Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

YouTube

Security and Privacy Failures in Popular 2FA Apps

USENIX via YouTube

Overview

Explore a critical analysis of security and privacy vulnerabilities in popular Two-Factor Authentication (2FA) apps presented at USENIX Security '23. Delve into the research conducted by experts from UC Berkeley and ICSI on Time-based One-Time Password (TOTP) algorithms and their implementation in Android apps. Discover the challenges users face in maintaining access to TOTP secrets and the various backup mechanisms employed by popular apps. Learn about the systematic assessment methodology used to evaluate the security and privacy implications of these backup strategies. Uncover alarming findings, including the reliance on potentially insecure technologies, sharing of personal information with third parties, cryptographic flaws, and potential access to plaintext TOTP secrets by app developers. Gain insights into recommended improvements for enhancing the security and privacy of TOTP 2FA app backup mechanisms in this informative 15-minute conference talk.

Syllabus

USENIX Security '23 - Security and Privacy Failures in Popular 2FA Apps

Taught by

USENIX

Reviews

Start your review of Security and Privacy Failures in Popular 2FA Apps

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Someone learning on their laptop while sitting on the floor.