2FA Introducing 2FA Notifier - How to Get More Internet Users to Enable 2FA on Their Accounts Ray and I built an open source browser extension called 2FA Notifier that helps people enable 2FA on their accounts. Read about the extension and the problem it solves in my article that was initially published on the Okta Developer Blog.
2FA A medium dive on the Time-based One-time Passwords (TOTP) spec More technical than the All Things Auth overview article and less technical than the specification itself, here is a medium dive on how TOTP works under the hood!
2FA TOTP: (way) more secure than SMS, but more annoying than Push Ever wonder how Google Authenticator works? Learn why TOTP 2FA is drastically more secure than SMS 2FA and the security and usability tradeoffs it makes.
Zapier Zapier docs: plain-english, useful content, and helpful visual cues Often an after thought, docs are a critical part of the security UX. Zapier has paid particular attention to creating useful docs and it really shows!
Zapier Zapier: Long emoji passwords and how to avoid credential stuffing attacks Zapier password policies allow users to create ridiculously strong passwords, but need some updates to reject weak and previously compromised passwords.
Zapier How Zapier rolled out 2FA support Two factor authentication (2FA) doesn't provide effective security if users don't enable it. Learn how Zapier announced the rollout of 2FA to its users!
Zapier The Big Idea for Zapier: Contextual 2FA Promotion March 2018 is Zapier month! Our Big Idea for Zapier is contextual 2FA promotion: an even better way to encourage users to enable two factor authentication!
Zapier Zapier: 2FA Deep Dive March 2018 is Zapier month! We dive deep into the security and user experience of Zapier's TOTP two factor authentication (2FA) implementation: what works and what could be improved?
Zapier Screencast Episode 1: Zapier March 2018 is Zapier month! Conor and Ray discuss passwords, hatch a plan to increase two factor authentication (2FA) adoption rates, and propose changes to the Zapier team plan.
2FA SMS: The most popular and least secure 2FA method SMS doesn’t actually prove “something you have”, so don’t rely on it for 2FA unless you absolutely must! Learn how SMS 2FA works to understand why.
2FA Two Factor Authentication (2FA): What is it? How does it work? Why you should care! Learn why two factor authentication (2FA) is so important, how it actually protects your accounts, and how to assess the 2FA methods available on the services that you use!
Security features are features too! All aspects of the user experience (UX) must be considered first class priorities for any feature that hopes to provide effective security.
Authentication Shared Responsibility Model Authentication and authorization are shared responsibilities between service providers and end-users.