Death to Passwords

Transcript

1. None

2. Death to Passwords

3. Death to Passwords Cristiano Betta Developer Advocate

4. Death to Passwords Cristiano Betta Developer Advocate

5. Death to Passwords Cristiano Betta Developer Advocate @cbetta | @braintree_dev

6. Braintree_Dev. @cbetta | @braintree_dev WHERE I LIVE

7. Braintree_Dev. @cbetta | @braintree_dev WHERE I USED TO LIVE

8. Braintree_Dev. @cbetta | @braintree_dev

9. Braintree_Dev. @cbetta | @braintree_dev That’s me

10. Braintree_Dev. @cbetta | @braintree_dev

11. Braintree_Dev. @cbetta | @braintree_dev

12. Braintree_Dev. @cbetta | @braintree_dev

13. Braintree_Dev. @cbetta | @braintree_dev >Death to Passwords_

14. Braintree_Dev. @cbetta | @braintree_dev

15. Braintree_Dev. @cbetta | @braintree_dev

16. Braintree_Dev. @cbetta | @braintree_dev >The 3 key problems_

17. Braintree_Dev. @cbetta | @braintree_dev The top 1000 most used passwords

    of 2012 wiki.skullsecurity.org/Passwords

18. Braintree_Dev. @cbetta | @braintree_dev The top 1000 most leaked passwords

    of 2012 wiki.skullsecurity.org/Passwords

19. Braintree_Dev. @cbetta | @braintree_dev 4.7% OF ALL LEAKED PASSWORDS ARE

20. Braintree_Dev. @cbetta | @braintree_dev 4.7% OF ALL LEAKED PASSWORDS ARE

    PASSWORD

21. Braintree_Dev. @cbetta | @braintree_dev

22. Braintree_Dev. @cbetta | @braintree_dev 8.5% OF ALL LEAKED PASSWORDS ARE

23. Braintree_Dev. @cbetta | @braintree_dev 8.5% OF ALL LEAKED PASSWORDS ARE

    PASSWORD or 123456

24. Braintree_Dev. @cbetta | @braintree_dev 4.7% OF ALL LEAKED PASSWORDS ARE

25. Braintree_Dev. @cbetta | @braintree_dev 4.7% OF ALL LEAKED PASSWORDS ARE

    PASSWORD or 123456 or 12345678

26. Braintree_Dev. @cbetta | @braintree_dev ... and it doesn’t even stop

    there
 
 14% have a password from the top 10
 40% have a password from the top 100
 79% have a password from the top 500
 91% have a password from the top 1000


27. Braintree_Dev. @cbetta | @braintree_dev abstrusegoose.com/296

28. Braintree_Dev. @cbetta | @braintree_dev A brief analysis of the situation

    in 2013 cbsn.ws/1siTPGH

29. Braintree_Dev. @cbetta | @braintree_dev 1. 123456 2. password 3. 12345678

    4. qwerty 5. abc123 6. 123456789 7. 111111 8. 1234567 9. iloveyou 10. adobe123 11. 123123 12. admin 13. 1234567890 14. letmein 15. photoshop 16. 1234 17. monkey 18. shadow 19. sunshine 20. 12345

30. Braintree_Dev. @cbetta | @braintree_dev 1. 123456 up 1 2. password

    down 1 3. 12345678 4. qwerty up 1 5. abc123 down 1 6. 123456789 new 7. 111111 up 2 8. 1234567 up 5 9. iloveyou up 2 10. adobe123 new 11. 123123 up 5 12. admin new 13. 1234567890 new 14. letmein down 7 15. photoshop new 16. 1234 new 17. monkey down 11 18. shadow 19. sunshine down 5 20. 12345 new

31. Braintree_Dev. @cbetta | @braintree_dev 11. 123123 up 5 12. admin

    new 13. 1234567890 new 14. letmein down 7 15. photoshop new 16. 1234 new 17. monkey down 11 18. shadow 19. sunshine down 5 20. 12345 new 1. 123456 up 1 2. password down 1 3. 12345678 4. qwerty up 1 5. abc123 down 1 6. 123456789 new 7. 111111 up 2 8. 1234567 up 5 9. iloveyou up 2 10. adobe123 new

32. Braintree_Dev. @cbetta | @braintree_dev 11. 123123 up 5 12. admin

    new 13. 1234567890 new 14. letmein down 7 15. photoshop new 16. 1234 new 17. monkey down 11 18. shadow 19. sunshine down 5 20. 12345 new 1. 123456 up 1 2. password down 1 3. 12345678 4. qwerty up 1 5. abc123 down 1 6. 123456789 new 7. 111111 up 2 8. 1234567 up 5 9. iloveyou up 2 10. adobe123 new

33. Braintree_Dev. @cbetta | @braintree_dev 11. 123123 up 5 12. admin

    new 13. 1234567890 new 14. letmein down 7 15. photoshop new 16. 1234 new 17. monkey down 11 18. shadow 19. sunshine down 5 20. 12345 new 1. 123456 up 1 2. password down 1 3. 12345678 4. qwerty up 1 5. abc123 down 1 6. 123456789 new 7. 111111 up 2 8. 1234567 up 5 9. iloveyou up 2 10. adobe123 new

34. Braintree_Dev. @cbetta | @braintree_dev

35. Braintree_Dev. @cbetta | @braintree_dev

36. Braintree_Dev. @cbetta | @braintree_dev

37. Braintree_Dev. @cbetta | @braintree_dev

38. Braintree_Dev. @cbetta | @braintree_dev

39. Braintree_Dev. @cbetta | @braintree_dev

40. Braintree_Dev. @cbetta | @braintree_dev “FAVOR SECURITY TOO MUCH OVER THE

    EXPERIENCE AND YOU’LL MAKE THE WEBSITE A PAIN TO USE.” smashingmagazine.com /2012/10/26/password-masking-hurt-signup-form

41. Braintree_Dev. @cbetta | @braintree_dev vs

42. Braintree_Dev. @cbetta | @braintree_dev

43. Braintree_Dev. @SeraAndroid / @PayPalDev People forget passwords… 45% admit to

    leaving a website instead of re- setting their password or answering security questions - Blue Inc. 2011

44. Braintree_Dev. @cbetta | @braintree_dev Let’s admit it...
 Passwords really suck!

45. Braintree_Dev. @SeraAndroid / @PayPalDev People hate to register Out of

    657 surveyed users 66% think that social sign-in is a desirable alternative. - Blue Inc. 2011

46. Braintree_Dev. @cbetta | @braintree_dev Let’s admit it...
 Passwords really, really

    suck!

47. Braintree_Dev. @cbetta | @braintree_dev “Braintree Says Goodbye to Passwords With

    One Touch Payments for PayPal and Venmo, and Hello to Bitcoin” braintreepayments.com /blog/goodbye-passwords-one-touch-hello-bitcoin

48. Braintree_Dev. @cbetta | @braintree_dev Merchant app PayPal app Merchant app

    

49. Braintree_Dev. @cbetta | @braintree_dev  Merchant app PayPal app Merchant

    app

50. Braintree_Dev. @cbetta | @braintree_dev  Merchant app PayPal app Merchant

    app

51. Braintree_Dev. @cbetta | @braintree_dev  Merchant app PayPal app Merchant

    app

52. Braintree_Dev. @cbetta | @braintree_dev > Continue? (Y/n) _

53. Braintree_Dev. @cbetta | @braintree_dev Multi-Factor Authentication en.wikipedia.org /wiki/Multi-factor_authentication

54. Braintree_Dev. @cbetta | @braintree_dev KNOWLEDGE FACTOR

55. Braintree_Dev. @cbetta | @braintree_dev INHERENCE FACTOR

56. Braintree_Dev. @cbetta | @braintree_dev POSSESSION FACTOR

57. Braintree_Dev. @cbetta | @braintree_dev 2-Factor Authentication twofactorauth.org

58. Braintree_Dev. @cbetta | @braintree_dev twofactorauth.org

59. Braintree_Dev. @cbetta | @braintree_dev Passwordless Authentication medium.com /@ninjudd/passwords-are-obsolete-9ed56d483eb

60. Braintree_Dev. @cbetta | @braintree_dev

61. Braintree_Dev. @cbetta | @braintree_dev

62. Braintree_Dev. @cbetta | @braintree_dev

63. Braintree_Dev. @cbetta | @braintree_dev

64. Braintree_Dev. @cbetta | @braintree_dev

65. fidoalliance.org

66. Braintree_Dev. @cbetta | @braintree_dev

67. Braintree_Dev. @cbetta | @braintree_dev

68. Braintree_Dev. @cbetta | @braintree_dev

69. Braintree_Dev. @cbetta | @braintree_dev

70. Braintree_Dev. @cbetta | @braintree_dev

71. Braintree_Dev. @cbetta | @braintree_dev > Exit? (Y/n) _

72. Braintree_Dev. @cbetta | @braintree_dev Authorization & Authentication stackoverflow.com /questions/6367865/is-there-a-difference- between-authentication-and-authorization

73. Braintree_Dev. @cbetta | @braintree_dev Google Facebook Twitter

74. Braintree_Dev. @cbetta | @braintree_dev

75. Braintree_Dev. @cbetta | @braintree_dev

76. None
77. None
78. None

79. Braintree_Dev. @cbetta | @braintree_dev

80. Braintree_Dev. @cbetta | @braintree_dev • Passwords are awesome

81. Braintree_Dev. @cbetta | @braintree_dev • Passwords are awesome • But

    people+passwords suck

82. Braintree_Dev. @cbetta | @braintree_dev • Passwords are awesome • But

    people+passwords suck • We need something you have, know and/or are

83. Braintree_Dev. @cbetta | @braintree_dev • Passwords are awesome • But

    people+passwords suck • We need something you have, know and/or are • Wearable tech opens up a new world of possibilities

84. Braintree_Dev. @cbetta | @braintree_dev • Passwords are awesome • But

    people+passwords suck • We need something you have, know and/or are • Wearable tech opens up a new world of possibilities • Don’t re-invent the wheel

85. Braintree_Dev. @cbetta | @braintree_dev • Passwords are awesome • But

    people+passwords suck • We need something you have, know and/or are • Wearable tech opens up a new world of possibilities • Don’t re-invent the wheel • FIDO

86. Braintree_Dev. @cbetta | @braintree_dev • Passwords are awesome • But

    people+passwords suck • We need something you have, know and/or are • Wearable tech opens up a new world of possibilities • Don’t re-invent the wheel • FIDO • Third party auth

87. Braintree_Dev. @cbetta | @braintree_dev

88. THANK YOU Cristiano Betta Developer Advocate @cbetta | @braintree_dev [email protected]

    braintreepayments.com