Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

2FA Best Practices

183 vues

Publié le

From Superclass 2018

Publié dans : Ingénierie
  • Soyez le premier à commenter

2FA Best Practices

  1. 1. 2FA BEST PRACTICES How to secure your applications with Authy TWILIOUSER&DEVELOPERCONFERENCE
  2. 2. KELLEY ROBINSON DEVELOPER EVANGELIST 2FA BEST PRACTICES How to secure your applications with Authy © 2018 TWILIO, INC. ALL RIGHTS RESERVED. FERDINAND PEREZ SOLUTIONS ARCHITECT
  3. 3. © 2018 TWILIO, INC. ALL RIGHTS RESERVED. WHY 2FA?
  4. 4. haveibeenpw n ed. c om
  5. 5. © 2018 TWILIO, INC. ALL RIGHTS RESERVED. 2FA TERMINOLOGY
  6. 6. OTP (ONE TIME PASSWORD) • Generic term • Single use tokens, usually numeric © 2018 TWILIO, INC. ALL RIGHTS RESERVED.
  7. 7. © 2018 TWILIO, INC. ALL RIGHTS RESERVED. WHY IS SMS 2FA "BAD"? • SS7 vulnerabilities • SIM swapping (social engineering) Link: The Post SS7 Future of 2FA
  8. 8. But it's not perfect SMS 2FA IS BETTER THAN NO 2FA © 2018 TWILIO, INC. ALL RIGHTS RESERVED.
  9. 9. © 2018 TWILIO, INC. ALL RIGHTS RESERVED. SMS ALTERNATIVES
  10. 10. © 2018 TWILIO, INC. ALL RIGHTS RESERVED. Push
  11. 11. © 2018 TWILIO, INC. ALL RIGHTS RESERVED. TOTP (Time-based One Time Passwords)
  12. 12. © 2018 TWILIO, INC. ALL RIGHTS RESERVED. 2FA ONBOARDING
  13. 13. © 2018 TWILIO, INC. ALL RIGHTS RESERVED.
  14. 14. © 2018 TWILIO, INC. ALL RIGHTS RESERVED.
  15. 15. © 2018 TWILIO, INC. ALL RIGHTS RESERVED.
  16. 16. © 2018 TWILIO, INC. ALL RIGHTS RESERVED.
  17. 17. © 2018 TWILIO, INC. ALL RIGHTS RESERVED.
  18. 18. © 2018 TWILIO, INC. ALL RIGHTS RESERVED.
  19. 19. © 2018 TWILIO, INC. ALL RIGHTS RESERVED.
  20. 20. © 2018 TWILIO, INC. ALL RIGHTS RESERVED.
  21. 21. © 2018 TWILIO, INC. ALL RIGHTS RESERVED. 🔓SIGNED IN CONTENT🔓
  22. 22. © 2018 TWILIO, INC. ALL RIGHTS RESERVED. 2FA USER EXPERIENCE
  23. 23. © 2018 TWILIO, INC. ALL RIGHTS RESERVED.
  24. 24. © 2018 TWILIO, INC. ALL RIGHTS RESERVED.
  25. 25. © 2018 TWILIO, INC. ALL RIGHTS RESERVED.
  26. 26. © 2018 TWILIO, INC. ALL RIGHTS RESERVED.
  27. 27. © 2018 TWILIO, INC. ALL RIGHTS RESERVED. ACCOUNT SECURITY SESSIONS AT SIGNAL
  28. 28. LUCAS VIDAL ENGINEERING MANAGER 2FA IMPLEMENTATION BEST PRACTICES © 2018 TWILIO, INC. ALL RIGHTS RESERVED. JOSH STAPLES SENIOR SALES ENGINEER Dive deeper into 2FA implementation
  29. 29. DAN KILLMER SALES ENGINEERING MANAGER BUILDING PHONE VERIFICATION AT SCALE Phone verification seems like a simple thing to build on Twilio right? Create a random code, send it via SMS and then check it? Not so fast!  © 2018 TWILIO, INC. ALL RIGHTS RESERVED.
  30. 30. SIMON THORPE DIRECTOR, PRODUCT MARKETING HOW TO AUTHENTICATE CALLERS AND PREVENT SOCIAL ENGINEERING ATTACKS USING TWILIO FLEX © 2018 TWILIO, INC. ALL RIGHTS RESERVED. JULIAN CANTILLO SOFTWARE ENGINEER With Twilio Flex, we have much more modern methods of authentication to simplify not only inbound, but also outbound calls.
  31. 31. KELLEY ROBINSON DEVELOPER EVANGELIST PRACTICAL CRYPTOGRAPHY Get an introduction to Public Key Cryptography and learn how Twilio uses it inside the Authy app. © 2018 TWILIO, INC. ALL RIGHTS RESERVED.
  32. 32. THANK YOU! TWILIOUSER&DEVELOPERCONFERENCE KELLEY ROBINSON KROBINSON@TWILIO.COM FERDINAND PEREZ FPEREZ@TWILIO.COM

×