ToTP or Not ToTP, That Is The Question!
Two-factor authentication is more accessible than ever because a smartphone can be found in many a pocket or handbag.
Time based one-time passwords (TOTP) give your users the ability to log into your web application not just based on
something they know (their password), but with another factor: Something they have. In the case of TOTP, generally a
smart phone. Amazon AWS, Google, World of Warcraft, and many others already use this standard to improve authentication security.
It's really easy to add TOTP to your web application, but, like any security measure, it's easy to mess up your implementation. We search the web for a few off the shelf libraries, and delve into the various security problems that these libraries exhibit.
Then, when we've listed out all the various security and API concerns, we demo a complete TOTP Web solution in Java, ready to be deployed in your Web application.
Note that this talk will be held in English!
19.05.2016, 19:00, Fraunhofer IESE, Kaiserslautern