Dylan  Iqbal

Dylan Iqbal


What is 2FA?

Maybe you’ve heard the term 2FA (or two-factor authentication) or MFA (multi-factor authentication) but weren’t sure what was involved with it. Or perhaps, you are already familiar with implementing 2FA but want to know more about the best practices. Either way, this video from Kelley Robinson is just for you!

Sign up for a free Twilio API key: https://www.twilio.com/try-twilio?utm_source=morioh.com

Check out the Related Links section of this description for more information on 2FA.

Authentication needs to be usable for it to be successful. Unfortunately, passwords are pretty insecure. Not only do some users choose guessable passwords but they tend to use them all over the internet as well. 2FA adds an extra layer of security by requiring at least two types of authentication. Like all security, authentication is all about finding the right balance between usability and friction. In this video Kelley walks through the why’s and how’s behind 2FA, some data around implementation stats, and the different options for adding 2FA to your applications.

Thanks for watching!


  • 0:00 What is 2FA?
  • 0:59 Passwords are insecure!
  • 1:29 Password re-use leads to account takeovers
  • 2:01 Other types of authentication factors
  • 2:34 Examples of 2FA
  • 3:09 Methods for adding 2FA to your applications
  • 3:33 SMS 2FA
  • 4:03 Email 2FA
  • 4:18 Time-based one-time passcodes (TOTP)
  • 4:49 Push authentication
  • 5:30 Users must opt-in for 2FA to be effective
  • 7:04 Tips for implementing 2FA
  • 7:41 Incentivizing users to opt-in

#security #developer

What is GEEK

Buddha Community

What is 2FA?
Martin  Soit

Martin Soit


How to Build an Interactive 2FA Screen using Flutter

An interactive 2FA screen is table stakes with the SignUp/SignIn flow these days especially if you’re building an app that requires high levels of security.

Note: If you came for the code, skip to the bottom of this post for a link to my GitHub repo.

Image for post

End result of this post

In this post, I will walk you through the process of building a screen that looks like the one above. So let’s get started.

So, let’s go ahead and declare it in our pub_spec.yaml file and do a ‘flutter packages get’

Since, this is clearly a stateful widget, let’s go ahead and declare a stateful widget,

Image for post

We have created a basic stateful widget that has a TextEditingController so that we can use it for a TextField for the user to type the code, a FocusNode that can be attached to the TextField, a ‘code’ string which will hold the value of the code, a ‘loaded’, ‘shake’ and ‘valid’ boolean variables for toggling the state based on whether the backend returned after validating the code, the text fields must shake(animate with a red) for invalid code and if the code is valid or not respectively.

Now, for the onChange() callback of the TextField, let’s define a method that takes the current value of the code and sets the state of the **_code _**variable to that value.

Image for post

For the onClick() callback of the **_Verify _**button, let’s go ahead and define a function where we will make the backend call, **_validate2FaCode(code) _**which is asynchronous.

Image for post

#flutter #2fa #ios #mobile-app-development

Web  Dev

Web Dev


How 2FA without SMS or Email | TypingDNA Verify

TypingDNA Verify is an interesting way to do 2FA through Typing Biometrics instead of the traditional SMS or Email authentication verification methods.


  • 00:00 - Introduction
  • 02:35 - What is TypingDNA Verify
  • 03:48 - How the 2FA method works
  • 06:46 - Setting up Verify Client
  • 10:11 - Coding example of Verify Authentication
  • 28:30 - Conclusion

Github NodeJs Demo Code:

#security #web-development #webdev #2fa

Kim Hans  Jin

Kim Hans Jin


Python Tutorial - Integrating 2FA/MFA using PyOTP

You must have come across buzzwords such as “MFA”, “2FA” at some point but what do they really mean? Why are they so popular these days? And why is it becoming such a focal point in the security layer?

What is 2FA/MFA?

2FA/MFA stands for 2-Factor/ Multi Factor Authentication. Conventional authentication system require only your username and password. We call such type of Auth Systems as “SFA” (Single Factor Authentication).In MFA, multiple factors combine together to prove that it’s actually you who’s trying to access the system. Currently there are three types:

  • Something that you know (your password, maybe a couple of security questions.)
  • Something that you own/ Something that you have (your mobile phone).
  • Something that you are (Thumb Print/ Face recognition etc.)

2FA is just a subset of MFA. It involves 2 factors while authenticating a user:

  • Username/password.
  • One time password sent to your device.

Standards for generating an OTP

One Time Password (OTP) is generated using a shared secret key and another factor such as counter or time. Two main standards for generating an OTP are HOTP and TOTP. Event-based OTP (also called HOTP) is the original One-Time Password algorithm and relies on two pieces of information: A shared secret and a counter. The first step involves generating an HMAC hash from the shared secret and counter. In the next step we truncate the resultant HMAC hash to our desired length (6 digits preferably) to obtain an OTP. The counter is then incremented on the server side to obtain a new OTP.

HOTP is great but incrementing the counter can become a headache. Also, HOTP pass-codes can be valid for a pretty long time, hence putting our system at risk. To solve these problems, we are going to discuss the second standard known as TOTP.

#python #2fa #django #pyotp #mfa

Ysia Tamas


Secure CakePHP Applications with 2FA using Twilio Authy

Massive data breaches and sophisticated social engineering attacks in recent months suggest that guessing a user’s password (or retrieving it from a database on the dark web) has become easier than people think. Along with the fact that most people tend to reuse passwords (for ease of remembrance), securing your application by requiring just a username and password is no longer enough. This has led to the rise of Two Factor Authentication (2FA) - an added layer of security where the user has to provide some extra information (such as a One Time Token or One Time Password) before they can gain access to their account.

In this tutorial, I will show you how to use Twilio’s Verify API to implement Two Factor Authentication for a CakePHP application. At the login stage, the application will send a token as an SMS to the user’s phone number. Only after providing this token to the application will the user be allowed into the secure area where sensitive transactions of the user’s company are warehoused.

#2fa #twilio #web-development

Joseph  Norton

Joseph Norton


TypingDNA Verify Tutorial - Simple, User Friendly 2FA

Welcome back to another video! In this video, I’ll be showing you typing biometrics which can be used as two-factor authentication that can be used when signing into or creating an account. This is possible through TypingDNA, they have both an authentication API and the verify API.

Thanks to TypingDNA for sponsoring this video! Create a FREE account today at: https://www.typingdna.com/

📄 Resources 📄
TypingDNA Authentication API Tutorial: https://www.youtube.com/watch?v=SFgEPbmeJOk
TypingDNA Docs: https://verify.typingdna.com/docs/
SendGrid Website: https://sendgrid.com/
Download ngrok: https://ngrok.com/download
Download Node.js: https://nodejs.org/en/
Code In This Video: https://github.com/techwithtim/TypingDNA-Verify-API-Tutorial

⭐️ Timestamps ⭐️

  • 00:00 | Verify Users With TypingDNA
  • 01:54 | TypingDNA Demo
  • 04:41 | Advantages of Typing Biometrics 2FA
  • 05:55| TypingDNA Setup
  • 07:27 | SendGrid Setup
  • 10:24 | Creating an Integration
  • 14:11 | Installing Node.js
  • 14:45 | Express Server Setup
  • 20:31 | Creating PUG Templates
  • 21:45 | Setting Up HTTP Routes
  • 23:55 | Integrating TypingDNA (Backend)
  • 33:15 | Integrating TypingDNA (Front-End)
  • 40:34 | Validating One-Time-Password
  • 52:30 | Conclusion

#typingdna #2fa #security #developer