adding two factor authentication to your app with authy
TRANSCRIPT
Adding 2FA to your App with Authy (but actually 2SV)
Nick [email protected]/nickmalcolm/twofactorexample
The Difference Between Steps & Factors
Implementing Two-Step Verification with Authy
What is 2FA?!
Two Factor Authentication
Step
One act of providing authentication
Factor
An independent source of
authentication
Something You KnowSomething You HaveSomething You Are
SMS:something you have???
Authy / GA:something you have???
SMS:can be spoofed, cloned, MITMd, iMessage
Authy / GA:is based on the app knowing a user token
Dongle thingies
Independent. Possession required.
Two Step Two FactorSingle Factor
Password Password+ One Time
Password
Password+ OTP from an
INDEPENDENT component
Example video time!
Two Step Two FactorSingle Factor
Password Password+ One Time
Password
Password+ OTP from an
INDEPENDENT device
What Do Customers Get Out Of It?
What Do I Get Out Of It?
Why use Authy?
Let’s build it!
Follow along:
● github.com/nickmalcolm/twofactorexample● (tag v0.1.0 will get you to a starting point)
Plan of attack:
1. Install Authy2. Let Users turn 2FA on3. Force 2FAd Users to verify on sign in
1) Sign up & install Authy
/config/secrets.yml
/config/initializers/authy.rb
2) Let users turn on 2FA
Cellphone + Email
Token
Token
1) User Found/Created in Authy
2) Authy sends a token
3) The user sends it back
4) Success!
/app/controllers/two_factor_authentication_controller.rb
/app/views/two_factor_authenticator/setup.html.erb
localhost:3000/two_factor_authentication/setup
/app/controllers/two_factor_authentication_controller.rb
/app/views/two_factor_authenticator/verify.html.erb
localhost:3000/two_factor_authentication/verify
/app/controllers/two_factor_authentication_controller.rb
Yay, 2FA is turned on!
3) Use it when they sign in
/app/controllers/sessions_controller.rb
/app/controllers/sessions_controller.rb
localhost:3000/sessions/two_factor_required
/app/controllers/sessions_controller.rb
What did we do?
● Learnt the difference between Steps & Factors
● Signed up for Authy● Let users turn on 2FA● Required a 2FA token on Sign In
Thanks! Questions??github.com/nickmalcolm/twofactorexample
@nickmalcolmrevert.io