How Authy Built A Fault-Tolerant Two-Factor Authentication Service

Hi Daniel from Authy here. I helped with the design of this infrastructure last year and I was a little shocked we weren&#x27;t able to do automatic fail-over with PostgreSQL.<p>I&#x27;d be interested to know if anyone here is running a Postgres pool that handles automatic fail-over how are you doing it? Specifically which watch-dog are you using, how are they handling slave to master promotion, how do you add more slaves automatically and how do you load-balance.

Just my $0.02:<p>OpenVPN has a built-in 2-factor authentication based on the X509 certificates: you need to have a valid certificate together with a valid password to connect to the VPN service. SMS&#x2F;phone based authentication does not add another factor since it is also a &quot;what you have&quot; type of authentication (i.e. your laptop can be stolen in exactly the same time as your phone is stolen). Of course, X509 certificates work the best in the enterprise environment but that&#x27;s the OpenVPN target market anyway.