February 02, 2023

HPR3784: Two factor authentication without a phone number

Listen Later

19 minutes

Many services implement 2FA (Two factor authentication) by sending

you a OTP (One Time Password) using an SMS with a random code, but this

forces you to give them your valuable phone number. What alternatives do

exist?

Let's dive into the HOTP,

used by some banks years ago through a physical token and the recent TOTP,

which both let you generate completely offline codes without

using any phone number or any other personal detail. They use the HMAC technique usually

with a SHA-1 one-way hashing function, but other hashing functions can

be used too.

Useful links:

a little visual explanation I found here

Aegis

android OTP generator

use TOTP in KeepassXC for a desktop generator guide

Let's keep Webauthn maybe for a

future episode, I'm still exploring it and have to do more research.

...more

View all episodes

View all episodes

Download on the App Store

Download on the App Store

Get it on Google Play

Hacker Public Radio

By Hacker Public Radio

4.2

3434 ratings

February 02, 2023

HPR3784: Two factor authentication without a phone number

Listen Later

19 minutes

Many services implement 2FA (Two factor authentication) by sending

you a OTP (One Time Password) using an SMS with a random code, but this

forces you to give them your valuable phone number. What alternatives do

exist?

Let's dive into the HOTP,

used by some banks years ago through a physical token and the recent TOTP,

which both let you generate completely offline codes without

using any phone number or any other personal detail. They use the HMAC technique usually

with a SHA-1 one-way hashing function, but other hashing functions can

be used too.

Useful links:

a little visual explanation I found here

Aegis

android OTP generator

use TOTP in KeepassXC for a desktop generator guide

Let's keep Webauthn maybe for a

future episode, I'm still exploring it and have to do more research.

...more

More shows like Hacker Public Radio

The Changelog: Software Development, Open Source by Changelog Media

The Changelog: Software Development, Open Source

289 Listeners

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec by Jerry Bell and Andrew Kalat

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

373 Listeners

LINUX Unplugged by Jupiter Broadcasting

LINUX Unplugged

268 Listeners

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

653 Listeners

Curious Cases by BBC Radio 4

Curious Cases

828 Listeners

The Strong Towns Podcast by Strong Towns

The Strong Towns Podcast

422 Listeners

Late Night Linux by The Late Night Linux Family

Late Night Linux

164 Listeners

Darknet Diaries by Jack Rhysider

Darknet Diaries

8,045 Listeners

Cybersecurity Today by Jim Love

Cybersecurity Today

181 Listeners

CISO Series Podcast by David Spark, Mike Johnson, and Andy Ellis

CISO Series Podcast

189 Listeners

TechCrunch Daily Crunch by TechCrunch

TechCrunch Daily Crunch

42 Listeners

Strict Scrutiny by Crooked Media

Strict Scrutiny

5,798 Listeners

2.5 Admins by The Late Night Linux Family

2.5 Admins

98 Listeners

Cyber Security Headlines by CISO Series

Cyber Security Headlines

139 Listeners

What the Hack? by DeleteMe

What the Hack?

221 Listeners