Secure your web application with 2FA

Rob Allen (12.Apr.2017 at 19:00, 50 min)
Talk at PHPSW: Security, April 2017 (English - UK)

Rating: 5 of 5

Protecting your users' data with just a username and password is no longer satisfactory. Two-factor authentication (2FA) is the primary method of countering the effects of stolen passwords and is easy to implement in your web application. In this session we will discuss what two-factor authentication is, how it works and the challenges associated with it. We will then look how to integrate two-factor authentication into your PHP application's login workflow. We'll consider both YubiKey and Google Authenticator implementations, so you can make your users' accounts more secure.

Who are you?

Claim talk

Talk claims have been moved to the new Joind.in site.

Please login to the new site to claim your talk

 
Comments closed.

Comments

Rating: 4 of 5

12.Apr.2017 at 20:06 by Tom Robertshaw (9 comments) via Web2 LIVE

Experienced presenter that took his time and spoke with confidence. Handled questions responsibly answering and reflecting on those that he could and acknowledge when he didn't know the answer.

Genuinely interesting topic as I didn't know how 2FA worked. Would have been good to hear some more thought leadership probing some questions about it's usage etc.

Rating: 4 of 5

13.Apr.2017 at 11:32 by Craig Francis (4 comments) via Web2 LIVE

Good talk, as I've been meaning to look at the inner workings of Two Factor Authentication (the algorithm).

The simplicity will hopefully push me to implement it soon, but I also appreciate the comments that while the basic check is easy, we need to develop a full solution - e.g. ability to remember the browser (to avoid annoying the customer); and a fallback process (when the user drops/looses their phone).

Rating: 5 of 5

13.Apr.2017 at 11:52 by Lucia Velasco (38 comments) via Web2 LIVE

It was pitched perfectly for me. The combination of technical concepts with straightforward language was really helpful, I came away feeling that I'd learnt a lot about one subject, including actionable information and an understanding of some of the technical language (acronyms) in this area. It was very useful that concise yet complete tidbits of whats and hows were peppered throughout without being code heavy (what should I use, how should I use it), as a result 2FA feels very doable without the need to re-research it.

I benefitted from the frequent reminders that users are inherently lazy, as well as the questions afterwards which probed the feasibility of this becoming mainstream.

Rating: 5 of 5

13.Apr.2017 at 19:46 by Rhymes Toasterface (4 comments) via Web2 LIVE

A genuinely engaging and interesting talk from a very experience presenter.

Well written, not rushed. Informative enough, but not confounding for those with no experience with 2FA.

Showed how easy it is to implement and critically - inspired probably more than just myself to go away and put it in place in their applications.

© Joind.in 2019