The All Things Auth Podcast
Alex Grinman explains how Krypton, their open source browser extension and mobile app, can turn the phone sitting in your pocket into a phishing resistant two factor authentication (2FA) security key.
Alex shares the story of how Krypton first started as a secure messaging app, then evolved to help developers manage SSH keys, and today aims to make phishing resistant two factor authentication a realistic option for average internet users.
We get Alex’s thoughts on Google’s recent focus on allowing Android phones to be used as security keys, what happens if you lose your phone, and different approaches to account recovery.
Social media & website
Resources mentioned in episode
- Phishing resistant two factor authentication (2FA) comes from implementing the FIDO2: WebAuthn & CTAP specifications.
- Krypton’s blog post, Our Zero-Trust Infrastructure, explains how the Krypton app pairs your phone to your browser to guarantee secure communication.
- You can find all of Kryptco’s open source software on GitHub.
- Google Security Blog - Advisory: Security Issue with Bluetooth Low Energy (BLE) Titan Security Keys.
You can find Conor, the host, on Twitter @conorgil.