WTF, 2FA!? - Y U No Protect Me?

Presented at Kernelcon 2019, April 5, 2019, 11:35 a.m. (20 minutes)

An exploration of two factor authentication from a developers prospective, and why it is so hard to find two factor implementation best practices. Attendees will come out of this talk learning some trials and tribulations of a real life implementation of two factor authentication, why the sms based authentication is by far the least secure, and why two factor is not the security bandage that it is billed to be.

Presenters:

• Christine Seeman - Flywheel
  Christine is from Omaha, Nebraska where she works as a full stack Ruby on Rails engineer at Flywheel, WordPress hosting for creatives. She has 12 years experience as a Java software engineer with a focus on APIs, incorporating security through the whole SDLC and micro-services and took the plunge into Ruby just this May. In her spare time she is an avid long form reader, lover of all true-crime podcasts and is attempting to work through the primary Ashtanga yoga series.

Links:

• https://2019.kernelcon.org/agenda#2fa

Similar Presentations:

• AppSec USA 2015 / The Inmates Are Running the Asylum – Why Some Multi-Factor Authentication Technology is Irresponsible
• BSidesLV 2014 / Proof of work as an additional factor of authentication
• THOTCON 0x7 (2016) / Turning Credential Harvesting Into Credential Clearcutting: Phishing 2FA Systems