Twilio’s Dan Killmer Swears By His CyberSecurity Development Checklist

As the lead solutions architect with Twilio’s Account Security team, Dan has seen (and solved for) nearly every authentication challenge there is.

Learn More about 2FA

Twilio’s Dan Killmer Swears By His CyberSecurity Development Checklist

Knowing what to include and what to look out for when implementing Twilio Two-Factor Authentication or Phone Verification solutions can seem overwhelming. But not to Dan Killmer. Here, he walks us through an excellent two-factor authentication checklist, intended to help developers determine what type of 2FA security best suits their needs, and where in the user journey it should be offered. We’ll look at how to approach user onboarding in a way that will encourage adoption of the most secure options available. And we'll cover how to create an optimal user experience, consider how often to deliver 2FA messaging, and under what circumstances. And if something goes wrong for the user, we’ll present methods for recovery, including self-service alternatives.

From development, integration, and testing to user education, and error handling, this session will present great motivation to upgrade the security on your websites and mobile apps. Watch the video below, a presentation from SIGNAL 2017, our annual developer conference, to learn more about how simple, yet strong, two-factor authentication can be.

Key Takeaways

This 30-minute presentation includes authentication case studies, demos, onboarding, and user recovery options. It also touches on the user data reports available with a full Twilio authentication deployment. Here are a few highlights:

  • Passwords are still good— if they don't protect things of value, like news access, the ability to leave comments on a blog, and gaming preferences, etc. Anything that's more important should be protected by a stronger level of two-factor authentication.
  • Not everyone may need the same level of protection. High-value users might be required to use your strongest 2FA option, while others might be given opt-in choices for fallback 2FA protection.
  • Every time a 2FA token is verified, you receive contextual information to help you decide how much trust you want to put into the device presenting the token. For example, you’ll see if the device was registered long ago, or just yesterday, which may be a red flag that deserves more attention.
  • No special security communication or mobile development skills are required to add two-factor authentication to any project. All you’ll need are a few lines of code.