Overview
Explore the intricacies of implementing two-factor authentication (2FA) for large-scale online services in this 30-minute conference talk from BSidesSF 2019. Learn how to design an effective user journey, make crucial architectural decisions, and implement various 2FA methods including TOTP, push notifications, and FIDO security keys. Gain insights from first-hand experience deploying 2FA to millions of users at Pinterest. Discover best practices for introducing 2FA, explaining it to users with limited technical knowledge, and integrating it with existing authentication flows such as social login via OAuth and password reset. Walk through practical code samples and flows to enhance your understanding of adding this critical security feature to existing websites.
Syllabus
BSidesSF 2019 - Deploying Two-Factor Authentication to Millions of Users (Emanuele Cesena)
Taught by
Security BSides San Francisco