Kill All Passwords
-
Upload
jonathan-leblanc -
Category
Technology
-
view
32.208 -
download
2
Transcript of Kill All Passwords
![Page 1: Kill All Passwords](https://reader033.fdocuments.us/reader033/viewer/2022042518/55a61bd51a28abcc098b47eb/html5/thumbnails/1.jpg)
Kill all Passwords
Jonathan LeBlanc (@jcleblanc) Head of Global Developer Advocacy at PayPal + Braintree
![Page 2: Kill All Passwords](https://reader033.fdocuments.us/reader033/viewer/2022042518/55a61bd51a28abcc098b47eb/html5/thumbnails/2.jpg)
Why do we need this?
Passwords are awesome!
twitter: @jcleblanc | hashtag: #ConvergeSE
![Page 3: Kill All Passwords](https://reader033.fdocuments.us/reader033/viewer/2022042518/55a61bd51a28abcc098b47eb/html5/thumbnails/3.jpg)
1. 123456 2. password 3. 12345678 4. qwerty 5. abc123 6. 123456789 7. 111111 8. 1234567 9. iloveyou 10. adobe123
11. 123123 12. admin 13. 1234567890 14. letmein 15. photoshop 16. 1234 17. monkey 18. shadow 19. sunshine 20. 12345
Top Passwords of 2014
twitter: @jcleblanc | hashtag: #ConvergeSE
![Page 4: Kill All Passwords](https://reader033.fdocuments.us/reader033/viewer/2022042518/55a61bd51a28abcc098b47eb/html5/thumbnails/4.jpg)
4.7% of users have the password password;
8.5% have the passwords password or 123456;
9.8% have the passwords password, 123456 or 12345678;
14% have a password from the top 10 passwords
40% have a password from the top 100 passwords
79% have a password from the top 500 passwords
91% have a password from the top 1000 passwords
Poor Password Choices
twitter: @jcleblanc | hashtag: #ConvergeSE
![Page 5: Kill All Passwords](https://reader033.fdocuments.us/reader033/viewer/2022042518/55a61bd51a28abcc098b47eb/html5/thumbnails/5.jpg)
twitter: @jcleblanc | hashtag: #ConvergeSE
The Weakest Link
![Page 6: Kill All Passwords](https://reader033.fdocuments.us/reader033/viewer/2022042518/55a61bd51a28abcc098b47eb/html5/thumbnails/6.jpg)
The Key Issues
twitter: @jcleblanc | hashtag: #ConvergeSE
![Page 7: Kill All Passwords](https://reader033.fdocuments.us/reader033/viewer/2022042518/55a61bd51a28abcc098b47eb/html5/thumbnails/7.jpg)
People Forget Passwords
![Page 8: Kill All Passwords](https://reader033.fdocuments.us/reader033/viewer/2022042518/55a61bd51a28abcc098b47eb/html5/thumbnails/8.jpg)
twitter: @jcleblanc | hashtag: #ConvergeSE
Security over Usability
![Page 9: Kill All Passwords](https://reader033.fdocuments.us/reader033/viewer/2022042518/55a61bd51a28abcc098b47eb/html5/thumbnails/9.jpg)
twitter: @jcleblanc | hashtag: #ConvergeSE
Replacing the Concept of a Username and Password
![Page 10: Kill All Passwords](https://reader033.fdocuments.us/reader033/viewer/2022042518/55a61bd51a28abcc098b47eb/html5/thumbnails/10.jpg)
Securing Current Methods
twitter: @jcleblanc | hashtag: #ConvergeSE
![Page 11: Kill All Passwords](https://reader033.fdocuments.us/reader033/viewer/2022042518/55a61bd51a28abcc098b47eb/html5/thumbnails/11.jpg)
Bad Security Algorithms
MD5, SHA-1, SHA-2, SHA-3
twitter: @jcleblanc | hashtag: #ConvergeSE
![Page 12: Kill All Passwords](https://reader033.fdocuments.us/reader033/viewer/2022042518/55a61bd51a28abcc098b47eb/html5/thumbnails/12.jpg)
Good Security Algorithms
PBKDF2, BCRYPT, SCRYPT
twitter: @jcleblanc | hashtag: #ConvergeSE
![Page 13: Kill All Passwords](https://reader033.fdocuments.us/reader033/viewer/2022042518/55a61bd51a28abcc098b47eb/html5/thumbnails/13.jpg)
twitter: @jcleblanc | hashtag: #ConvergeSE
Key Stretching
![Page 14: Kill All Passwords](https://reader033.fdocuments.us/reader033/viewer/2022042518/55a61bd51a28abcc098b47eb/html5/thumbnails/14.jpg)
Scaling Authentication
twitter: @jcleblanc | hashtag: #ConvergeSE
![Page 15: Kill All Passwords](https://reader033.fdocuments.us/reader033/viewer/2022042518/55a61bd51a28abcc098b47eb/html5/thumbnails/15.jpg)
twitter: @jcleblanc | hashtag: #ConvergeSE
Establishing Trust Zones
![Page 16: Kill All Passwords](https://reader033.fdocuments.us/reader033/viewer/2022042518/55a61bd51a28abcc098b47eb/html5/thumbnails/16.jpg)
Location Awareness
Habit Awareness
Browser Uniqueness
Device Fingerprinting
There’s more to it
twitter: @jcleblanc | hashtag: #ConvergeSE
![Page 17: Kill All Passwords](https://reader033.fdocuments.us/reader033/viewer/2022042518/55a61bd51a28abcc098b47eb/html5/thumbnails/17.jpg)
twitter: @jcleblanc | hashtag: #ConvergeSE
Variable Authentication
![Page 18: Kill All Passwords](https://reader033.fdocuments.us/reader033/viewer/2022042518/55a61bd51a28abcc098b47eb/html5/thumbnails/18.jpg)
twitter: @jcleblanc | hashtag: #ConvergeSE
Usability vs Security
![Page 19: Kill All Passwords](https://reader033.fdocuments.us/reader033/viewer/2022042518/55a61bd51a28abcc098b47eb/html5/thumbnails/19.jpg)
Use Another Site Login Mixed OAuth 2 / OpenID Connect for auth Roll Your Own Username / Password Fingerprint Scanning
State of Developer Auth
twitter: @jcleblanc | hashtag: #ConvergeSE
![Page 20: Kill All Passwords](https://reader033.fdocuments.us/reader033/viewer/2022042518/55a61bd51a28abcc098b47eb/html5/thumbnails/20.jpg)
twitter: @jcleblanc | hashtag: #ConvergeSE
What Happened to OAuth 1.0a?
![Page 21: Kill All Passwords](https://reader033.fdocuments.us/reader033/viewer/2022042518/55a61bd51a28abcc098b47eb/html5/thumbnails/21.jpg)
twitter: @jcleblanc | hashtag: #ConvergeSE
Security Concerns with OAuth 2 / OpenID Connect
![Page 22: Kill All Passwords](https://reader033.fdocuments.us/reader033/viewer/2022042518/55a61bd51a28abcc098b47eb/html5/thumbnails/22.jpg)
Identity Biometrics
twitter: @jcleblanc | hashtag: #ConvergeSE
![Page 23: Kill All Passwords](https://reader033.fdocuments.us/reader033/viewer/2022042518/55a61bd51a28abcc098b47eb/html5/thumbnails/23.jpg)
False negative: Valid user can’t log in False positive: Invalid user can log in
False Positive /
Negative Rates
twitter: @jcleblanc | hashtag: #ConvergeSE
![Page 24: Kill All Passwords](https://reader033.fdocuments.us/reader033/viewer/2022042518/55a61bd51a28abcc098b47eb/html5/thumbnails/24.jpg)
The FIDO Alliance http://fidoalliance.org/
twitter: @jcleblanc | hashtag: #ConvergeSE
![Page 25: Kill All Passwords](https://reader033.fdocuments.us/reader033/viewer/2022042518/55a61bd51a28abcc098b47eb/html5/thumbnails/25.jpg)
twitter: @jcleblanc | hashtag: #ConvergeSE
The Future of Secure Identity & Data Encryption
![Page 26: Kill All Passwords](https://reader033.fdocuments.us/reader033/viewer/2022042518/55a61bd51a28abcc098b47eb/html5/thumbnails/26.jpg)
Thank You! slideshare.net/jcleblanc
Jonathan LeBlanc (@jcleblanc) Head of Global Developer Advocacy at PayPal + Braintree