Download as PDF, PPTX
More Related Content
![OWASP Global AppSec Dublin 2023 [T]OTPs are not as secure as you might believe](https://cdn.slidesharecdn.com/ss_thumbnails/santiagokantorowicz-globalowaspappssecdublin2023totpsarenotassecureasyoumightbelieve-230228145608-3c713046-thumbnail.jpg?width=640&height=640&fit=bounds)
2FA Best Practices
- 1. 2FA BEST PRACTICES Howto secure your applications with Authy TWILIOUSER&DEVELOPERCONFERENCE
- 2. KELLEY ROBINSON DEVELOPER EVANGELIST 2FABEST PRACTICES How to secure your applications with Authy © 2018 TWILIO, INC. ALL RIGHTS RESERVED. FERDINAND PEREZ SOLUTIONS ARCHITECT
- 3. © 2018 TWILIO,INC. ALL RIGHTS RESERVED. WHY 2FA?
- 4.
- 6. © 2018 TWILIO,INC. ALL RIGHTS RESERVED. 2FA TERMINOLOGY
- 7. OTP (ONE TIMEPASSWORD) • Generic term • Single use tokens, usually numeric © 2018 TWILIO, INC. ALL RIGHTS RESERVED.
- 8. © 2018 TWILIO,INC. ALL RIGHTS RESERVED. WHY IS SMS 2FA "BAD"? • SS7 vulnerabilities • SIM swapping (social engineering) Link: The Post SS7 Future of 2FA
- 9. But it's notperfect SMS 2FA IS BETTER THAN NO 2FA © 2018 TWILIO, INC. ALL RIGHTS RESERVED.
- 10. © 2018 TWILIO,INC. ALL RIGHTS RESERVED. SMS ALTERNATIVES
- 11. © 2018 TWILIO,INC. ALL RIGHTS RESERVED. Push
- 12. © 2018 TWILIO,INC. ALL RIGHTS RESERVED. TOTP (Time-based One Time Passwords)
- 13. © 2018 TWILIO,INC. ALL RIGHTS RESERVED. 2FA ONBOARDING
- 14. © 2018 TWILIO,INC. ALL RIGHTS RESERVED.
- 15. © 2018 TWILIO,INC. ALL RIGHTS RESERVED.
- 16. © 2018 TWILIO,INC. ALL RIGHTS RESERVED.
- 17. © 2018 TWILIO,INC. ALL RIGHTS RESERVED.
- 18. © 2018 TWILIO,INC. ALL RIGHTS RESERVED.
- 19. © 2018 TWILIO,INC. ALL RIGHTS RESERVED.
- 20. © 2018 TWILIO,INC. ALL RIGHTS RESERVED.
- 21. © 2018 TWILIO,INC. ALL RIGHTS RESERVED.
- 22. © 2018 TWILIO,INC. ALL RIGHTS RESERVED. 🔓SIGNED IN CONTENT🔓
- 23. © 2018 TWILIO,INC. ALL RIGHTS RESERVED. 2FA USER EXPERIENCE
- 24. © 2018 TWILIO,INC. ALL RIGHTS RESERVED.
- 25. © 2018 TWILIO,INC. ALL RIGHTS RESERVED.
- 26. © 2018 TWILIO,INC. ALL RIGHTS RESERVED.
- 27. © 2018 TWILIO,INC. ALL RIGHTS RESERVED.
- 28. © 2018 TWILIO,INC. ALL RIGHTS RESERVED. ACCOUNT SECURITY SESSIONS AT SIGNAL
- 29. LUCAS VIDAL ENGINEERING MANAGER 2FAIMPLEMENTATION BEST PRACTICES © 2018 TWILIO, INC. ALL RIGHTS RESERVED. JOSH STAPLES SENIOR SALES ENGINEER Dive deeper into 2FA implementation
- 30. DAN KILLMER SALES ENGINEERINGMANAGER BUILDING PHONE VERIFICATION AT SCALE Phone verification seems like a simple thing to build on Twilio right? Create a random code, send it via SMS and then check it? Not so fast! © 2018 TWILIO, INC. ALL RIGHTS RESERVED.
- 31. SIMON THORPE DIRECTOR, PRODUCTMARKETING HOW TO AUTHENTICATE CALLERS AND PREVENT SOCIAL ENGINEERING ATTACKS USING TWILIO FLEX © 2018 TWILIO, INC. ALL RIGHTS RESERVED. JULIAN CANTILLO SOFTWARE ENGINEER With Twilio Flex, we have much more modern methods of authentication to simplify not only inbound, but also outbound calls.
- 32. KELLEY ROBINSON DEVELOPER EVANGELIST PRACTICALCRYPTOGRAPHY Get an introduction to Public Key Cryptography and learn how Twilio uses it inside the Authy app. © 2018 TWILIO, INC. ALL RIGHTS RESERVED.
- 33. THANK YOU! TWILIOUSER&DEVELOPERCONFERENCE KELLEY ROBINSON KROBINSON@TWILIO.COM FERDINANDPEREZ FPEREZ@TWILIO.COM