Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Death to Passwords

Cristiano Betta
November 24, 2014
Technology
1
53

Death to Passwords

Cristiano Betta

November 24, 2014
Tweet

More Decks by Cristiano Betta

See All by Cristiano Betta
Docs as Engineering - DevRelCon London 2019
cbetta
0
130
DevRelCon London 2019 - Developer Experience Workshop
cbetta
0
120
DevRelCon London 2019 - Developer Experience Workshop
cbetta
0
210
The 7 Deadly Sins of Developer Experience (DevRelCon Tokyo)
cbetta
0
3.9k
The State of Encryption
cbetta
0
320
Developer Experience Workshop
cbetta
1
550
The 7 Deadly Sins of Developer Onboarding
cbetta
0
180
A brick by brick guide to developer experience
cbetta
2
590
Hackathons Workshop
cbetta
0
250

Other Decks in Technology

See All in Technology
End of Barrel Files: New Modularization Techniques with Sheriff
rainerhahnekamp
0
280
第23回Ques_タイミーにおけるQAチームの在り方 / QA Team in Timee
takeyaqa
0
180
Windows Autopilot Deployment by OSD Guy
tamaiyutaro
0
300
Datachain会社紹介資料(2024年11月) / Company Deck
datachain
4
17k
株式会社島津製作所_研究開発(集団協業と知的生産)の現場を支える、OSS知識基盤システムの導入
akahane92
1
170
DatabricksにおけるLLMOpsのベストプラクティス
taka_aki
4
1.6k
ISUCONに強くなるかもしれない日々の過ごしかた/Findy ISUCON 2024-11-14
fujiwara3
3
230
SREによる隣接領域への越境とその先の信頼性
shonansurvivors
1
340
信頼性に挑む中で拡張できる・得られる1人のスキルセットとは?
ken5scal
1
370
地理情報データをデータベースに格納しよう~ GPUを活用した爆速データベース PG-Stromの紹介 ~
sakaik
1
100
dev 補講: プロダクトセキュリティ / Product security overview
wa6sn
0
1.5k
スクラムチームを立ち上げる〜チーム開発で得られたもの・得られなかったもの〜
ohnoeight
1
280

Featured

See All Featured
What's new in Ruby 2.0
geeforr
343
31k
Six Lessons from altMBA
skipperchong
26
3.5k
Bootstrapping a Software Product
garrettdimon
PRO
305
110k
Automating Front-end Workflow
addyosmani
1366
200k
The World Runs on Bad Software
bkeepers
PRO
65
11k
Music & Morning Musume
bryan
46
6.2k
Fantastic passwords and where to find them - at NoRuKo
philnash
50
2.9k
Navigating Team Friction
lara
183
14k
Intergalactic Javascript Robots from Outer Space
tanoku
268
27k
VelocityConf: Rendering Performance Case Studies
addyosmani
325
24k
XXLCSS - How to scale CSS and keep your sanity
sugarenia
246
1.3M
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
131
33k

Transcript

  1. None

  2. Death to Passwords

  3. Death to Passwords Cristiano Betta Developer Advocate

  4. Death to Passwords Cristiano Betta Developer Advocate

  5. Death to Passwords Cristiano Betta Developer Advocate @cbetta | @braintree_dev

  6. Braintree_Dev. @cbetta | @braintree_dev WHERE I LIVE

  7. Braintree_Dev. @cbetta | @braintree_dev WHERE I USED TO LIVE

  8. Braintree_Dev. @cbetta | @braintree_dev

  9. Braintree_Dev. @cbetta | @braintree_dev That’s me

  10. Braintree_Dev. @cbetta | @braintree_dev

  11. Braintree_Dev. @cbetta | @braintree_dev

  12. Braintree_Dev. @cbetta | @braintree_dev

  13. Braintree_Dev. @cbetta | @braintree_dev >Death to Passwords_

  14. Braintree_Dev. @cbetta | @braintree_dev

  15. Braintree_Dev. @cbetta | @braintree_dev

  16. Braintree_Dev. @cbetta | @braintree_dev >The 3 key problems_

  17. Braintree_Dev. @cbetta | @braintree_dev The top 1000 most used passwords

    of 2012 wiki.skullsecurity.org/Passwords

  18. Braintree_Dev. @cbetta | @braintree_dev The top 1000 most leaked passwords

    of 2012 wiki.skullsecurity.org/Passwords

  19. Braintree_Dev. @cbetta | @braintree_dev 4.7% OF ALL LEAKED PASSWORDS ARE

  20. Braintree_Dev. @cbetta | @braintree_dev 4.7% OF ALL LEAKED PASSWORDS ARE

    PASSWORD

  21. Braintree_Dev. @cbetta | @braintree_dev

  22. Braintree_Dev. @cbetta | @braintree_dev 8.5% OF ALL LEAKED PASSWORDS ARE

  23. Braintree_Dev. @cbetta | @braintree_dev 8.5% OF ALL LEAKED PASSWORDS ARE

    PASSWORD or 123456

  24. Braintree_Dev. @cbetta | @braintree_dev 4.7% OF ALL LEAKED PASSWORDS ARE

  25. Braintree_Dev. @cbetta | @braintree_dev 4.7% OF ALL LEAKED PASSWORDS ARE

    PASSWORD or 123456 or 12345678

  26. Braintree_Dev. @cbetta | @braintree_dev ... and it doesn’t even stop

    there
 
 14% have a password from the top 10
 40% have a password from the top 100
 79% have a password from the top 500
 91% have a password from the top 1000


  27. Braintree_Dev. @cbetta | @braintree_dev abstrusegoose.com/296

  28. Braintree_Dev. @cbetta | @braintree_dev A brief analysis of the situation

    in 2013 cbsn.ws/1siTPGH

  29. Braintree_Dev. @cbetta | @braintree_dev 1. 123456 2. password 3. 12345678

    4. qwerty 5. abc123 6. 123456789 7. 111111 8. 1234567 9. iloveyou 10. adobe123 11. 123123 12. admin 13. 1234567890 14. letmein 15. photoshop 16. 1234 17. monkey 18. shadow 19. sunshine 20. 12345

  30. Braintree_Dev. @cbetta | @braintree_dev 1. 123456 up 1 2. password

    down 1 3. 12345678 4. qwerty up 1 5. abc123 down 1 6. 123456789 new 7. 111111 up 2 8. 1234567 up 5 9. iloveyou up 2 10. adobe123 new 11. 123123 up 5 12. admin new 13. 1234567890 new 14. letmein down 7 15. photoshop new 16. 1234 new 17. monkey down 11 18. shadow 19. sunshine down 5 20. 12345 new

  31. Braintree_Dev. @cbetta | @braintree_dev 11. 123123 up 5 12. admin

    new 13. 1234567890 new 14. letmein down 7 15. photoshop new 16. 1234 new 17. monkey down 11 18. shadow 19. sunshine down 5 20. 12345 new 1. 123456 up 1 2. password down 1 3. 12345678 4. qwerty up 1 5. abc123 down 1 6. 123456789 new 7. 111111 up 2 8. 1234567 up 5 9. iloveyou up 2 10. adobe123 new

  32. Braintree_Dev. @cbetta | @braintree_dev 11. 123123 up 5 12. admin

    new 13. 1234567890 new 14. letmein down 7 15. photoshop new 16. 1234 new 17. monkey down 11 18. shadow 19. sunshine down 5 20. 12345 new 1. 123456 up 1 2. password down 1 3. 12345678 4. qwerty up 1 5. abc123 down 1 6. 123456789 new 7. 111111 up 2 8. 1234567 up 5 9. iloveyou up 2 10. adobe123 new

  33. Braintree_Dev. @cbetta | @braintree_dev 11. 123123 up 5 12. admin

    new 13. 1234567890 new 14. letmein down 7 15. photoshop new 16. 1234 new 17. monkey down 11 18. shadow 19. sunshine down 5 20. 12345 new 1. 123456 up 1 2. password down 1 3. 12345678 4. qwerty up 1 5. abc123 down 1 6. 123456789 new 7. 111111 up 2 8. 1234567 up 5 9. iloveyou up 2 10. adobe123 new

  34. Braintree_Dev. @cbetta | @braintree_dev

  35. Braintree_Dev. @cbetta | @braintree_dev

  36. Braintree_Dev. @cbetta | @braintree_dev

  37. Braintree_Dev. @cbetta | @braintree_dev

  38. Braintree_Dev. @cbetta | @braintree_dev

  39. Braintree_Dev. @cbetta | @braintree_dev

  40. Braintree_Dev. @cbetta | @braintree_dev “FAVOR SECURITY TOO MUCH OVER THE

    EXPERIENCE AND YOU’LL MAKE THE WEBSITE A PAIN TO USE.” smashingmagazine.com /2012/10/26/password-masking-hurt-signup-form

  41. Braintree_Dev. @cbetta | @braintree_dev vs

  42. Braintree_Dev. @cbetta | @braintree_dev

  43. Braintree_Dev. @SeraAndroid / @PayPalDev People forget passwords… 45% admit to

    leaving a website instead of re- setting their password or answering security questions - Blue Inc. 2011

  44. Braintree_Dev. @cbetta | @braintree_dev Let’s admit it...
 Passwords really suck!

  45. Braintree_Dev. @SeraAndroid / @PayPalDev People hate to register Out of

    657 surveyed users 66% think that social sign-in is a desirable alternative. - Blue Inc. 2011

  46. Braintree_Dev. @cbetta | @braintree_dev Let’s admit it...
 Passwords really, really

    suck!

  47. Braintree_Dev. @cbetta | @braintree_dev “Braintree Says Goodbye to Passwords With

    One Touch Payments for PayPal and Venmo, and Hello to Bitcoin” braintreepayments.com /blog/goodbye-passwords-one-touch-hello-bitcoin

  48. Braintree_Dev. @cbetta | @braintree_dev Merchant app PayPal app Merchant app

  49. Braintree_Dev. @cbetta | @braintree_dev  Merchant app PayPal app Merchant

    app

  50. Braintree_Dev. @cbetta | @braintree_dev  Merchant app PayPal app Merchant

    app

  51. Braintree_Dev. @cbetta | @braintree_dev  Merchant app PayPal app Merchant

    app

  52. Braintree_Dev. @cbetta | @braintree_dev > Continue? (Y/n) _

  53. Braintree_Dev. @cbetta | @braintree_dev Multi-Factor Authentication en.wikipedia.org /wiki/Multi-factor_authentication

  54. Braintree_Dev. @cbetta | @braintree_dev KNOWLEDGE FACTOR

  55. Braintree_Dev. @cbetta | @braintree_dev INHERENCE FACTOR

  56. Braintree_Dev. @cbetta | @braintree_dev POSSESSION FACTOR

  57. Braintree_Dev. @cbetta | @braintree_dev 2-Factor Authentication twofactorauth.org

  58. Braintree_Dev. @cbetta | @braintree_dev twofactorauth.org

  59. Braintree_Dev. @cbetta | @braintree_dev Passwordless Authentication medium.com /@ninjudd/passwords-are-obsolete-9ed56d483eb

  60. Braintree_Dev. @cbetta | @braintree_dev

  61. Braintree_Dev. @cbetta | @braintree_dev

  62. Braintree_Dev. @cbetta | @braintree_dev

  63. Braintree_Dev. @cbetta | @braintree_dev

  64. Braintree_Dev. @cbetta | @braintree_dev

  65. fidoalliance.org

  66. Braintree_Dev. @cbetta | @braintree_dev

  67. Braintree_Dev. @cbetta | @braintree_dev

  68. Braintree_Dev. @cbetta | @braintree_dev

  69. Braintree_Dev. @cbetta | @braintree_dev

  70. Braintree_Dev. @cbetta | @braintree_dev

  71. Braintree_Dev. @cbetta | @braintree_dev > Exit? (Y/n) _

  72. Braintree_Dev. @cbetta | @braintree_dev Authorization & Authentication stackoverflow.com /questions/6367865/is-there-a-difference- between-authentication-and-authorization

  73. Braintree_Dev. @cbetta | @braintree_dev Google Facebook Twitter

  74. Braintree_Dev. @cbetta | @braintree_dev

  75. Braintree_Dev. @cbetta | @braintree_dev

  76. None
  77. None
  78. None

  79. Braintree_Dev. @cbetta | @braintree_dev

  80. Braintree_Dev. @cbetta | @braintree_dev • Passwords are awesome

  81. Braintree_Dev. @cbetta | @braintree_dev • Passwords are awesome • But

    people+passwords suck

  82. Braintree_Dev. @cbetta | @braintree_dev • Passwords are awesome • But

    people+passwords suck • We need something you have, know and/or are

  83. Braintree_Dev. @cbetta | @braintree_dev • Passwords are awesome • But

    people+passwords suck • We need something you have, know and/or are • Wearable tech opens up a new world of possibilities

  84. Braintree_Dev. @cbetta | @braintree_dev • Passwords are awesome • But

    people+passwords suck • We need something you have, know and/or are • Wearable tech opens up a new world of possibilities • Don’t re-invent the wheel

  85. Braintree_Dev. @cbetta | @braintree_dev • Passwords are awesome • But

    people+passwords suck • We need something you have, know and/or are • Wearable tech opens up a new world of possibilities • Don’t re-invent the wheel • FIDO

  86. Braintree_Dev. @cbetta | @braintree_dev • Passwords are awesome • But

    people+passwords suck • We need something you have, know and/or are • Wearable tech opens up a new world of possibilities • Don’t re-invent the wheel • FIDO • Third party auth

  87. Braintree_Dev. @cbetta | @braintree_dev

  88. THANK YOU Cristiano Betta Developer Advocate @cbetta | @braintree_dev [email protected]

    braintreepayments.com