lambdatastic/2FA.md

## 2FA.md

      
    Raw
  

              2FA.md
            
          
    class: middle, center
Two-Factor Authentication

Why and how you should use it

What is 2FA? MFA?


MFA Categories

Factors are something you:

Have (Possession): key, smartcard, token
Know (Knowledge): password, PIN, security questions
Are (Inheritance):fingerprints, voice, eyes


class: middle, center
Why?


Value To Us


Security is only as strong as our weakest link
Knowledge-based 1FA is weak and only getting weaker
2FA helps us keep our customer data safe
Demonstrates commitment to security practices


Value To Users


Simple for all users
Vastly superior security compared to effort


class: middle, center
How?


Out-of-Band Authentication (OOBA)

Things such SMS and Email codes

Relies on a separate, (hopefully) secure interface to the user.
Can be used to bypass all security if compromised (depending on how things such as password resets are handled).
Better than nothing, but there are easier options that offer better security.


One Time Password (OTP)


Vast improvement over the security of OOBA
Relies on a shared secret and counter
Easy to implement
Has two implementations for different needs (HOTP and TOTP)
Has standards

HOTP: RFC 4226
TOTP: RFC 6238


HMAC-Based One-Time Password (HOTP)


Standardized in 2005
Counter is based on events
Can be implemented in hardware or software.
Event drift can be used to detect login attempts
Syncing a counter off of events is difficult


Time-Based One-Time Password


Standardized in 2011
Counter is based off of current time using a sliding window (usually 30 seconds)
Can be implemented in hardware or software

Google Authenticator is the most famous example of this


Does not support detection of login attempts
Time is much easier to keep in sync
We all use this


Universal 2nd Factor (U2F)


Standard created by FIDO (Fast IDentity Online) Alliance
Inspired by smart card standards
Uses USB or NFC tokens to authenticate via cryptographic signatures
Most secure

Asymmetric crypto (private on token, public on server)
Key never leaves the device
No passing around secrets from server to client
Counter drift is nonexistent
Cannot be used as a primary source of authentication (server needs to know what key to ask for)


Can be hard to implement


class: center, middle
Questions?


## React.md

      
    Raw
  

              React.md
            
          
    class: middle, center
React

The Presentation

Purpose


To learn what React is
To learn how to use it in your applications


Schedule


15 minute overview / use cases
50 minutes coding
30 minutes testing
15 minutes questions

Will be a 10 minute break somewhere in here.

class: middle, center
#What is React?

#Facebook's Definition
"A Javascript library for building user interfaces"

#My definition
"That thing that killed Angular dead and made functional programming on the frontend great again"

What makes React so popular?


Does one thing really, really well (UI and UI accessories)
Is simple to reason about (unidirectional flow vs event systems)
Has a very small API (14 methods on React, 7 on React.component)
Great support for functional programming
Virtual DOMs make updating a page fast
Backed by Facebook


What does React not do?


Routing (Backbone, Angular)
Event systems (Backbone)
Module Loading (Angular)


class: middle, center
Basically, anything that's not UI


Things to take away


React is simple
React is not something to be scared of (coughAngularcough)


class: middle, center
And now we code!