Death to Passwords

Death to Passwords

E0ee803f10db4d5fb85f8288a421850b?s=128

Cristiano Betta

November 24, 2014
Tweet

Transcript

  1. None
  2. Death to Passwords

  3. Death to Passwords Cristiano Betta Developer Advocate

  4. Death to Passwords Cristiano Betta Developer Advocate

  5. Death to Passwords Cristiano Betta Developer Advocate @cbetta | @braintree_dev

  6. Braintree_Dev. @cbetta | @braintree_dev WHERE I LIVE

  7. Braintree_Dev. @cbetta | @braintree_dev WHERE I USED TO LIVE

  8. Braintree_Dev. @cbetta | @braintree_dev

  9. Braintree_Dev. @cbetta | @braintree_dev That’s me

  10. Braintree_Dev. @cbetta | @braintree_dev

  11. Braintree_Dev. @cbetta | @braintree_dev

  12. Braintree_Dev. @cbetta | @braintree_dev

  13. Braintree_Dev. @cbetta | @braintree_dev >Death to Passwords_

  14. Braintree_Dev. @cbetta | @braintree_dev

  15. Braintree_Dev. @cbetta | @braintree_dev

  16. Braintree_Dev. @cbetta | @braintree_dev >The 3 key problems_

  17. Braintree_Dev. @cbetta | @braintree_dev The top 1000 most used passwords

    of 2012 wiki.skullsecurity.org/Passwords
  18. Braintree_Dev. @cbetta | @braintree_dev The top 1000 most leaked passwords

    of 2012 wiki.skullsecurity.org/Passwords
  19. Braintree_Dev. @cbetta | @braintree_dev 4.7% OF ALL LEAKED PASSWORDS ARE

  20. Braintree_Dev. @cbetta | @braintree_dev 4.7% OF ALL LEAKED PASSWORDS ARE

    PASSWORD
  21. Braintree_Dev. @cbetta | @braintree_dev

  22. Braintree_Dev. @cbetta | @braintree_dev 8.5% OF ALL LEAKED PASSWORDS ARE

  23. Braintree_Dev. @cbetta | @braintree_dev 8.5% OF ALL LEAKED PASSWORDS ARE

    PASSWORD or 123456
  24. Braintree_Dev. @cbetta | @braintree_dev 4.7% OF ALL LEAKED PASSWORDS ARE

  25. Braintree_Dev. @cbetta | @braintree_dev 4.7% OF ALL LEAKED PASSWORDS ARE

    PASSWORD or 123456 or 12345678
  26. Braintree_Dev. @cbetta | @braintree_dev ... and it doesn’t even stop

    there
 
 14% have a password from the top 10
 40% have a password from the top 100
 79% have a password from the top 500
 91% have a password from the top 1000

  27. Braintree_Dev. @cbetta | @braintree_dev abstrusegoose.com/296

  28. Braintree_Dev. @cbetta | @braintree_dev A brief analysis of the situation

    in 2013 cbsn.ws/1siTPGH
  29. Braintree_Dev. @cbetta | @braintree_dev 1. 123456 2. password 3. 12345678

    4. qwerty 5. abc123 6. 123456789 7. 111111 8. 1234567 9. iloveyou 10. adobe123 11. 123123 12. admin 13. 1234567890 14. letmein 15. photoshop 16. 1234 17. monkey 18. shadow 19. sunshine 20. 12345
  30. Braintree_Dev. @cbetta | @braintree_dev 1. 123456 up 1 2. password

    down 1 3. 12345678 4. qwerty up 1 5. abc123 down 1 6. 123456789 new 7. 111111 up 2 8. 1234567 up 5 9. iloveyou up 2 10. adobe123 new 11. 123123 up 5 12. admin new 13. 1234567890 new 14. letmein down 7 15. photoshop new 16. 1234 new 17. monkey down 11 18. shadow 19. sunshine down 5 20. 12345 new
  31. Braintree_Dev. @cbetta | @braintree_dev 11. 123123 up 5 12. admin

    new 13. 1234567890 new 14. letmein down 7 15. photoshop new 16. 1234 new 17. monkey down 11 18. shadow 19. sunshine down 5 20. 12345 new 1. 123456 up 1 2. password down 1 3. 12345678 4. qwerty up 1 5. abc123 down 1 6. 123456789 new 7. 111111 up 2 8. 1234567 up 5 9. iloveyou up 2 10. adobe123 new
  32. Braintree_Dev. @cbetta | @braintree_dev 11. 123123 up 5 12. admin

    new 13. 1234567890 new 14. letmein down 7 15. photoshop new 16. 1234 new 17. monkey down 11 18. shadow 19. sunshine down 5 20. 12345 new 1. 123456 up 1 2. password down 1 3. 12345678 4. qwerty up 1 5. abc123 down 1 6. 123456789 new 7. 111111 up 2 8. 1234567 up 5 9. iloveyou up 2 10. adobe123 new
  33. Braintree_Dev. @cbetta | @braintree_dev 11. 123123 up 5 12. admin

    new 13. 1234567890 new 14. letmein down 7 15. photoshop new 16. 1234 new 17. monkey down 11 18. shadow 19. sunshine down 5 20. 12345 new 1. 123456 up 1 2. password down 1 3. 12345678 4. qwerty up 1 5. abc123 down 1 6. 123456789 new 7. 111111 up 2 8. 1234567 up 5 9. iloveyou up 2 10. adobe123 new
  34. Braintree_Dev. @cbetta | @braintree_dev

  35. Braintree_Dev. @cbetta | @braintree_dev

  36. Braintree_Dev. @cbetta | @braintree_dev

  37. Braintree_Dev. @cbetta | @braintree_dev

  38. Braintree_Dev. @cbetta | @braintree_dev

  39. Braintree_Dev. @cbetta | @braintree_dev

  40. Braintree_Dev. @cbetta | @braintree_dev “FAVOR SECURITY TOO MUCH OVER THE

    EXPERIENCE AND YOU’LL MAKE THE WEBSITE A PAIN TO USE.” smashingmagazine.com /2012/10/26/password-masking-hurt-signup-form
  41. Braintree_Dev. @cbetta | @braintree_dev vs

  42. Braintree_Dev. @cbetta | @braintree_dev

  43. Braintree_Dev. @SeraAndroid / @PayPalDev People forget passwords… 45% admit to

    leaving a website instead of re- setting their password or answering security questions - Blue Inc. 2011
  44. Braintree_Dev. @cbetta | @braintree_dev Let’s admit it...
 Passwords really suck!

  45. Braintree_Dev. @SeraAndroid / @PayPalDev People hate to register Out of

    657 surveyed users 66% think that social sign-in is a desirable alternative. - Blue Inc. 2011
  46. Braintree_Dev. @cbetta | @braintree_dev Let’s admit it...
 Passwords really, really

    suck!
  47. Braintree_Dev. @cbetta | @braintree_dev “Braintree Says Goodbye to Passwords With

    One Touch Payments for PayPal and Venmo, and Hello to Bitcoin” braintreepayments.com /blog/goodbye-passwords-one-touch-hello-bitcoin
  48. Braintree_Dev. @cbetta | @braintree_dev Merchant app PayPal app Merchant app

  49. Braintree_Dev. @cbetta | @braintree_dev  Merchant app PayPal app Merchant

    app
  50. Braintree_Dev. @cbetta | @braintree_dev  Merchant app PayPal app Merchant

    app
  51. Braintree_Dev. @cbetta | @braintree_dev  Merchant app PayPal app Merchant

    app
  52. Braintree_Dev. @cbetta | @braintree_dev > Continue? (Y/n) _

  53. Braintree_Dev. @cbetta | @braintree_dev Multi-Factor Authentication en.wikipedia.org /wiki/Multi-factor_authentication

  54. Braintree_Dev. @cbetta | @braintree_dev KNOWLEDGE FACTOR

  55. Braintree_Dev. @cbetta | @braintree_dev INHERENCE FACTOR

  56. Braintree_Dev. @cbetta | @braintree_dev POSSESSION FACTOR

  57. Braintree_Dev. @cbetta | @braintree_dev 2-Factor Authentication twofactorauth.org

  58. Braintree_Dev. @cbetta | @braintree_dev twofactorauth.org

  59. Braintree_Dev. @cbetta | @braintree_dev Passwordless Authentication medium.com /@ninjudd/passwords-are-obsolete-9ed56d483eb

  60. Braintree_Dev. @cbetta | @braintree_dev

  61. Braintree_Dev. @cbetta | @braintree_dev

  62. Braintree_Dev. @cbetta | @braintree_dev

  63. Braintree_Dev. @cbetta | @braintree_dev

  64. Braintree_Dev. @cbetta | @braintree_dev

  65. fidoalliance.org

  66. Braintree_Dev. @cbetta | @braintree_dev

  67. Braintree_Dev. @cbetta | @braintree_dev

  68. Braintree_Dev. @cbetta | @braintree_dev

  69. Braintree_Dev. @cbetta | @braintree_dev

  70. Braintree_Dev. @cbetta | @braintree_dev

  71. Braintree_Dev. @cbetta | @braintree_dev > Exit? (Y/n) _

  72. Braintree_Dev. @cbetta | @braintree_dev Authorization & Authentication stackoverflow.com /questions/6367865/is-there-a-difference- between-authentication-and-authorization

  73. Braintree_Dev. @cbetta | @braintree_dev Google Facebook Twitter

  74. Braintree_Dev. @cbetta | @braintree_dev

  75. Braintree_Dev. @cbetta | @braintree_dev

  76. None
  77. None
  78. None
  79. Braintree_Dev. @cbetta | @braintree_dev

  80. Braintree_Dev. @cbetta | @braintree_dev • Passwords are awesome

  81. Braintree_Dev. @cbetta | @braintree_dev • Passwords are awesome • But

    people+passwords suck
  82. Braintree_Dev. @cbetta | @braintree_dev • Passwords are awesome • But

    people+passwords suck • We need something you have, know and/or are
  83. Braintree_Dev. @cbetta | @braintree_dev • Passwords are awesome • But

    people+passwords suck • We need something you have, know and/or are • Wearable tech opens up a new world of possibilities
  84. Braintree_Dev. @cbetta | @braintree_dev • Passwords are awesome • But

    people+passwords suck • We need something you have, know and/or are • Wearable tech opens up a new world of possibilities • Don’t re-invent the wheel
  85. Braintree_Dev. @cbetta | @braintree_dev • Passwords are awesome • But

    people+passwords suck • We need something you have, know and/or are • Wearable tech opens up a new world of possibilities • Don’t re-invent the wheel • FIDO
  86. Braintree_Dev. @cbetta | @braintree_dev • Passwords are awesome • But

    people+passwords suck • We need something you have, know and/or are • Wearable tech opens up a new world of possibilities • Don’t re-invent the wheel • FIDO • Third party auth
  87. Braintree_Dev. @cbetta | @braintree_dev

  88. THANK YOU Cristiano Betta Developer Advocate @cbetta | @braintree_dev cbetta@braintreepayments.com

    braintreepayments.com