Let’s understand HYDRO Raindrop 2FA!

HYDRO プロダクツ 解説

Let’s understand HYDRO Raindrop 2FA! Hello, this is Norihiro. There is a video on HYDRO’s Youtube channel that explains each project. Very cute, easy to understand so I tried to translate Japanese.
Actually I wanted to make it a subtitle … I seem to need permission from the channel operator (Hydro operated), so I abandoned this time. Since I started to negotiate with management, so hopefully it may be introduced as a movie with subtitles next time.

Compare HYDRO Raindrop 2FA and Goolge certification

①HYDRO Raindrop 2FA animation

②Try HydroAPP 2FA


①HYDRO Raindrop 2FA animation

original movie is here.




















Did you see the difference between Google 2FA and Hydro 2FA?
As a big difference, it is Google: smart tablet Hydro: WEB site that issues the authentication code. I feel that convenience is somewhat inferior, but do I win in safety? Also, even if the authentication application is lost due to lost smartphone etc., it is wonderful that HydroAPP can return with seed words.

②Try Hydro2FA

I actually try HYDRO Raindrop 2FA while conscious of this flow. Currently it is only HYDRO’s HP (Developer Login) that you can use HYDRO 2FA. We will add features that allow us to use 2FA after all.
As advance preparations, (1) HYDRO APP download & acquisition of HydroID + ② Merad registration & password setting + official HP registration + links ① and ② are necessary, but this time will be omitted. I will report it in another article.

1① It is the official HP login screen of HYDROGEN. Enter the registered E-mail and Password and make “LOG IN”.

② If successful, a 6 digit code for input to Hydro Mobile APP appears. This time it is “121212”.

③ Go to the HYDRO application. As the input screen for login opens, enter “121212” as above and press “Continue”.

④ If you can confirm the transmission by the application, return to HP and press “Authenticate”. This completes 2FA login.

In Google Authentication, the application issues code. Usually, hackers seem to use phishing sites in many cases. Since it is made to be able to log in regardless of whether the password or the authentication code is appropriate or not, it will be hard to make a judgment other than checking whether the site is genuine (checking by URL etc.).

On HYDRO authentication, on the other hand, there is a premise that the site issues codes first. In order for a hacker to log in fraudulently it has to break through the next problem.
① Site authentication code prediction
(2) Decryption of cryptographic communication to the site handed off after code input by application
③ Verification work on site

Even with this alone, HYDRO certification is more secure than GOOGLE certification. After that, how much site the HYDRO 2FA certification is used will be the key to success.

What did you think. Although I was running short, I will introduce the video of the HYDRO YOUTUBE channel in the future. I wish I could have subtitles next time. If there is a mistake etc, it would be greatly appreciated.