Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Deprecating the Password: An Alternative Approach to Authentication using Email Only

Bf962f059393fdaffe5c81fb17d765d8?s=47 M O T
April 26, 2014

Deprecating the Password: An Alternative Approach to Authentication using Email Only

We should be evaluating whether the traditional username and password is the best form of authentication. I think there is a better way. I've open sourced something called Handshake.js that implements an email only authentication mechanism.

Bf962f059393fdaffe5c81fb17d765d8?s=128

M O T

April 26, 2014
Tweet

Transcript

  1. @scottmotte Thursday, March 27, 14

  2. Thursday, March 27, 14

  3. Passwords suck. Thursday, March 27, 14

  4. Hard to remember Thursday, March 27, 14

  5. Password re-use encouraged Thursday, March 27, 14

  6. Never expire Thursday, March 27, 14

  7. Typing long passwords suck Thursday, March 27, 14

  8. Two-factor auth the solution? Thursday, March 27, 14

  9. How 2 factor auth works Thursday, March 27, 14

  10. Hard to remember Thursday, March 27, 14

  11. Password re-use encouraged Thursday, March 27, 14

  12. Built in expiration Thursday, March 27, 14

  13. Typing long passwords suck Thursday, March 27, 14

  14. New: Delay waiting for short code Thursday, March 27, 14

  15. New: Hard to setup Thursday, March 27, 14

  16. The password is the problem Thursday, March 27, 14

  17. Thursday, March 27, 14

  18. Handshake.js Thursday, March 27, 14

  19. Thursday, March 27, 14

  20. Thursday, March 27, 14

  21. Thursday, March 27, 14

  22. Done. Logged in. Thursday, March 27, 14

  23. Nothing to remember Thursday, March 27, 14

  24. Zero chance to re-use a password Thursday, March 27, 14

  25. Built in expiration Thursday, March 27, 14

  26. No typing long passwords Thursday, March 27, 14

  27. Delay waiting for short code Thursday, March 27, 14

  28. Easy to setup Thursday, March 27, 14

  29. In Addition • Open Source • Adding new delivery methods

    - like SMS and Phone Thursday, March 27, 14
  30. Applications • Sites you rarely login to: DMV, Student loan

    site • Sites that are mobile based and you don’t want to type a long password • Sites where you want to get the user up and running quicker - not really a ‘signup’ process - just email. Thursday, March 27, 14
  31. Resources • https://github.com/handshakejs • https://github.com/handshakejs/handshakejs- script • https://github.com/handshakejs/handshakejs- api Thursday,

    March 27, 14
  32. @scottmotte Follow me on Twitter at Thursday, March 27, 14