Sign up to save your podcasts
Or
Share Designing a Better 2FA Mobile App
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
![Code[ish]](https://podcast-api-images.s3.amazonaws.com/corona/show/685572/logo_300x300.png){kind=logo}
Designing a Better 2FA Mobile App
Chris Castle, a developer advocate at Salesforce, is joined by Evan Grim, a software architect at Salesforce responsible for the Salesforce Authenticator mobile app. Salesforce Authenticator is a component of a two-factor authentication flow. After a user signs in to their Salesforce organization, the mobile app will generate a secure code which is used to provide additional verification. This guarantees that even if a user's password is compromised, a hacker won't be able to login unless they have access to your phone, too.
Experiencing a flow like this has become commonplace, with banks and other websites taking a security-first approach to their user experience. What's starting to change is the way these 2FA apps work. For example, Evan has built a flow where the Salesforce Authenticator uses geolocation to identify where you are. If you log in to a website from the same location enough times to establish a pattern, the app can send the security code automatically, without you needing to type anything in. Evan is very interested in exploring further trends where safety is not compromised for the sake of usability.
For the remainder of the episode, Chris and Evan discuss the fundamentals of the technologies and systems used to build the app. Evan believes that keeping things simple is paramount to any software project. For many years, the Salesforce Authenticator backend was situated in one region, and it served them well. Now that the app has become more popular, they are considering the complexities of multi-region support, including sharding their Postgres database. Their trade-off for focusing on adoption over sophistication has paid off, as it often does. Now that their idea has been validated, they can plan to rearchitect their app to support increased volume from a growing security-conscious user base.
Links from this episode- Wikpedia's article on Multi-factor authentication
- Salesforce Authenticator is an intelligent two-factor authentication app
- Let's Encrypt provides free and automated SSL certificates for any website
- Securing the Web with Let's Encrypt podcast
- Heroku Postgres
View all episodes
By Heroku from Salesforce
4.7
1818 ratings
Chris Castle, a developer advocate at Salesforce, is joined by Evan Grim, a software architect at Salesforce responsible for the Salesforce Authenticator mobile app. Salesforce Authenticator is a component of a two-factor authentication flow. After a user signs in to their Salesforce organization, the mobile app will generate a secure code which is used to provide additional verification. This guarantees that even if a user's password is compromised, a hacker won't be able to login unless they have access to your phone, too.
Experiencing a flow like this has become commonplace, with banks and other websites taking a security-first approach to their user experience. What's starting to change is the way these 2FA apps work. For example, Evan has built a flow where the Salesforce Authenticator uses geolocation to identify where you are. If you log in to a website from the same location enough times to establish a pattern, the app can send the security code automatically, without you needing to type anything in. Evan is very interested in exploring further trends where safety is not compromised for the sake of usability.
For the remainder of the episode, Chris and Evan discuss the fundamentals of the technologies and systems used to build the app. Evan believes that keeping things simple is paramount to any software project. For many years, the Salesforce Authenticator backend was situated in one region, and it served them well. Now that the app has become more popular, they are considering the complexities of multi-region support, including sharding their Postgres database. Their trade-off for focusing on adoption over sophistication has paid off, as it often does. Now that their idea has been validated, they can plan to rearchitect their app to support increased volume from a growing security-conscious user base.
Links from this episode- Wikpedia's article on Multi-factor authentication
- Salesforce Authenticator is an intelligent two-factor authentication app
- Let's Encrypt provides free and automated SSL certificates for any website
- Securing the Web with Let's Encrypt podcast
- Heroku Postgres
More shows like Code[ish]
View all
TED Radio Hour
21,998 Listeners
Planet Money
30,647 Listeners
Global News Podcast
7,685 Listeners
Economist Podcasts
4,181 Listeners
This Week in Startups
1,289 Listeners
Accidental Tech Podcast
2,126 Listeners
Software Engineering Daily
625 Listeners
Science Vs
12,193 Listeners
The Salesforce Admins Podcast
205 Listeners
The Daily
112,489 Listeners
Syntax - Tasty Web Development Treats
986 Listeners
The Diary Of A CEO with Steven Bartlett
8,530 Listeners
Darknet Diaries
8,010 Listeners
All-In with Chamath, Jason, Sacks Friedberg
9,830 Listeners
Plain English with Derek Thompson
2,287 Listeners