consider in developing and maintaining your privacy program
Programming Foundation Models with DSPy - Meetup Slides
Prompting language models is hard, while programming language models is easy. In this talk, I will discuss the state-of-the-art framework DSPy for programming foundation models with its powerful optimizers and runtime constraint system.
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Discover the seamless integration of RPA (Robotic Process Automation), COMPOSER, and APM with AWS IDP enhanced with Slack notifications. Explore how these technologies converge to streamline workflows, optimize performance, and ensure secure access, all while leveraging the power of AWS IDP and real-time communication via Slack notifications.
How to Get CNIC Information System with Paksim Ga.pptx
Pakdata Cf is a groundbreaking system designed to streamline and facilitate access to CNIC information. This innovative platform leverages advanced technology to provide users with efficient and secure access to their CNIC details.
Recently uploaded (20)
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Presentation of the OECD Artificial Intelligence Review of Germany
Presentation of the OECD Artificial Intelligence Review of Germany
Full-RAG: A modern architecture for hyper-personalization
Full-RAG: A modern architecture for hyper-personalization
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
HCL Notes und Domino Lizenzkostenreduzierung in der Welt von DLAU
Mind map of terminologies used in context of Generative AI
Mind map of terminologies used in context of Generative AI
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 5
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
GraphRAG for Life Science to increase LLM accuracy
GraphRAG for Life Science to increase LLM accuracy
Essentials of Automations: The Art of Triggers and Actions in FME
Essentials of Automations: The Art of Triggers and Actions in FME
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
AI 101: An Introduction to the Basics and Impact of Artificial Intelligence
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
みなさんこんにちはこれ何文字まで入るの?40文字以下不可とか本当に意味わからないけどこれ限界文字数書いてないからマジでやばい文字数いけるんじゃないの?えこ...
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
Let's Integrate MuleSoft RPA, COMPOSER, APM with AWS IDP along with Slack
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
2FA and OTP
- 1. 2FA and OTP HMAC HOTP and TOTP implementation in Ruby
- 2. @parasquid Chief Problem Solver at Mindvalley
- 3. • 2FA - two factor authentication • OTP - one time password • HMAC - hash-based message authentication codes (RFC 2104) • HOTP - HMAC-based one time password • TOTP - time-based one time password
- 4. 2FA multiple evidence presented to the authentication mechanism
- 5. OTP a password that can only be used once and then discarded
- 6. RFC 2119 • MUST (NOT), REQUIRED • SHALL (NOT), SHOULD (NOT), RECOMMENDED • MAY, OPTIONAL
- 7. HMAC hash function (md5, sha*, etc) shared secret key message
- 8. HOTP uses HMAC to sign a counter or sequence • The algorithm MUST be sequence or counter- based • The algorithm SHOULD be economical to implement in hardware • MUST work with tokens that don't support any numeric input, but MAY also be used in with more sophisticated devices such as PIN-pads • The value displayed on the token MUST be easily read and entered by the user • There MUST be user-friendly mechanisms available to resynchronize the counter • The algorithm MUST use a strong shared secret • 160bits is RECOMMENDED
- 9. strong shared secret 160 bits using HMAC-SHA1
- 10. token is easily read bit shfting is economical to implement in hardware
- 11. HOTP uses HMAC to sign a counter • The algorithm MUST be sequence or counter- based • The algorithm SHOULD be economical to implement in hardware • MUST work with tokens that don't support any numeric input, but MAY also be used in with more sophisticated devices such as PIN-pads • The value displayed on the token MUST be easily read and entered by the user • There MUST be user-friendly mechanisms available to resynchronize the counter • The algorithm MUST use a strong shared secret • 160bits is RECOMMENDED
- 12. TOTP extends HOTP by using a time-based moving factor • The prover and verifier MUST know or be able to derive the current Unix time • The prover and verifier MUST either share the same secret or the knowledge of a secret transformation to generate a shared secret • The prover and verifier MUST use HOTP as a building block • The prover and verifier MUST use the same time- step value • There MUST be a unique secret (key) for each prover • The keys SHOULD be randomly generated or derived using key derivation algorithms • The keys MAY be stored in a tamper resistant device and SHOULD be protected against unauthorized access and usage
- 13. unix time time step value
- 14. TOTP extends HOTP by using a time-based moving factor • The prover and verifier MUST know or be able to derive the current Unix time • The prover and verifier MUST either share the same secret or the knowledge of a secret transformation to generate a shared secret • The prover and verifier MUST use HOTP as a building block • The prover and verifier MUST use the same time- step value • There MUST be a unique secret (key) for each prover • The keys SHOULD be randomly generated or derived using key derivation algorithms • The keys MAY be stored in a tamper resistant device and SHOULD be protected against unauthorized access and usage
- 15. TOTP extends HOTP by using a time-based moving factor • RECOMMENDED to have at most one time step delay is allowed as the network delay • may be due to network latency OR • may be due to improper server time • handle both future and past • RECOMMENDED to have a time-step value of 30 seconds • larger time-step exposes a larger window to attack • when OTP is generated and exposed to a 3rd party before it is consumed, the 3rd party can consume the OTP before the time-step window • smaller time-step is not a good experience for the user (especially if the device is cumbersome to use)
- 16. DEMO
- 17. Why TOTP? (instead of an RNG) • No need to save tokens in the database • tokens are calculated on the fly • you still need to save the shared secret key • Implementations that adhere to the standard can be used • e.g. FreeOTP, Google Authenticator, FB Authenticator • The best possible attack is a brute-force attack (see https:// tools.ietf.org/html/rfc4226#appendix-A.4.3)
- 18. @parasquid Chief Problem Solver at Mindvalley