A Tale of Two Sides of 2FA

Explore the complexities of two-factor authentication (2FA) in this 50-minute conference talk. Delve into real-world implementations, best practices, and common pitfalls of 2FA. Learn how to protect yourself and your users by understanding the impacts of different 2FA methods, including SMS, time-based one-time passwords, push notifications, and U2F. Examine security basics, password policies, and the importance of user experience in implementing 2FA. Discover strategies for rate limiting, user opt-in, and handling user errors. Gain insights into the challenges faced by both users and developers when it comes to 2FA, and walk away with practical knowledge to enhance the security of your applications.

Introduction
Learning Objectives
Login Screen
Social Engineering
Reddit Hack
What is Authentication
What are the different factors
What happened
SMS 2FA
Signaling System 2
Hacking Options
TimeBased OneTime Password
Push Notifications
Email
Tokenbased
OTP vs U2F
What would we change
Whats up now
Security
Ring Nest
IoT Cameras
Security Basics
Xkcd
Why does this help
Password calculator
Password policies
GitHub
LinkedIn
Pandora
Password hash encryption
Adaptive oneway functions
Verification codes
Lessons learned
Twofactor authentication vendors
Rate limiting
Truncated exponential backoff
Im a Ruby programmer
User optin
American Express shame on you
Do it yourself approach
User testing
User errors
Friction
User Experience
Thanks
Flywheel
Remote Happiness
User Experience Design
Reset Passwords