Taking the pain out of signing users in

Transcript

1. François Marier – @fmarier Taking the pain out of signing

   users in

2. passwords

3. problem #1: passwords are hard to secure

4. None
5. None
6. None
7. None
8. None
9. None
10. None
11. None
12. None

13. bcrypt / scrypt / pbkdf2 per-user salt site secret password

    & lockout policies secure recovery

14. bcrypt / scrypt / pbkdf2 per-user salt site secret password

    & lockout policies secure recovery

15. bcrypt / scrypt / pbkdf2 per-user salt site secret password

    & lockout policies secure recovery

16. bcrypt / scrypt / pbkdf2 per-user salt site secret password

    & lockout policies secure recovery

17. bcrypt / scrypt / pbkdf2 per-user salt site secret password

    & lockout policies secure recovery

18. bcrypt / scrypt / pbkdf2 per-user salt site secret password

    & lockout policies secure recovery 2013 2013 password password guidelines guidelines

19. passwords are hard to secure they are a liability

20. ALTER TABLE user DROP COLUMN password;

21. problem #2: passwords are hard to remember

22. None
23. None

24. pick an easy password

25. use it everywhere

26. passwords are hard to remember they need to be reset

27. None

28. control email account control all accounts =

29. None

30. “People want a little dating before marriage.” Eric Vishria –

    Rockmelt
31. None

32. decentralised

33. myid.com/u/francois

34. None
35. None

36. existing login systems are not good enough

37. ideal web-wide identity system

38. • decentralised simple cross-browser ideal web-wide identity system

39. • decentralised • simple cross-browser ideal web-wide identity system

40. • decentralised • simple • cross-browser ideal web-wide identity system

41. what if it were a standard part of the web

    browser?
42. None

43. how does it work?

44. [email protected]

45. demo #1: http://www.voo.st/ [email protected]

46. Persona is already a decentralised system

47. decentralisation is the answer, but it's not a product adoption

    strategy

48. we can't wait for all domains to adopt Persona

49. we can't wait for all domains to adopt Persona solution:

    a temporary centralised fallback

50. demo #2: http://sloblog.io/ [email protected]

51. Persona already works with all email domains

52. identity bridging

53. demo #3: http://www.reasonwell.com/ [email protected]

54. None
55. None
56. None
57. None

58. >= 8

59. Persona is decentralized, simple and cross-browser

60. it's simple for users, but is it also simple for

    developers?
61. None

62. <script src=”https://login.persona.org/include.js”> </script> </body></html>

63. navigator.id.watch({ loggedInUser: null, onlogin: function (assertion) { $.post('/login', {assertion: assertion},

    function (data) { window.location = '/home'; } ); }, onlogout: function () { window.location = '/logout'; } });

64. navigator.id.watch({ loggedInUser: "[email protected]" onlogin: function (assertion) { $.post('/login', {assertion: assertion},

    function (data) { window.location = '/home'; } ); }, onlogout: function () { window.location = '/logout'; } });

65. navigator.id.watch({ loggedInUser: null onlogin: function (assertion) { $.post('/login', {assertion: assertion},

    function (data) { window.location = '/home'; } ); }, onlogout: function () { window.location = '/logout'; } });

66. navigator.id.watch({ loggedInUser: null, onlogin: function (assertion) { $.post('/login', {assertion: assertion},

    function (data) { window.location = '/home'; } ); } onlogout: function () { window.location = '/logout'; } });

67. navigator.id.watch({ loggedInUser: null, onlogin: function (assertion) { $.post('/login', {assertion: assertion},

    function (data) { window.location = '/home'; } ); }, onlogout: function () { window.location = '/logout'; } });
68. None

69. navigator.id.request()

70. None
71. None
72. None

73. navigator.id.watch({ loggedInUser: null, onlogin: function (assertion) { $.post('/login', {assertion: assertion},

    function (data) { window.location = '/home'; } ); }, onlogout: function () { window.location = '/logout'; } });

74. navigator.id.watch({ loggedInUser: null, onlogin: function (assertion) { $.post('/login', {assertion: assertion},

    function (data) { window.location = '/home'; } ); }, onlogout: function () { window.location = '/logout'; } });

75. def verify_assertion(assertion): page = requests.post( 'https://verifier.login.persona.org/verify', data={ "assertion": assertion, "audience":

    'http://123done.org'} ) data = page.json return data.status == 'okay'

76. def verify_assertion(assertion): page = requests.post( 'https://verifier.login.persona.org/verify', data={ "assertion": assertion, "audience":

    'http://123done.org'} ) data = page.json return data.status == 'okay'

77. def verify_assertion(assertion): page = requests.post( 'https://verifier.login.persona.org/verify', data={ "assertion": assertion, "audience":

    'http://123done.org'} ) data = page.json return data.status == 'okay'

78. { status: “okay”, audience: “http://123done.org”, expires: 1344849682560, email: “[email protected]”, issuer:

    “login.persona.org” }

79. { status: “failed”, reason: “assertion has expired” }

80. None
81. None

82. navigator.id.logout()

83. navigator.id.watch({ loggedInUser: null, onlogin: function (assertion) { $.post('/login', {assertion: assertion},

    function (data) { window.location = '/home'; } ); }, onlogout: function () { window.location = '/logout'; } });
84. None

85. 1. load javascript library 2. setup login & logout callbacks

    3. add login and logout buttons 4. verify proof of ownership

86. 1. load javascript library 2. setup login & logout callbacks

    3. add login and logout buttons 4. verify proof of ownership

87. 1. load javascript library 2. setup login & logout callbacks

    3. add login and logout buttons 4. verify proof of ownership

88. 1. load javascript library 2. setup login & logout callbacks

    3. add login and logout buttons 4. verify proof of ownership

89. you can add support for Persona in four easy steps

90. one simple request

91. None

92. building a new site: default to Persona

93. working on an existing site/app: add support for Persona

94. To learn more about Persona: https://login.persona.org/ http://identity.mozilla.com/ https://developer.mozilla.org/docs/Persona/Quick_Setup https://github.com/mozilla/browserid-cookbook https://developer.mozilla.org/docs/Persona/Libraries_and_plugins

    http://123done.org/ https://wiki.mozilla.org/Identity#Get_Involved @fmarier

95. © 2013 François Marier <[email protected]> This work is licensed under

    a Creative Commons Attribution-ShareAlike 3.0 New Zealand License. Hotel doorman: https://secure.flickr.com/photos/wildlife_encounters/8024166802/ Top 500 passwords: http://xato.net/passwords/more-top-worst-passwords/ Parchment: https://secure.flickr.com/photos/27613359@N03/6750396225/ Uncle Sam: https://secure.flickr.com/photos/donkeyhotey/5666065982/ Restaurant dinner: https://secure.flickr.com/photos/yourdon/3977084094/ Stop sign: https://secure.flickr.com/photos/artbystevejohnson/6673406227/ Photo credits: