Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Death to Passwords

Cristiano Betta
November 24, 2014
Technology
1
47

Death to Passwords

Cristiano Betta

November 24, 2014
Tweet

More Decks by Cristiano Betta

See All by Cristiano Betta
Docs as Engineering - DevRelCon London 2019
cbetta
0
130
DevRelCon London 2019 - Developer Experience Workshop
cbetta
0
97
DevRelCon London 2019 - Developer Experience Workshop
cbetta
0
140
The 7 Deadly Sins of Developer Experience (DevRelCon Tokyo)
cbetta
0
3.8k
The State of Encryption
cbetta
0
260
Developer Experience Workshop
cbetta
1
500
The 7 Deadly Sins of Developer Onboarding
cbetta
0
170
A brick by brick guide to developer experience
cbetta
2
530
Hackathons Workshop
cbetta
0
210

Other Decks in Technology

See All in Technology
Postman v10リリース後を振り返る / Looking back at Postman v10 after release
yokawasa
1
150
Cracking the KubeCon CfP
inductor
2
170
Meta Quest 3 で動く桜マシマシ WebXR アプリを IBM Cloud Code Engine と Babylon.js で作った話
1ftseabass
PRO
0
120
チームでロジカルシンキングに改めて向き合っている話 〜学習環境と実践⽅法〜
sansantech
PRO
0
210
プロトタイピングによる不確実性の低減 / Reducing Uncertainty through Prototyping
ohbarye
5
370
JSON攻略法.pdf
miyakemito
8
4.5k
WebアプリケーションにおけるPDOの使い方入門 / phpcon odawara 2024
meihei3
2
440
私が trocco を推す理由
__allllllllez__
1
190
SIEMを用いて、セキュリティログ分析の可視化と分析を実現し、PDCAサイクルを回してみた
coconala_engineer
0
270
FrontDoorとWebAppsを組み合わせた際のリダイレクト処理の注意点
kenichirokimura
1
450
Tableau事例紹介 / Tableau Case Study of Eureka
kazuya_araki_tokyo
1
180
コードを書く隙間を見つけて生きていく技術/Findy 思考の現在地
fujiwara3
27
5.7k

Featured

See All Featured
Ruby is Unlike a Banana
tanoku
96
10k
Designing the Hi-DPI Web
ddemaree
276
33k
The Mythical Team-Month
searls
215
42k
CSS Pre-Processors: Stylus, Less & Sass
bermonpainter
352
28k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
24
2.3k
Mobile First: as difficult as doing things right
swwweet
216
8.6k
Rails Girls Zürich Keynote
gr2m
91
13k
Done Done
chrislema
178
15k
Building Flexible Design Systems
yeseniaperezcruz
318
37k
Imperfection Machines: The Place of Print at Facebook
scottboms
259
12k
Typedesign – Prime Four
hannesfritz
36
2.1k
The Brand Is Dead. Long Live the Brand.
mthomps
48
28k

Transcript

  1. None

  2. Death to Passwords

  3. Death to Passwords Cristiano Betta Developer Advocate

  4. Death to Passwords Cristiano Betta Developer Advocate

  5. Death to Passwords Cristiano Betta Developer Advocate @cbetta | @braintree_dev

  6. Braintree_Dev. @cbetta | @braintree_dev WHERE I LIVE

  7. Braintree_Dev. @cbetta | @braintree_dev WHERE I USED TO LIVE

  8. Braintree_Dev. @cbetta | @braintree_dev

  9. Braintree_Dev. @cbetta | @braintree_dev That’s me

  10. Braintree_Dev. @cbetta | @braintree_dev

  11. Braintree_Dev. @cbetta | @braintree_dev

  12. Braintree_Dev. @cbetta | @braintree_dev

  13. Braintree_Dev. @cbetta | @braintree_dev >Death to Passwords_

  14. Braintree_Dev. @cbetta | @braintree_dev

  15. Braintree_Dev. @cbetta | @braintree_dev

  16. Braintree_Dev. @cbetta | @braintree_dev >The 3 key problems_

  17. Braintree_Dev. @cbetta | @braintree_dev The top 1000 most used passwords

    of 2012 wiki.skullsecurity.org/Passwords

  18. Braintree_Dev. @cbetta | @braintree_dev The top 1000 most leaked passwords

    of 2012 wiki.skullsecurity.org/Passwords

  19. Braintree_Dev. @cbetta | @braintree_dev 4.7% OF ALL LEAKED PASSWORDS ARE

  20. Braintree_Dev. @cbetta | @braintree_dev 4.7% OF ALL LEAKED PASSWORDS ARE

    PASSWORD

  21. Braintree_Dev. @cbetta | @braintree_dev

  22. Braintree_Dev. @cbetta | @braintree_dev 8.5% OF ALL LEAKED PASSWORDS ARE

  23. Braintree_Dev. @cbetta | @braintree_dev 8.5% OF ALL LEAKED PASSWORDS ARE

    PASSWORD or 123456

  24. Braintree_Dev. @cbetta | @braintree_dev 4.7% OF ALL LEAKED PASSWORDS ARE

  25. Braintree_Dev. @cbetta | @braintree_dev 4.7% OF ALL LEAKED PASSWORDS ARE

    PASSWORD or 123456 or 12345678

  26. Braintree_Dev. @cbetta | @braintree_dev ... and it doesn’t even stop

    there
 
 14% have a password from the top 10
 40% have a password from the top 100
 79% have a password from the top 500
 91% have a password from the top 1000


  27. Braintree_Dev. @cbetta | @braintree_dev abstrusegoose.com/296

  28. Braintree_Dev. @cbetta | @braintree_dev A brief analysis of the situation

    in 2013 cbsn.ws/1siTPGH

  29. Braintree_Dev. @cbetta | @braintree_dev 1. 123456 2. password 3. 12345678

    4. qwerty 5. abc123 6. 123456789 7. 111111 8. 1234567 9. iloveyou 10. adobe123 11. 123123 12. admin 13. 1234567890 14. letmein 15. photoshop 16. 1234 17. monkey 18. shadow 19. sunshine 20. 12345

  30. Braintree_Dev. @cbetta | @braintree_dev 1. 123456 up 1 2. password

    down 1 3. 12345678 4. qwerty up 1 5. abc123 down 1 6. 123456789 new 7. 111111 up 2 8. 1234567 up 5 9. iloveyou up 2 10. adobe123 new 11. 123123 up 5 12. admin new 13. 1234567890 new 14. letmein down 7 15. photoshop new 16. 1234 new 17. monkey down 11 18. shadow 19. sunshine down 5 20. 12345 new

  31. Braintree_Dev. @cbetta | @braintree_dev 11. 123123 up 5 12. admin

    new 13. 1234567890 new 14. letmein down 7 15. photoshop new 16. 1234 new 17. monkey down 11 18. shadow 19. sunshine down 5 20. 12345 new 1. 123456 up 1 2. password down 1 3. 12345678 4. qwerty up 1 5. abc123 down 1 6. 123456789 new 7. 111111 up 2 8. 1234567 up 5 9. iloveyou up 2 10. adobe123 new

  32. Braintree_Dev. @cbetta | @braintree_dev 11. 123123 up 5 12. admin

    new 13. 1234567890 new 14. letmein down 7 15. photoshop new 16. 1234 new 17. monkey down 11 18. shadow 19. sunshine down 5 20. 12345 new 1. 123456 up 1 2. password down 1 3. 12345678 4. qwerty up 1 5. abc123 down 1 6. 123456789 new 7. 111111 up 2 8. 1234567 up 5 9. iloveyou up 2 10. adobe123 new

  33. Braintree_Dev. @cbetta | @braintree_dev 11. 123123 up 5 12. admin

    new 13. 1234567890 new 14. letmein down 7 15. photoshop new 16. 1234 new 17. monkey down 11 18. shadow 19. sunshine down 5 20. 12345 new 1. 123456 up 1 2. password down 1 3. 12345678 4. qwerty up 1 5. abc123 down 1 6. 123456789 new 7. 111111 up 2 8. 1234567 up 5 9. iloveyou up 2 10. adobe123 new

  34. Braintree_Dev. @cbetta | @braintree_dev

  35. Braintree_Dev. @cbetta | @braintree_dev

  36. Braintree_Dev. @cbetta | @braintree_dev

  37. Braintree_Dev. @cbetta | @braintree_dev

  38. Braintree_Dev. @cbetta | @braintree_dev

  39. Braintree_Dev. @cbetta | @braintree_dev

  40. Braintree_Dev. @cbetta | @braintree_dev “FAVOR SECURITY TOO MUCH OVER THE

    EXPERIENCE AND YOU’LL MAKE THE WEBSITE A PAIN TO USE.” smashingmagazine.com /2012/10/26/password-masking-hurt-signup-form

  41. Braintree_Dev. @cbetta | @braintree_dev vs

  42. Braintree_Dev. @cbetta | @braintree_dev

  43. Braintree_Dev. @SeraAndroid / @PayPalDev People forget passwords… 45% admit to

    leaving a website instead of re- setting their password or answering security questions - Blue Inc. 2011

  44. Braintree_Dev. @cbetta | @braintree_dev Let’s admit it...
 Passwords really suck!

  45. Braintree_Dev. @SeraAndroid / @PayPalDev People hate to register Out of

    657 surveyed users 66% think that social sign-in is a desirable alternative. - Blue Inc. 2011

  46. Braintree_Dev. @cbetta | @braintree_dev Let’s admit it...
 Passwords really, really

    suck!

  47. Braintree_Dev. @cbetta | @braintree_dev “Braintree Says Goodbye to Passwords With

    One Touch Payments for PayPal and Venmo, and Hello to Bitcoin” braintreepayments.com /blog/goodbye-passwords-one-touch-hello-bitcoin

  48. Braintree_Dev. @cbetta | @braintree_dev Merchant app PayPal app Merchant app

  49. Braintree_Dev. @cbetta | @braintree_dev  Merchant app PayPal app Merchant

    app

  50. Braintree_Dev. @cbetta | @braintree_dev  Merchant app PayPal app Merchant

    app

  51. Braintree_Dev. @cbetta | @braintree_dev  Merchant app PayPal app Merchant

    app

  52. Braintree_Dev. @cbetta | @braintree_dev > Continue? (Y/n) _

  53. Braintree_Dev. @cbetta | @braintree_dev Multi-Factor Authentication en.wikipedia.org /wiki/Multi-factor_authentication

  54. Braintree_Dev. @cbetta | @braintree_dev KNOWLEDGE FACTOR

  55. Braintree_Dev. @cbetta | @braintree_dev INHERENCE FACTOR

  56. Braintree_Dev. @cbetta | @braintree_dev POSSESSION FACTOR

  57. Braintree_Dev. @cbetta | @braintree_dev 2-Factor Authentication twofactorauth.org

  58. Braintree_Dev. @cbetta | @braintree_dev twofactorauth.org

  59. Braintree_Dev. @cbetta | @braintree_dev Passwordless Authentication medium.com /@ninjudd/passwords-are-obsolete-9ed56d483eb

  60. Braintree_Dev. @cbetta | @braintree_dev

  61. Braintree_Dev. @cbetta | @braintree_dev

  62. Braintree_Dev. @cbetta | @braintree_dev

  63. Braintree_Dev. @cbetta | @braintree_dev

  64. Braintree_Dev. @cbetta | @braintree_dev

  65. fidoalliance.org

  66. Braintree_Dev. @cbetta | @braintree_dev

  67. Braintree_Dev. @cbetta | @braintree_dev

  68. Braintree_Dev. @cbetta | @braintree_dev

  69. Braintree_Dev. @cbetta | @braintree_dev

  70. Braintree_Dev. @cbetta | @braintree_dev

  71. Braintree_Dev. @cbetta | @braintree_dev > Exit? (Y/n) _

  72. Braintree_Dev. @cbetta | @braintree_dev Authorization & Authentication stackoverflow.com /questions/6367865/is-there-a-difference- between-authentication-and-authorization

  73. Braintree_Dev. @cbetta | @braintree_dev Google Facebook Twitter

  74. Braintree_Dev. @cbetta | @braintree_dev

  75. Braintree_Dev. @cbetta | @braintree_dev

  76. None
  77. None
  78. None

  79. Braintree_Dev. @cbetta | @braintree_dev

  80. Braintree_Dev. @cbetta | @braintree_dev • Passwords are awesome

  81. Braintree_Dev. @cbetta | @braintree_dev • Passwords are awesome • But

    people+passwords suck

  82. Braintree_Dev. @cbetta | @braintree_dev • Passwords are awesome • But

    people+passwords suck • We need something you have, know and/or are

  83. Braintree_Dev. @cbetta | @braintree_dev • Passwords are awesome • But

    people+passwords suck • We need something you have, know and/or are • Wearable tech opens up a new world of possibilities

  84. Braintree_Dev. @cbetta | @braintree_dev • Passwords are awesome • But

    people+passwords suck • We need something you have, know and/or are • Wearable tech opens up a new world of possibilities • Don’t re-invent the wheel

  85. Braintree_Dev. @cbetta | @braintree_dev • Passwords are awesome • But

    people+passwords suck • We need something you have, know and/or are • Wearable tech opens up a new world of possibilities • Don’t re-invent the wheel • FIDO

  86. Braintree_Dev. @cbetta | @braintree_dev • Passwords are awesome • But

    people+passwords suck • We need something you have, know and/or are • Wearable tech opens up a new world of possibilities • Don’t re-invent the wheel • FIDO • Third party auth

  87. Braintree_Dev. @cbetta | @braintree_dev

  88. THANK YOU Cristiano Betta Developer Advocate @cbetta | @braintree_dev [email protected]

    braintreepayments.com