Replacing passwords with multiple factors: email, OTP, and hardware keys - TIB AV-Portal

Replacing passwords with multiple factors: email, OTP, and hardware keys

00:00

325

Formal Metadata

Title

Replacing passwords with multiple factors: email, OTP, and hardware keys

Title of Series

EuroPython 2017

Number of Parts

160

Author

License

CC Attribution - NonCommercial - ShareAlike 3.0 Unported:
You are free to use, adapt and copy, distribute and transmit the work or content in adapted or unchanged form for any legal and non-commercial purpose as long as the work is attributed to the author in the manner specified by the author or licensor and the work or content is shared also in adapted form only under the conditions of this

Identifiers

10.5446/33731 (DOI)

Publisher

Release Date

Language

Content Metadata

Subject Area

Computer Science

Genre

Conference/Talk

Abstract

Replacing passwords with multiple factors: email, OTP, and hardware keys [EuroPython 2017 - Talk - 2017-07-10 - Anfiteatro 1] [Rimini, Italy] Passwords have formed the cornerstone of I.T. system authentication for decades, but recent high-profile breaches have underscored the risks of password-based authentication systems. The good news is that we can replace passwords with other factors: email-based authentication one-time passwords (OTP) hardware keys (Yubikeys/U2F, etc.) These factors can be used independently or in conjunction with one another to provide vastly greater security than the traditional username-plus-password combination. Attendees of this talk will walk away with a detailed understanding of: why the traditional username-plus-password combination is failing us why email-based authentication provides no less security overview of one-time passwords and TOTP how to store/retrieve OTP codes, including password manager support state of hardware keys in general, and FIDO U2F standard in particular Attendees will learn how to implement these multi-factor authentication methods in their own Python-based web applications, with primary focus on methods for integrating email-based authentication, one-time passwords, and U2F hardware keys into Django-based projects

Speech

Text

Image

00:00

Software maintenanceNumberAuthenticationFluid staticsServer (computing)Flow separationPhysical systemCartesian coordinate systemWebsiteFamilyInformation securityOcean currentProjective planeBasis <Mathematik>BitFrequencyInformationComputer iconMultiplication signType theoryVulnerability (computing)ComputerStorage area networkLecture/Conference

01:58

IdentifiabilityInformationNumberAddress spacePasswordUsabilityInformation securityOnline helpUniverse (mathematics)CASE <Informatik>InformationPoint (geometry)AuthenticationPasswordAddress spaceFamilyPersonal identification number (Denmark)UsabilityResultantDifferent (Kate Ryan album)Semiconductor memoryFlow separationCore dumpFrequencyDeterminantInformation securityForcing (mathematics)Insertion lossStandard deviationParameter (computer programming)Physical systemVector potentialCategory of beingMultiplication signDegree (graph theory)Row (database)ComputerVirtual machineEntire functionDatabaseGame theoryNumberTerm (mathematics)SummierbarkeitEmailAverageCovering spaceProper mapComputer animationXMLLecture/Conference

08:15

PasswordPhishingTime domainLine (geometry)UsabilityInformation securityAuthenticationLimit (category theory)MathematicsPasswordSingle-precision floating-point formatPower (physics)Line (geometry)WhiteboardWebsiteComputer fontUsabilityEmailMultiplication signData managementQuicksortComputer configurationWeb browserINTEGRALAuthenticationTouchscreenInformation securityTime zoneLink (knot theory)WordOperator (mathematics)Process (computing)Graphical user interfaceForm (programming)ResultantLoginPoint (geometry)outputMathematicsMoment of inertiaMereologyComputerDenial-of-service attackFamilyMessage passingBitInformationAddress spaceElectronic mailing listType theoryImage registrationLecture/Conference

14:14

PasswordProcess (computing)Image registrationInformation managementEmailProgrammable read-only memoryUsabilityInformation securityForm (programming)Case moddingImage registrationWebsiteInformation securityEmailAuthenticationUsabilityTheoryAddress spacePasswordRight angleKeyboard shortcutLink (knot theory)Set (mathematics)Combinational logicClient (computing)MereologyMoment of inertiaField (computer science)Cartesian coordinate system2 (number)Single-precision floating-point formatMultiplication signINTEGRALContext awarenessGoodness of fitPoint (geometry)Type theoryInformationComplex (psychology)TwitterRow (database)Rule of inferencePhysical systemSymbol tableProcess (computing)ResultantDisk read-and-write headNumberWeb browserMetreStress (mechanics)Exterior algebraSelf-organizationMultiplicationOpen setLoginComputer animationLecture/Conference

21:13

Computer hardwareKey (cryptography)AuthenticationGoogolObservational studyReplication (computing)2 (number)QR codeNumberInstance (computer science)ComputerWebsiteType theoryPlastikkarteForm (programming)QuicksortDifferent (Kate Ryan album)Social engineering (security)Multiplication signCartesian coordinate systemAuthenticationDefault (computer science)CryptographyOrder (biology)Physical systemGoodness of fitMereologyDependent and independent variablesKey (cryptography)System callMomentumData managementGoogolCuboidInformation securityPasswordTouchscreenDataflowImage registrationMessage passingHash functionRevision controlUsabilityDigitizingUniverse (mathematics)AutomationWeb browserGame controllerMobile appDrop (liquid)CASE <Informatik>Public-key cryptographyBitTheoryCodeObservational studyEmailFocus (optics)DemosceneTimestampSoftwareFrequencyFreewareConnectivity (graph theory)Information privacyCodeSimulationComputer hardwareNP-hardScaling (geometry)Term (mathematics)TelecommunicationFormal languageSoftware protection dongleInternetworkingTask (computing)Forcing (mathematics)Token ringLecture/Conference

27:58

Menu (computing)Port scannerObservational studyCryptographyKey (cryptography)GoogolFeedbackWeb browserGoodness of fitUsabilityGraphical user interfaceWeb browserInformation securityComputer animation

28:41

Graphical user interfaceWeb browserFeedbackSummierbarkeitExtension (kinesiology)Graphical user interfaceShared memoryWeb browserComputer animation

29:46

Integrated development environmentWeb browserPropositional formulaWebsiteKey (cryptography)ComputerWeb applicationComputer animation

30:28

Group actionInformation securityPhysicalismBiostatisticsProper mapAuthenticationMultiplication signPasswordGoodness of fitKey (cryptography)Vulnerability (computing)Resource allocationoutputRight anglePattern recognitionNatural numberFingerprintNP-hardNumbering schemeFrequencySelf-organizationSession Initiation ProtocolExtension (kinesiology)ResultantGame controllerMassMaxima and minimaDomain nameUsabilityIntegrated development environmentDefault (computer science)Modal logicVector potentialKeyboard shortcutDifferent (Kate Ryan album)Dependent and independent variablesTouch typingUniverse (mathematics)PressureSatelliteGroup actionWeb browserMobile WebVirtual machineData conversionMereologyMechanism designDomain nameInstance (computer science)WordNichtlineares GleichungssystemCartesian coordinate systemTerm (mathematics)Physical systemSystem callType theory1 (number)IRIS-TCombinational logicSoftware protection dongleWebsiteSingle-precision floating-point format2 (number)Mobile appLecture/Conference

37:12

Installation artFirst-person shooterProjective planeSet (mathematics)AuthenticationSkeleton (computer programming)Electronic mailing listUniqueness quantificationKey (cryptography)Information securityForm (programming)Connected spacePasswordMultiplication signFitness functionSelf-organizationEndliche ModelltheorieCartesian coordinate systemMereologySoftware frameworkScripting languagePlug-in (computing)ImplementationLevel (video gaming)Limit (category theory)Similarity (geometry)Computer configurationWeb browserSystem administratorRepository (publishing)Goodness of fitDemo (music)NumberComputer hardwareService (economics)EmailWeb applicationDemosceneBitLatent heatMathematicsCombinational logicDifferenz <Mathematik>Mobile appProcess (computing)Greatest elementCodeFocus (optics)NamespaceCAN busUniform resource locatorWebsiteInstallation artView (database)Lecture/Conference

43:56

Uniform resource locatorContent (media)Message passingAuthenticationKey (cryptography)Information securityTotal S.A.Server (computing)Projective planeMessage passingError messageElectronic visual displayRootWeb browserAuthenticationElectronic mailing listInterface (computing)PasswordHypermediaRevision controlPoint (geometry)Key (cryptography)Standard deviationComputer configurationCodeCombinational logicBackupField (computer science)Data managementCodeLink (knot theory)Flow separationMenu (computing)Public key certificateGoodness of fitCASE <Informatik>Information securityQR codeMobile appTap (transformer)Globale BeleuchtungPrice indexFlash memoryLecture/Conference

46:07

PlastikkarteLoginDatabaseLengthPasswordAbelian categoryEmailIdentity managementServer (computing)Device driverElement (mathematics)Uniform resource locatorWeb 2.0CodeSheaf (mathematics)WebsiteMountain passAuthenticationExecution unitMaxima and minimaToken ringPasswordGreatest elementLoginMultiplication signComputer configurationQR codeComputer iconAuthenticationWeb applicationLattice (order)Touchscreen2 (number)Pattern recognitionForm (programming)Process (computing)WebsiteDifferent (Kate Ryan album)Web browserProjective planeElectronic program guideInformation securityLengthCodePort scannerKey (cryptography)Computer virusAutomatic differentiationCodeComputer animationXML

Transcript: English(auto-generated)