

How Authy Built A Fault-Tolerant Two-Factor Authentication Service - ngrandy
http://blog.leanstack.io/how-authy-built-a-fault-tolerant-two-factor-authentication-service/

======
danielpal
Hi Daniel from Authy here. I helped with the design of this infrastructure
last year and I was a little shocked we weren't able to do automatic fail-over
with PostgreSQL.

I'd be interested to know if anyone here is running a Postgres pool that
handles automatic fail-over how are you doing it? Specifically which watch-dog
are you using, how are they handling slave to master promotion, how do you add
more slaves automatically and how do you load-balance.

~~~
nico
Sorry, this is not a reply, but I second that motion. I'm currently involved
in a project with a pretty big Postgres DB, but we haven't been able to find
good literature about high availability deployments. It also seems like all
solutions are third party software, most of which lack proper documentation or
haven't been updated in a long time.

------
lsh123
Just my $0.02:

OpenVPN has a built-in 2-factor authentication based on the X509 certificates:
you need to have a valid certificate together with a valid password to connect
to the VPN service. SMS/phone based authentication does not add another factor
since it is also a "what you have" type of authentication (i.e. your laptop
can be stolen in exactly the same time as your phone is stolen). Of course,
X509 certificates work the best in the enterprise environment but that's the
OpenVPN target market anyway.

~~~
growse
Given that it's possible to memorize a certificate, it definitively _cannot_
be a 'something you have' factor. Something you have is more than just data. A
client cert is nothing more than a fancy long password.

~~~
teraflop
The base64-encoded SSL certificate for *.ycombinator.com is 1,755 characters.
Maybe there are a few savants in the world who are capable of memorizing that,
but for the overwhelming majority of human beings, it's never going to happen.

~~~
growse
Point is, it's information. It's very easily copied. The whole point of
'something you have' is that it's not just data, but something more than that.

