Abstract: An exploration of two factor authentication from a developer's perspective. It's difficult to find two factor implementation best practices, so attendees will come out of this talk learning some trials and tribulations of a real life implementation of two factor authentication, why the sms based authentication is by far the least secure, and why two factor is not the security bandage that it is billed to be.
Detailed Description: I just got through with implementing two factor in a web based Ruby/Rails application and this paper will be a look into my lessons learned to help future developers/info security professionals. When you search for information on two factor authentication, what usually turns up is some generic information that it is a good idea to make sure it is enabled. That is not enough for someone who actually needs to implement it or evaluate its security. The general structure of the talk would be: