I am pleased to announce that the latest episode of The Polyglot Developer Podcast is now available on pretty much every popular podcast network. This episode, which is episode 25 of the show, is all about two-factor authentication (2FA) and the things you should be familiar with when it comes to implementing it in your web applications.
In this episode titled, Securing Applications with a Second Factor of Authentication, I’m joined by Luke Walker who is a Solutions Architect at Yubico. In case you’re unfamiliar, Yubico creates the very popular YubiKey which is often featured on technology news outlets as being an incredible hardware token for protecting users from malicious circumstances.
When it comes to 2FA, there are many approaches. These approaches can consist of SMS, push notifications, time-based one-time passwords, U2F, or even the new FIDO2. If you’re interested in learning about each, this episode of the podcast should give you some insight before you try to implement them.Read More
As you know, based on a few of the tutorials that I’ve published recently, I have a YubiKey that I’ve been learning how to take full advantage of. In previous tutorials I demonstrated how to implement U2F in your web application, but most YubiKey devices do so much more than just U2F authentication. For example, the YubiKey NEO and YubiKey 5 have support for U2F, FIDO2, OpenPGP, OTP, and a bunch of other crazy technologies.
In this tutorial, we’re going to explore using the YubiKey as a smart card for storing our PGP signing, encryption, and authentication subkeys.Read More
Not too long ago I had written a tutorial titled, U2F Authentication with a YubiKey Using Node.js and jQuery, which demonstrated how to use hardware keys as a means of universal two-factor (U2F) authentication. However, I had left some things to be desired in that previous post. For example, the previous tutorial did not use proper session management with Express.js and it used jQuery, which is neat, but by no means is as popular as some of the other web frameworks that currently exist.Read More
About a week ago I had written about using HTTPS with Node.js and hinted at hardware based two-factor authentication as my reason for needing it. In case you’re unfamiliar with 2FA, there are numerous approaches ranging from HMAC-based one-time passwords (HOTP) and time-based one-time passwords (TOTP) which are software based, to the hardware based universal two-factor (U2F) standard.
If you’ve been keeping up with the blog, you’ll remember I had written a tutorial titled, Implement 2FA with Time-Based One-Time Passwords in a Node.js API, which focused on the software side of things. I recently picked up some YubiKey dongles and thought I’d try my luck with the hardware side of things.
In this tutorial, we’re going to see how to implement U2F functionality in our Node.js powered RESTful API and interact with the API and our hardware dongles using jQuery in the web browser.Read More