Slide 1

Slide 1 text

No content

Slide 2

Slide 2 text

Death to Passwords

Slide 3

Slide 3 text

Death to Passwords Cristiano Betta Developer Advocate

Slide 4

Slide 4 text

Death to Passwords Cristiano Betta Developer Advocate

Slide 5

Slide 5 text

Death to Passwords Cristiano Betta Developer Advocate @cbetta | @braintree_dev

Slide 6

Slide 6 text

Braintree_Dev. @cbetta | @braintree_dev WHERE I LIVE

Slide 7

Slide 7 text

Braintree_Dev. @cbetta | @braintree_dev WHERE I USED TO LIVE

Slide 8

Slide 8 text

Braintree_Dev. @cbetta | @braintree_dev

Slide 9

Slide 9 text

Braintree_Dev. @cbetta | @braintree_dev That’s me

Slide 10

Slide 10 text

Braintree_Dev. @cbetta | @braintree_dev

Slide 11

Slide 11 text

Braintree_Dev. @cbetta | @braintree_dev

Slide 12

Slide 12 text

Braintree_Dev. @cbetta | @braintree_dev

Slide 13

Slide 13 text

Braintree_Dev. @cbetta | @braintree_dev >Death to Passwords_

Slide 14

Slide 14 text

Braintree_Dev. @cbetta | @braintree_dev

Slide 15

Slide 15 text

Braintree_Dev. @cbetta | @braintree_dev

Slide 16

Slide 16 text

Braintree_Dev. @cbetta | @braintree_dev >The 3 key problems_

Slide 17

Slide 17 text

Braintree_Dev. @cbetta | @braintree_dev The top 1000 most used passwords of 2012 wiki.skullsecurity.org/Passwords

Slide 18

Slide 18 text

Braintree_Dev. @cbetta | @braintree_dev The top 1000 most leaked passwords of 2012 wiki.skullsecurity.org/Passwords

Slide 19

Slide 19 text

Braintree_Dev. @cbetta | @braintree_dev 4.7% OF ALL LEAKED PASSWORDS ARE

Slide 20

Slide 20 text

Braintree_Dev. @cbetta | @braintree_dev 4.7% OF ALL LEAKED PASSWORDS ARE PASSWORD

Slide 21

Slide 21 text

Braintree_Dev. @cbetta | @braintree_dev

Slide 22

Slide 22 text

Braintree_Dev. @cbetta | @braintree_dev 8.5% OF ALL LEAKED PASSWORDS ARE

Slide 23

Slide 23 text

Braintree_Dev. @cbetta | @braintree_dev 8.5% OF ALL LEAKED PASSWORDS ARE PASSWORD or 123456

Slide 24

Slide 24 text

Braintree_Dev. @cbetta | @braintree_dev 4.7% OF ALL LEAKED PASSWORDS ARE

Slide 25

Slide 25 text

Braintree_Dev. @cbetta | @braintree_dev 4.7% OF ALL LEAKED PASSWORDS ARE PASSWORD or 123456 or 12345678

Slide 26

Slide 26 text

Braintree_Dev. @cbetta | @braintree_dev ... and it doesn’t even stop there
 
 14% have a password from the top 10
 40% have a password from the top 100
 79% have a password from the top 500
 91% have a password from the top 1000


Slide 27

Slide 27 text

Braintree_Dev. @cbetta | @braintree_dev abstrusegoose.com/296

Slide 28

Slide 28 text

Braintree_Dev. @cbetta | @braintree_dev A brief analysis of the situation in 2013 cbsn.ws/1siTPGH

Slide 29

Slide 29 text

Braintree_Dev. @cbetta | @braintree_dev 1. 123456 2. password 3. 12345678 4. qwerty 5. abc123 6. 123456789 7. 111111 8. 1234567 9. iloveyou 10. adobe123 11. 123123 12. admin 13. 1234567890 14. letmein 15. photoshop 16. 1234 17. monkey 18. shadow 19. sunshine 20. 12345

Slide 30

Slide 30 text

Braintree_Dev. @cbetta | @braintree_dev 1. 123456 up 1 2. password down 1 3. 12345678 4. qwerty up 1 5. abc123 down 1 6. 123456789 new 7. 111111 up 2 8. 1234567 up 5 9. iloveyou up 2 10. adobe123 new 11. 123123 up 5 12. admin new 13. 1234567890 new 14. letmein down 7 15. photoshop new 16. 1234 new 17. monkey down 11 18. shadow 19. sunshine down 5 20. 12345 new

Slide 31

Slide 31 text

Braintree_Dev. @cbetta | @braintree_dev 11. 123123 up 5 12. admin new 13. 1234567890 new 14. letmein down 7 15. photoshop new 16. 1234 new 17. monkey down 11 18. shadow 19. sunshine down 5 20. 12345 new 1. 123456 up 1 2. password down 1 3. 12345678 4. qwerty up 1 5. abc123 down 1 6. 123456789 new 7. 111111 up 2 8. 1234567 up 5 9. iloveyou up 2 10. adobe123 new

Slide 32

Slide 32 text

Braintree_Dev. @cbetta | @braintree_dev 11. 123123 up 5 12. admin new 13. 1234567890 new 14. letmein down 7 15. photoshop new 16. 1234 new 17. monkey down 11 18. shadow 19. sunshine down 5 20. 12345 new 1. 123456 up 1 2. password down 1 3. 12345678 4. qwerty up 1 5. abc123 down 1 6. 123456789 new 7. 111111 up 2 8. 1234567 up 5 9. iloveyou up 2 10. adobe123 new

Slide 33

Slide 33 text

Braintree_Dev. @cbetta | @braintree_dev 11. 123123 up 5 12. admin new 13. 1234567890 new 14. letmein down 7 15. photoshop new 16. 1234 new 17. monkey down 11 18. shadow 19. sunshine down 5 20. 12345 new 1. 123456 up 1 2. password down 1 3. 12345678 4. qwerty up 1 5. abc123 down 1 6. 123456789 new 7. 111111 up 2 8. 1234567 up 5 9. iloveyou up 2 10. adobe123 new

Slide 34

Slide 34 text

Braintree_Dev. @cbetta | @braintree_dev

Slide 35

Slide 35 text

Braintree_Dev. @cbetta | @braintree_dev

Slide 36

Slide 36 text

Braintree_Dev. @cbetta | @braintree_dev

Slide 37

Slide 37 text

Braintree_Dev. @cbetta | @braintree_dev

Slide 38

Slide 38 text

Braintree_Dev. @cbetta | @braintree_dev

Slide 39

Slide 39 text

Braintree_Dev. @cbetta | @braintree_dev

Slide 40

Slide 40 text

Braintree_Dev. @cbetta | @braintree_dev “FAVOR SECURITY TOO MUCH OVER THE EXPERIENCE AND YOU’LL MAKE THE WEBSITE A PAIN TO USE.” smashingmagazine.com /2012/10/26/password-masking-hurt-signup-form

Slide 41

Slide 41 text

Braintree_Dev. @cbetta | @braintree_dev vs

Slide 42

Slide 42 text

Braintree_Dev. @cbetta | @braintree_dev

Slide 43

Slide 43 text

Braintree_Dev. @SeraAndroid / @PayPalDev People forget passwords… 45% admit to leaving a website instead of re- setting their password or answering security questions - Blue Inc. 2011

Slide 44

Slide 44 text

Braintree_Dev. @cbetta | @braintree_dev Let’s admit it...
 Passwords really suck!

Slide 45

Slide 45 text

Braintree_Dev. @SeraAndroid / @PayPalDev People hate to register Out of 657 surveyed users 66% think that social sign-in is a desirable alternative. - Blue Inc. 2011

Slide 46

Slide 46 text

Braintree_Dev. @cbetta | @braintree_dev Let’s admit it...
 Passwords really, really suck!

Slide 47

Slide 47 text

Braintree_Dev. @cbetta | @braintree_dev “Braintree Says Goodbye to Passwords With One Touch Payments for PayPal and Venmo, and Hello to Bitcoin” braintreepayments.com /blog/goodbye-passwords-one-touch-hello-bitcoin

Slide 48

Slide 48 text

Braintree_Dev. @cbetta | @braintree_dev Merchant app PayPal app Merchant app 

Slide 49

Slide 49 text

Braintree_Dev. @cbetta | @braintree_dev  Merchant app PayPal app Merchant app

Slide 50

Slide 50 text

Braintree_Dev. @cbetta | @braintree_dev  Merchant app PayPal app Merchant app

Slide 51

Slide 51 text

Braintree_Dev. @cbetta | @braintree_dev  Merchant app PayPal app Merchant app

Slide 52

Slide 52 text

Braintree_Dev. @cbetta | @braintree_dev > Continue? (Y/n) _

Slide 53

Slide 53 text

Braintree_Dev. @cbetta | @braintree_dev Multi-Factor Authentication en.wikipedia.org /wiki/Multi-factor_authentication

Slide 54

Slide 54 text

Braintree_Dev. @cbetta | @braintree_dev KNOWLEDGE FACTOR

Slide 55

Slide 55 text

Braintree_Dev. @cbetta | @braintree_dev INHERENCE FACTOR

Slide 56

Slide 56 text

Braintree_Dev. @cbetta | @braintree_dev POSSESSION FACTOR

Slide 57

Slide 57 text

Braintree_Dev. @cbetta | @braintree_dev 2-Factor Authentication twofactorauth.org

Slide 58

Slide 58 text

Braintree_Dev. @cbetta | @braintree_dev twofactorauth.org

Slide 59

Slide 59 text

Braintree_Dev. @cbetta | @braintree_dev Passwordless Authentication medium.com /@ninjudd/passwords-are-obsolete-9ed56d483eb

Slide 60

Slide 60 text

Braintree_Dev. @cbetta | @braintree_dev

Slide 61

Slide 61 text

Braintree_Dev. @cbetta | @braintree_dev

Slide 62

Slide 62 text

Braintree_Dev. @cbetta | @braintree_dev

Slide 63

Slide 63 text

Braintree_Dev. @cbetta | @braintree_dev

Slide 64

Slide 64 text

Braintree_Dev. @cbetta | @braintree_dev

Slide 65

Slide 65 text

fidoalliance.org

Slide 66

Slide 66 text

Braintree_Dev. @cbetta | @braintree_dev

Slide 67

Slide 67 text

Braintree_Dev. @cbetta | @braintree_dev

Slide 68

Slide 68 text

Braintree_Dev. @cbetta | @braintree_dev

Slide 69

Slide 69 text

Braintree_Dev. @cbetta | @braintree_dev

Slide 70

Slide 70 text

Braintree_Dev. @cbetta | @braintree_dev

Slide 71

Slide 71 text

Braintree_Dev. @cbetta | @braintree_dev > Exit? (Y/n) _

Slide 72

Slide 72 text

Braintree_Dev. @cbetta | @braintree_dev Authorization & Authentication stackoverflow.com /questions/6367865/is-there-a-difference- between-authentication-and-authorization

Slide 73

Slide 73 text

Braintree_Dev. @cbetta | @braintree_dev Google Facebook Twitter

Slide 74

Slide 74 text

Braintree_Dev. @cbetta | @braintree_dev

Slide 75

Slide 75 text

Braintree_Dev. @cbetta | @braintree_dev

Slide 76

Slide 76 text

No content

Slide 77

Slide 77 text

No content

Slide 78

Slide 78 text

No content

Slide 79

Slide 79 text

Braintree_Dev. @cbetta | @braintree_dev

Slide 80

Slide 80 text

Braintree_Dev. @cbetta | @braintree_dev • Passwords are awesome

Slide 81

Slide 81 text

Braintree_Dev. @cbetta | @braintree_dev • Passwords are awesome • But people+passwords suck

Slide 82

Slide 82 text

Braintree_Dev. @cbetta | @braintree_dev • Passwords are awesome • But people+passwords suck • We need something you have, know and/or are

Slide 83

Slide 83 text

Braintree_Dev. @cbetta | @braintree_dev • Passwords are awesome • But people+passwords suck • We need something you have, know and/or are • Wearable tech opens up a new world of possibilities

Slide 84

Slide 84 text

Braintree_Dev. @cbetta | @braintree_dev • Passwords are awesome • But people+passwords suck • We need something you have, know and/or are • Wearable tech opens up a new world of possibilities • Don’t re-invent the wheel

Slide 85

Slide 85 text

Braintree_Dev. @cbetta | @braintree_dev • Passwords are awesome • But people+passwords suck • We need something you have, know and/or are • Wearable tech opens up a new world of possibilities • Don’t re-invent the wheel • FIDO

Slide 86

Slide 86 text

Braintree_Dev. @cbetta | @braintree_dev • Passwords are awesome • But people+passwords suck • We need something you have, know and/or are • Wearable tech opens up a new world of possibilities • Don’t re-invent the wheel • FIDO • Third party auth

Slide 87

Slide 87 text

Braintree_Dev. @cbetta | @braintree_dev

Slide 88

Slide 88 text

THANK YOU Cristiano Betta Developer Advocate @cbetta | @braintree_dev [email protected] braintreepayments.com