BSidesSF 2019 has ended
Back To Schedule
Monday, March 4 • 2:10pm - 2:40pm
Deploying Two-Factor Authentication to Millions of Users

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

Feedback form is now closed.
Two-factor authentication (2FA) represents a second line of defense against account takeover, and all online services accepting passwords should provide 2FA as an option to their users, especially if they deal with sensitive data or money. When implementing 2FA, however, we are faced with several choices that directly impact the user experience, including which methods to support, how and when to introduce them, and more generally how to describe 2FA to users, perhaps with limited technical knowledge.

This talk is structured as a tutorial on how to add 2FA to an existing website, with flows and code samples. It's based on first hand experience implementing 2FA at Pinterest and releasing it globally to millions of users. We cover designing an effective user journey, architecture, and implementation choices including TOTP, push notifications, and FIDO security keys. For completeness, we also cover additional authentication flows such as social login via OAuth or password reset.

avatar for Emanuele Cesena

Emanuele Cesena

Security Engineer, Pinterest
Emanuele Cesena is a Security Engineer at Pinterest focused on product security. Previously, he was co-founder and CTO at Theneeds (acquired by Shopkick) and a researcher in the security group at the Politecnico di Torino, Italy. Emanuele holds a PhD in Mathematics with a thesis in... Read More →

Monday March 4, 2019 2:10pm - 2:40pm PST