Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Two-factor authentication

Two-factor authentication

Talk given at Montreal Ruby in March 2013.

Synopsis of the talk:

Following the recent Rails vulnerabilities we all know that keeping our dependencies up-to-date is important. What is equally important is providing our users with ways of securing their accounts. We’ll look at how two-factor authentication works, a way of implementing it and how to leverage the Google Authenticator mobile app.

Christian Joudrey

March 19, 2013
Tweet

More Decks by Christian Joudrey

Other Decks in Programming

Transcript

  1. totp.now # => 281918 sleep 30 totp.verify(281918) # => false

    totp.verify_with_drift(281918, 30) # => true
  2. class User < ActiveRecord::Base # ... before_create :set_auth_secret private def

    set_auth_secret self.auth_secret = ROTP::Base32.random_base32 end end
  3. class AdminController < ApplicationController # ... before_filter :authenticate_user! before_filter :validate_client

    private def validate_client # ... client_id = cookies.signed[:client_id] || SecureRandom.uuid # ... end end