Reddit Breach Highlights Limits of SMS-Based Authentication

Reddit.com today disclosed that a data breach exposed some internal data, as well as email addresses and passwords for some Reddit users. As Web site breaches go, this one doesn’t seem too severe. What’s interesting about the incident is that it showca… Continue reading Reddit Breach Highlights Limits of SMS-Based Authentication

Is it a bad idea to have the user choose the TOTP secret instead of generating it automatically?

Reading about TOTP-based authentication systems that use smartphones as one-time code generators, I seem to understand that typically the shared secret is generated automatically by the “server” (the system to which the user … Continue reading Is it a bad idea to have the user choose the TOTP secret instead of generating it automatically?

Two Factor Authentication with the ESP8266

Google Authenticator is a particularly popular smartphone application that can be used as a token for many two factor authentication (2FA) systems by generating a time-based one time password (referred to as TOTP). With Google Authenticator, the combination of your user name and password along with the single-use code generated by the application allows you to securely authenticate yourself in a way that would be difficult for an attacker to replicate.

That sounds great, but what if you don’t have a smartphone? That’s the situation that [Lada Ada] recently found herself in, and rather than going the easy route and …read more

Continue reading Two Factor Authentication with the ESP8266