Upload File

adding two factor authentication to your app with authy

  • Home
  • Software
  • Adding Two Factor Authentication to your App with Authy
41
Adding 2FA to your App with Authy (but actually 2SV) Nick Malcolm @nickmalcolm github.com/nickmalcolm/twofactorexample

Upload: nick-malcolm

Post on 14-Apr-2017

313 views

Category:

Software


2 download

Report

TRANSCRIPT

Page 1: Adding Two Factor Authentication to your App with Authy

Adding 2FA to your App with Authy (but actually 2SV)

Nick [email protected]/nickmalcolm/twofactorexample

Page 2: Adding Two Factor Authentication to your App with Authy

The Difference Between Steps & Factors

Implementing Two-Step Verification with Authy

Page 3: Adding Two Factor Authentication to your App with Authy

What is 2FA?!

Page 4: Adding Two Factor Authentication to your App with Authy

Two Factor Authentication

Page 5: Adding Two Factor Authentication to your App with Authy

Step

One act of providing authentication

Factor

An independent source of

authentication

Page 6: Adding Two Factor Authentication to your App with Authy

Something You KnowSomething You HaveSomething You Are

Page 7: Adding Two Factor Authentication to your App with Authy

SMS:something you have???

Authy / GA:something you have???

Page 8: Adding Two Factor Authentication to your App with Authy

SMS:can be spoofed, cloned, MITMd, iMessage

Authy / GA:is based on the app knowing a user token

Page 9: Adding Two Factor Authentication to your App with Authy

Dongle thingies

Independent. Possession required.

Page 10: Adding Two Factor Authentication to your App with Authy

Two Step Two FactorSingle Factor

Password Password+ One Time

Password

Password+ OTP from an

INDEPENDENT component

Page 11: Adding Two Factor Authentication to your App with Authy

Example video time!

Page 12: Adding Two Factor Authentication to your App with Authy

Two Step Two FactorSingle Factor

Password Password+ One Time

Password

Password+ OTP from an

INDEPENDENT device

Page 13: Adding Two Factor Authentication to your App with Authy

What Do Customers Get Out Of It?

Page 14: Adding Two Factor Authentication to your App with Authy

What Do I Get Out Of It?

Page 15: Adding Two Factor Authentication to your App with Authy

Why use Authy?

Page 16: Adding Two Factor Authentication to your App with Authy

Let’s build it!

Page 17: Adding Two Factor Authentication to your App with Authy

Follow along:

● github.com/nickmalcolm/twofactorexample● (tag v0.1.0 will get you to a starting point)

Page 18: Adding Two Factor Authentication to your App with Authy
Page 19: Adding Two Factor Authentication to your App with Authy

Plan of attack:

1. Install Authy2. Let Users turn 2FA on3. Force 2FAd Users to verify on sign in

Page 20: Adding Two Factor Authentication to your App with Authy

1) Sign up & install Authy

Page 21: Adding Two Factor Authentication to your App with Authy
Page 22: Adding Two Factor Authentication to your App with Authy

/config/secrets.yml

/config/initializers/authy.rb

Page 23: Adding Two Factor Authentication to your App with Authy

2) Let users turn on 2FA

Page 24: Adding Two Factor Authentication to your App with Authy

Cellphone + Email

Token

Token

1) User Found/Created in Authy

2) Authy sends a token

3) The user sends it back

4) Success!

Page 25: Adding Two Factor Authentication to your App with Authy

/app/controllers/two_factor_authentication_controller.rb

Page 26: Adding Two Factor Authentication to your App with Authy

/app/views/two_factor_authenticator/setup.html.erb

Page 27: Adding Two Factor Authentication to your App with Authy

localhost:3000/two_factor_authentication/setup

Page 28: Adding Two Factor Authentication to your App with Authy

/app/controllers/two_factor_authentication_controller.rb

Page 29: Adding Two Factor Authentication to your App with Authy

/app/views/two_factor_authenticator/verify.html.erb

Page 30: Adding Two Factor Authentication to your App with Authy

localhost:3000/two_factor_authentication/verify

Page 31: Adding Two Factor Authentication to your App with Authy
Page 32: Adding Two Factor Authentication to your App with Authy

/app/controllers/two_factor_authentication_controller.rb

Page 33: Adding Two Factor Authentication to your App with Authy

Yay, 2FA is turned on!

Page 34: Adding Two Factor Authentication to your App with Authy

3) Use it when they sign in

Page 35: Adding Two Factor Authentication to your App with Authy

/app/controllers/sessions_controller.rb

Page 36: Adding Two Factor Authentication to your App with Authy

/app/controllers/sessions_controller.rb

Page 37: Adding Two Factor Authentication to your App with Authy

localhost:3000/sessions/two_factor_required

Page 38: Adding Two Factor Authentication to your App with Authy

/app/controllers/sessions_controller.rb

Page 39: Adding Two Factor Authentication to your App with Authy
Page 40: Adding Two Factor Authentication to your App with Authy

What did we do?

● Learnt the difference between Steps & Factors

● Signed up for Authy● Let users turn on 2FA● Required a 2FA token on Sign In

Page 41: Adding Two Factor Authentication to your App with Authy

Thanks! Questions??github.com/nickmalcolm/twofactorexample

@nickmalcolmrevert.io


1 © NOKIA Nokia_TIA-835D_MIPv6_authentication / 18AUG03 / ETacsik MIPv6 authentication MIPv6 authentication – AAAv6 MIPv6 authentication – PANA MIPv6 authentication

IN2120 Information Security · • Authentication frameworks for e-Government User Authentication IN2120 2. Taxonomy of Authentication User Authentication IN2120 3 Authentication

Adding Support for Authentication and Encryption to Openbts

Example procedure for adding O365 authentication to

FACT FAMILIES ADDING Subtraction ADDING Subtraction ADDING Subtraction ADDING Subtraction

CircuitPython 2FA TOTP Authentication Friend · Using an app on your phone like Authy or Authenticator, you set up a secret given to you by the service, then every 30 ... Easy! You

Adding Applications to the Enterprise Authentication System Robert Banz, UMBC Tom Barton, University of Chicago

Using two-factor authentication with SSL VPN - Fortinet · 1. Registering FortiToken with a FortiGate unit and FortiGuard 2. Adding two-factor authentication to the user’s account

Adding bandwidth specification to a AAA Sever511017/FULLTEXT01.pdfAdding bandwidth specifications to a AAA server Abstract Authentication, authorization, and accounting (AAA) are key

User Management: Configuring Authentication Servers · Chapter 7 User Management: Configuring Authentication Servers Adding an Authentication Provider While running Windows 2008 AD

Authentication Without Authentication

SafeNet Authentication Service · Push OTP Integration Guide ... SafeNet Authentication Service delivers a fully automated, ... Adding Pulse Connect Secure as an Authentication Node

2008_WiFi Authentication and Roaming Authentication

Authentication Function 2: Message Authentication Code

Smart Authentication Datasheet Smart Authentication Server

Authentication On-Boarding. Aadhaar Authentication Enrolment Aadhaar Generation Update Secure Aadhaar Authentication Framework Aadhaar Authentication

Authentication & Reputation, Adding Business Value In The Real World

Crestron Enterprise Management Platform Installation … Security with Basic Authentication, Windows Authentication, Digest Authentication, Client Certificate Mapping Authentication,

Google’s Firebase Platform · Google’s Firebase Platform Adding services to your android application User Authentication Realtime Database. Firebaseis amobileandweb applicationdevelopment

Authentication and Access Control - Infopoint Security · • Authentication Method: An Authentication Method determines the type of authentication scheme that is provided by an Authentication

Remote Authentication Landscape and Authentication Methods

NERSC Multi-Factor Authentication€¦ · 20 Additional details sshproxy keys >24 hours with justification and authorization Desktop app ("authy") for the smartphone-less "Backup"

lab title AWS Identity and Access Management V1 AWS IAM.pdf · factor authentication (MFA) for root access on our account. Download and install Authy to your desktop or mobile. It

Adding Third-Party Authentication to Open edX: A …research.google.com/pubs/archive/43424.pdf · Adding Third-Party Authentication to Open edX: A Case Study Abstract In this document,

Authentication Applications. will consider authentication functions will consider authentication functions developed to support application-level authentication

Date : 2/12/2010 Web Technology Solutions Class: Adding Security and Authentication Features to Your Application

UNIX Authentication and Pluggable-authentication Modules ... · UNIX Authentication and Pluggable-authentication Modules (PAMs) Russell Bateman Description of UNIX authentication,

Outline User authentication –Password authentication, salt –Challenge-response authentication protocols –Biometrics –Token-based authentication Authentication

RESEARCH ARTICLE Evaluation of Authentication …Authentication Center (AUC): Authentication Center where all authentication algorithms are defined. The Authentication Centre (AUC)

Adding bandwidth specification to a AAA Sever511017/FULLTEXT01.pdf · 2012-03-19 · Adding bandwidth specifications to a AAA server Abstract Authentication, authorization, and accounting

S V E C C SVECC Newsletter 20.pdf · it’s easy to set up Google Authenti-cator or Authy to consolidate all of your two-factor-authentication needs. Encrypt your USB flash drives:

Authentication without Authentication - Peerlyst meetup

Define authentication Authentication credentials Authentication models Authentication servers Extended authentication protocols Virtual

E-Guide to adding Two-Factor Authentication to your ... · E-Guide to adding Two-Factor Authentication to your Corporate Network IRC: # wikid on freenode.net @wikidsystems

Advanced Authentication Server- Administration - NetIQ · 2 System Requirements 17 ... 3.5.8 Adding License ... Advanced Authentication Server is connected to a Directory