Adding Two Factor Authentication to your App with Authy

Adding 2FA to your App with Authy (but actually 2SV)

Nick Malcolm@nickmalcolmgithub.com/nickmalcolm/twofactorexample

The Difference Between Steps & Factors

Implementing Two-Step Verification with Authy

What is 2FA?!

Two Factor Authentication

One act of providing authentication

Factor

An independent source of

authentication

Something You KnowSomething You HaveSomething You Are

SMS:something you have???

Authy / GA:something you have???

SMS:can be spoofed, cloned, MITMd, iMessage

Authy / GA:is based on the app knowing a user token

Dongle thingies

Independent. Possession required.

Two Step Two FactorSingle Factor

Password Password+ One Time

Password

Password+ OTP from an

INDEPENDENT component

Example video time!

Two Step Two FactorSingle Factor

Password Password+ One Time

Password

Password+ OTP from an

INDEPENDENT device

What Do Customers Get Out Of It?

What Do I Get Out Of It?

Why use Authy?

Let’s build it!

Follow along:

● github.com/nickmalcolm/twofactorexample● (tag v0.1.0 will get you to a starting point)

Plan of attack:

1. Install Authy2. Let Users turn 2FA on3. Force 2FAd Users to verify on sign in

1) Sign up & install Authy

/config/secrets.yml

/config/initializers/authy.rb

2) Let users turn on 2FA

Cellphone + Email

1) User Found/Created in Authy

2) Authy sends a token

3) The user sends it back

4) Success!

/app/controllers/two_factor_authentication_controller.rb

/app/views/two_factor_authenticator/setup.html.erb

localhost:3000/two_factor_authentication/setup

/app/views/two_factor_authenticator/verify.html.erb

localhost:3000/two_factor_authentication/verify

Yay, 2FA is turned on!

3) Use it when they sign in

/app/controllers/sessions_controller.rb

localhost:3000/sessions/two_factor_required

/app/controllers/sessions_controller.rb

What did we do?

● Learnt the difference between Steps & Factors

● Signed up for Authy● Let users turn on 2FA● Required a 2FA token on Sign In

Thanks! Questions??github.com/nickmalcolm/twofactorexample

@nickmalcolmrevert.io

Adding Two Factor Authentication to your App with Authy

Software

Transcript of Adding Two Factor Authentication to your App with Authy

lab title AWS Identity and Access Management V1 AWS IAM.pdf · factor authentication (MFA) for root access on our account. Download and install Authy to your desktop or mobile. It

Example procedure for adding O365 authentication to ...

Outline User authentication –Password authentication, salt –Challenge-response authentication protocols –Biometrics –Token-based authentication Authentication.

Authentication. TOPICS Objectives Legacy Authentication Protocols IEEE 802.1X Authentication Extensible Authentication Protocol (EAP) Authentication Servers.

Advanced Authentication Server- Administration - NetIQ · 2 System Requirements 17 ... 3.5.8 Adding License ... Advanced Authentication Server is connected to a Directory ...

doc.: IEEE 802.22-08/0174r11€¦ · Web viewAdditionally, the basic security mechanisms are strengthened by adding digital-certificate-based CPE device-authentication to the key

Authentication without Authentication - Peerlyst meetup

Adding bandwidth specification to a AAA Sever511017/FULLTEXT01.pdf · 2012-03-19 · Adding bandwidth specifications to a AAA server Abstract Authentication, authorization, and accounting

CircuitPython 2FA TOTP Authentication Friend · Using an app on your phone like Authy or Authenticator, you set up a secret given to you by the service, then every 30 ... Easy! You

FACT FAMILIES ADDING Subtraction ADDING Subtraction ADDING Subtraction ADDING Subtraction.

Remote Authentication Landscape and Authentication Methods ...

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication.

RightPlug Product Authentication Strategy R002rightplug.org/whitepapers/RightPlug Product Authentication Strategy... · RightPlug Product Authentication Strategy ... Product authentication

User Management: Configuring Authentication Servers · Chapter 7 User Management: Configuring Authentication Servers Adding an Authentication Provider While running Windows 2008 AD

Google’s Firebase Platform · Google’s Firebase Platform Adding services to your android application User Authentication Realtime Database. Firebaseis amobileandweb applicationdevelopment

1 Message Authentication and Hash Functions Authentication Requirements Authentication Functions Message Authentication Codes Hash Functions Security of.

Categorical Aid Personnel System User’s · PDF fileCategorical Aid Personnel System (CAPS) ... Adding Job Positions ... //online.ksde.org/authentication/login.aspx as a district

UNIX Authentication and Pluggable-authentication Modules ... · UNIX Authentication and Pluggable-authentication Modules (PAMs) Russell Bateman Description of UNIX authentication,

Authentication through Claims-Based Authentication

. Define authentication Authentication credentials Authentication models Authentication servers Extended authentication protocols Virtual.