I.T. Security and Linux Administration:

September, 2013

1

September 30, 2013  5:58 PM

Create Your Own Two-Factor Authentication System: Authenticating Tokens



Posted by: Eric Hansen
security

Again an easy but essential requirement for our two-factor system. This will be another Flask web route and mostly database driven. Lets look at the flow of how things will transpire first for this project: SMS: POST number to /sms -> URI generates token and sends to number via SMS ->...

September 30, 2013  5:35 PM

Create Your Own Two-Factor Authentication System: Saving Tokens



Posted by: Eric Hansen
security

We're almost there! Now we need to save the tokens we've generated as well as the phone number requesting it. While can be done anywhere I chose to plop it into the generate_token() method because we'd have to write the code twice otherwise. Luckily its a small fix, and we'll finally be able to...


September 30, 2013  5:10 PM

Create Your Own Two-Factor Authentication System: Block Incoming Calls



Posted by: Eric Hansen
security

Every incoming and outgoing request to the number (voice and SMS) goes against your balance. Unfortunately there's nothing you can do to stop people from trying to spam your SMS inbox. There is a silver lining though with voice calls. On your Twilio dashboard click "Numbers" near the top, then...


September 30, 2013  4:57 PM

Create Your Own Two-Factor Authentication System: Outgoing Calls



Posted by: Eric Hansen
security

Now we'll go into making outbound calls. This is pretty similar to SMS but does get more advanced pretty quickly. Now is the time where being Internet-reachable is a necessity. First, how to create a call. For this I'm going to make the functions easy again:

@app.route("/voice/")
def...


September 30, 2013  4:14 PM

Create Your Own Two-Factor Authentication System: Generating Tokens



Posted by: Eric Hansen
security

This will be a small blurb compared to the rest but this is rather essential. This isn't the best way to generate tokens and in no way do I recommend you use this in a practical case. Here is the code, however (place it just below the app = ... line):

def generate_token(number):
    from...


September 30, 2013  3:43 PM

Create Your Own Two-Factor Authentication System: Connecting to Twilio In Python & Send SMS



Posted by: Eric Hansen
security

When I wrote the original code I made things way too complicated for it. So, I'll steer you in the direction of NOT doing that, and we'll make this simple! After our import lines, add these:

TWILIO_SID = "xxx"
TWILIO_AUTH = "yyy"
TWILIO_NUMBER = "zzz"
The xxx and yyy will be...


September 30, 2013  3:11 PM

Create Your Own Two-Factor Authentication System: Basic Web Service



Posted by: Eric Hansen
security

What we need is something to handle HTTP requests.  Thankfully Flask does this for us and is extremely easy to use! First thing we'll do is import all of the stuff we need/want:

from flask import Flask, request, redirect, make_response
from twilio import twiml as TwiML,...


September 30, 2013  2:59 PM

Create Your Own Two-Factor Authentication System: Creating the Database



Posted by: Eric Hansen
security

Lets figure out what we need to make this magical wonderland happen.  We need a user's phone number, a field to state if the phone is usable or not (if we should concern ourselves with requests from it) and storage for the active token.  If we want to make it more advanced than we will but for...


September 30, 2013  12:00 PM

Create Your Own Two-Factor Authentication System: Setting Up Your Twilio Account



Posted by: Eric Hansen
security

For the point of this guide we are going to be using just our test account number.  The only difference between that and a purchased number is that every SMS or call is prefixed with a "Thank you for using Twilio" kind of message.  For demo'ing everything its a small price to pay.  I'll also be...


September 30, 2013  11:46 AM

Create Your Own Two-Factor Authentication System: Intro and Requireements



Posted by: Eric Hansen
security

Just like everything else with IT security, once a gem is found everyone jumps on it.  Originally I was going to offer this as a service for my business (still might to a degree), but instead thought I'd share with the Internet how to create yourself a beneficial two-factor authentication system....


1

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: