Abstract
Universal-second factor devices are the new hotness in the two-factor login world. Sleek, sophisticated and secure, they combine high-quality crypto with an even-your-dog-could-use-it one-touch interface to produce a smooth and pleasant login experience.
U2F devices are built on public-key crypto, where the device signs challenges produced by the server. They have many interesting features, including a certificate to identify the device provider, and mechanisms to detect cloned devices and know if the user is actually present when the device is activated. The way they generate key pairs is also quite clever, allowing for devices with no on-board storage at all.
In this talk I'll tell you what U2F is, why it's important, how it works and how to implement it in your service or application. I'll also have some devices to give away to help you get started with this fascinating two-factor technology.
Presented by
Rob N ★
Rob does operations for FastMail, a Melbourne-based hosted email service. He does everything from building hardware to tweaking CSS, but his special interests are bolting services and programs together and fiddling with security hardware and software. Both of these interests are mostly about breaking other people's stuff and so it's pretty much the funnest job in the world.