Артем Шкловец - Аутентификация личности по изображению отпечатка пальца
#MBLTdev: Современная аутентификация (PayPal)
description
Transcript of #MBLTdev: Современная аутентификация (PayPal)
![Page 1: #MBLTdev: Современная аутентификация (PayPal)](https://reader033.fdocuments.us/reader033/viewer/2022052507/558d18b1d8b42a02418b4702/html5/thumbnails/1.jpg)
Braintree_Dev. @SeraAndroid / @PayPalDev
Modern Day Authentication
Tim Messerschmidt Head of Developer Advocacy, EMEA PayPal + Braintree
![Page 2: #MBLTdev: Современная аутентификация (PayPal)](https://reader033.fdocuments.us/reader033/viewer/2022052507/558d18b1d8b42a02418b4702/html5/thumbnails/2.jpg)
Braintree_Dev. @SeraAndroid / @PayPalDev
![Page 3: #MBLTdev: Современная аутентификация (PayPal)](https://reader033.fdocuments.us/reader033/viewer/2022052507/558d18b1d8b42a02418b4702/html5/thumbnails/3.jpg)
Braintree_Dev. @SeraAndroid / @PayPalDev
![Page 4: #MBLTdev: Современная аутентификация (PayPal)](https://reader033.fdocuments.us/reader033/viewer/2022052507/558d18b1d8b42a02418b4702/html5/thumbnails/4.jpg)
Braintree_Dev. @SeraAndroid / @PayPalDev
That’s me
![Page 5: #MBLTdev: Современная аутентификация (PayPal)](https://reader033.fdocuments.us/reader033/viewer/2022052507/558d18b1d8b42a02418b4702/html5/thumbnails/5.jpg)
Braintree_Dev. @SeraAndroid / @PayPalDev
>Death to Passwords _
![Page 6: #MBLTdev: Современная аутентификация (PayPal)](https://reader033.fdocuments.us/reader033/viewer/2022052507/558d18b1d8b42a02418b4702/html5/thumbnails/6.jpg)
Braintree_Dev. @SeraAndroid / @PayPalDev
![Page 7: #MBLTdev: Современная аутентификация (PayPal)](https://reader033.fdocuments.us/reader033/viewer/2022052507/558d18b1d8b42a02418b4702/html5/thumbnails/7.jpg)
Braintree_Dev. @SeraAndroid / @PayPalDev
The top 1000 most used passwords of 2012 wiki.skullsecurity.org/Passwords
![Page 8: #MBLTdev: Современная аутентификация (PayPal)](https://reader033.fdocuments.us/reader033/viewer/2022052507/558d18b1d8b42a02418b4702/html5/thumbnails/8.jpg)
Braintree_Dev. @SeraAndroid / @PayPalDev
4.7% OF ALL USERS USE THE PASSWORD PASSWORD
![Page 9: #MBLTdev: Современная аутентификация (PayPal)](https://reader033.fdocuments.us/reader033/viewer/2022052507/558d18b1d8b42a02418b4702/html5/thumbnails/9.jpg)
Braintree_Dev. @SeraAndroid / @PayPalDev
8.5% OF ARE USING PASSWORD OR 123456
![Page 10: #MBLTdev: Современная аутентификация (PayPal)](https://reader033.fdocuments.us/reader033/viewer/2022052507/558d18b1d8b42a02418b4702/html5/thumbnails/10.jpg)
Braintree_Dev. @SeraAndroid / @PayPalDev
9.8% USE PASSWORD, 123456 OR 12345678
![Page 11: #MBLTdev: Современная аутентификация (PayPal)](https://reader033.fdocuments.us/reader033/viewer/2022052507/558d18b1d8b42a02418b4702/html5/thumbnails/11.jpg)
Braintree_Dev. @SeraAndroid / @PayPalDev
... and it doesn’t even stop here 14% have a password from the top 10 40% have a password from the top 100 79% have a password from the top 500 91% have a password from the top 1000
![Page 12: #MBLTdev: Современная аутентификация (PayPal)](https://reader033.fdocuments.us/reader033/viewer/2022052507/558d18b1d8b42a02418b4702/html5/thumbnails/12.jpg)
Braintree_Dev. @SeraAndroid / @PayPalDev
A brief analysis of the situation in 2013 cbsn.ws/1siTPGH
![Page 13: #MBLTdev: Современная аутентификация (PayPal)](https://reader033.fdocuments.us/reader033/viewer/2022052507/558d18b1d8b42a02418b4702/html5/thumbnails/13.jpg)
Braintree_Dev. @SeraAndroid / @PayPalDev
1. 123456 2. password 3. 12345678 4. qwerty 5. abc123 6. 123456789 7. 111111 8. 1234567 9. iloveyou 10. Adobe123
11. 123123 12. admin 13. 1234567890 14. letmein 15. photoshop 16. 1234 17. monkey down 18. shadow 19. sunshine 20. 12345
![Page 14: #MBLTdev: Современная аутентификация (PayPal)](https://reader033.fdocuments.us/reader033/viewer/2022052507/558d18b1d8b42a02418b4702/html5/thumbnails/14.jpg)
Braintree_Dev. @SeraAndroid / @PayPalDev
1. 123456 up 1 2. password down 1 3. 12345678 4. qwerty up 1 5. abc123 down 1 6. 123456789 new 7. 111111 up 2 8. 1234567 up 5 9. iloveyou up 2 10. adobe123 new
11. 123123 up 5 12. admin new 13. 1234567890 new 14. letmein down 7 15. photoshop new 16. 1234 new 17. monkey down 11 18. shadow 19. sunshine down 5 20. 12345 new
![Page 15: #MBLTdev: Современная аутентификация (PayPal)](https://reader033.fdocuments.us/reader033/viewer/2022052507/558d18b1d8b42a02418b4702/html5/thumbnails/15.jpg)
Braintree_Dev. @SeraAndroid / @PayPalDev
1. 123456 up 1 2. password down 1 3. 12345678 4. qwerty up 1 5. abc123 down 1 6. 123456789 new 7. 111111 up 2 8. 1234567 up 5 9. iloveyou up 2 10. adobe123 new
11. 123123 up 5 12. admin new 13. 1234567890 new 14. letmein down 7 15. photoshop new 16. 1234 new 17. monkey down 11 18. shadow 19. sunshine down 5 20. 12345 new
![Page 16: #MBLTdev: Современная аутентификация (PayPal)](https://reader033.fdocuments.us/reader033/viewer/2022052507/558d18b1d8b42a02418b4702/html5/thumbnails/16.jpg)
Braintree_Dev. @SeraAndroid / @PayPalDev
![Page 17: #MBLTdev: Современная аутентификация (PayPal)](https://reader033.fdocuments.us/reader033/viewer/2022052507/558d18b1d8b42a02418b4702/html5/thumbnails/17.jpg)
Braintree_Dev. @SeraAndroid / @PayPalDev
>The 3 key problems _
![Page 18: #MBLTdev: Современная аутентификация (PayPal)](https://reader033.fdocuments.us/reader033/viewer/2022052507/558d18b1d8b42a02418b4702/html5/thumbnails/18.jpg)
Braintree_Dev. @SeraAndroid / @PayPalDev abstrusegoose.com/296
![Page 19: #MBLTdev: Современная аутентификация (PayPal)](https://reader033.fdocuments.us/reader033/viewer/2022052507/558d18b1d8b42a02418b4702/html5/thumbnails/19.jpg)
Braintree_Dev. @SeraAndroid / @PayPalDev
/\$\d+/ “Favor security too much over the experience and you’ll make the
website a pain to use.”
smashingmagazine.com/2012/10/26/password-masking-hurt-signup-form
![Page 20: #MBLTdev: Современная аутентификация (PayPal)](https://reader033.fdocuments.us/reader033/viewer/2022052507/558d18b1d8b42a02418b4702/html5/thumbnails/20.jpg)
Braintree_Dev. @SeraAndroid / @PayPalDev
vs.
![Page 21: #MBLTdev: Современная аутентификация (PayPal)](https://reader033.fdocuments.us/reader033/viewer/2022052507/558d18b1d8b42a02418b4702/html5/thumbnails/21.jpg)
Braintree_Dev. @SeraAndroid / @PayPalDev
People forget passwords…
45% admit to leaving a website instead of re-setting their password or answering security questions
- Blue Inc. 2011
![Page 22: #MBLTdev: Современная аутентификация (PayPal)](https://reader033.fdocuments.us/reader033/viewer/2022052507/558d18b1d8b42a02418b4702/html5/thumbnails/22.jpg)
Braintree_Dev. @SeraAndroid / @PayPalDev
Let’s admit it: Passwords really suck!
![Page 23: #MBLTdev: Современная аутентификация (PayPal)](https://reader033.fdocuments.us/reader033/viewer/2022052507/558d18b1d8b42a02418b4702/html5/thumbnails/23.jpg)
Braintree_Dev. @SeraAndroid / @PayPalDev
People hate to register
Out of 657 surveyed users 66% think that social sign-in is a desirable alternative.
- Blue Inc. 2011
![Page 24: #MBLTdev: Современная аутентификация (PayPal)](https://reader033.fdocuments.us/reader033/viewer/2022052507/558d18b1d8b42a02418b4702/html5/thumbnails/24.jpg)
Braintree_Dev. @SeraAndroid / @PayPalDev
braintreepayments.com/blog/goodbye-passwords-one-touch-hello-bitcoin
> Braintree Says Goodbye to Passwords With One Touch Payments for PayPal and Venmo, and Hello to Bitcoin _
![Page 25: #MBLTdev: Современная аутентификация (PayPal)](https://reader033.fdocuments.us/reader033/viewer/2022052507/558d18b1d8b42a02418b4702/html5/thumbnails/25.jpg)
Braintree_Dev. @SeraAndroid / @PayPalDev
Merchant app
PayPal app
Merchant app
�
![Page 26: #MBLTdev: Современная аутентификация (PayPal)](https://reader033.fdocuments.us/reader033/viewer/2022052507/558d18b1d8b42a02418b4702/html5/thumbnails/26.jpg)
Braintree_Dev. @SeraAndroid / @PayPalDev �
Merchant app
PayPal app
Merchant app
![Page 27: #MBLTdev: Современная аутентификация (PayPal)](https://reader033.fdocuments.us/reader033/viewer/2022052507/558d18b1d8b42a02418b4702/html5/thumbnails/27.jpg)
Braintree_Dev. @SeraAndroid / @PayPalDev �
Merchant app
PayPal app
Merchant app
![Page 28: #MBLTdev: Современная аутентификация (PayPal)](https://reader033.fdocuments.us/reader033/viewer/2022052507/558d18b1d8b42a02418b4702/html5/thumbnails/28.jpg)
Braintree_Dev. @SeraAndroid / @PayPalDev �
Merchant app
PayPal app
Merchant app
![Page 29: #MBLTdev: Современная аутентификация (PayPal)](https://reader033.fdocuments.us/reader033/viewer/2022052507/558d18b1d8b42a02418b4702/html5/thumbnails/29.jpg)
Braintree_Dev. @SeraAndroid / @PayPalDev
2 Factor Authentication twofactorauth.org
![Page 30: #MBLTdev: Современная аутентификация (PayPal)](https://reader033.fdocuments.us/reader033/viewer/2022052507/558d18b1d8b42a02418b4702/html5/thumbnails/30.jpg)
Braintree_Dev. @SeraAndroid / @PayPalDev
Passwordless Authentication medium.com/@ninjudd/passwords-are-obsolete-9ed56d483eb
![Page 31: #MBLTdev: Современная аутентификация (PayPal)](https://reader033.fdocuments.us/reader033/viewer/2022052507/558d18b1d8b42a02418b4702/html5/thumbnails/31.jpg)
Braintree_Dev. @SeraAndroid / @PayPalDev
![Page 32: #MBLTdev: Современная аутентификация (PayPal)](https://reader033.fdocuments.us/reader033/viewer/2022052507/558d18b1d8b42a02418b4702/html5/thumbnails/32.jpg)
Braintree_Dev. @SeraAndroid / @PayPalDev
![Page 33: #MBLTdev: Современная аутентификация (PayPal)](https://reader033.fdocuments.us/reader033/viewer/2022052507/558d18b1d8b42a02418b4702/html5/thumbnails/33.jpg)
Braintree_Dev. @SeraAndroid / @PayPalDev
![Page 34: #MBLTdev: Современная аутентификация (PayPal)](https://reader033.fdocuments.us/reader033/viewer/2022052507/558d18b1d8b42a02418b4702/html5/thumbnails/34.jpg)
Braintree_Dev. @SeraAndroid / @PayPalDev
>Authorization & Authentication _
![Page 35: #MBLTdev: Современная аутентификация (PayPal)](https://reader033.fdocuments.us/reader033/viewer/2022052507/558d18b1d8b42a02418b4702/html5/thumbnails/35.jpg)
Braintree_Dev. @SeraAndroid / @PayPalDev
/\$\d+/ OAuth 1.0 2007
Braintree_Dev. @SeraAndroid / @PayPalDev
![Page 36: #MBLTdev: Современная аутентификация (PayPal)](https://reader033.fdocuments.us/reader033/viewer/2022052507/558d18b1d8b42a02418b4702/html5/thumbnails/36.jpg)
Braintree_Dev. @SeraAndroid / @PayPalDev
Request Request Token
Grant Request Token
Direct User to Service
Obtain Authorization
Direct to Consumer
Request Access Token
Grant Access Token
Access Resources
The Consumer
Service Provider
![Page 37: #MBLTdev: Современная аутентификация (PayPal)](https://reader033.fdocuments.us/reader033/viewer/2022052507/558d18b1d8b42a02418b4702/html5/thumbnails/37.jpg)
Braintree_Dev. @SeraAndroid / @PayPalDev
/\$\d+/ OAuth 1.0a 2009
Braintree_Dev. @SeraAndroid / @PayPalDev
![Page 38: #MBLTdev: Современная аутентификация (PayPal)](https://reader033.fdocuments.us/reader033/viewer/2022052507/558d18b1d8b42a02418b4702/html5/thumbnails/38.jpg)
Braintree_Dev. @SeraAndroid / @PayPalDev
/\$\d+/ OAuth 2.0 2012
Braintree_Dev. @SeraAndroid / @PayPalDev
![Page 39: #MBLTdev: Современная аутентификация (PayPal)](https://reader033.fdocuments.us/reader033/viewer/2022052507/558d18b1d8b42a02418b4702/html5/thumbnails/39.jpg)
Braintree_Dev. @SeraAndroid / @PayPalDev
Direct User to Service
Obtain Authorization
Request Access Token
Grant Access Token
Direct to Consumer
Access Resources
The Consumer
Service Provider
Braintree_Dev. @SeraAndroid / @PayPalDev
![Page 40: #MBLTdev: Современная аутентификация (PayPal)](https://reader033.fdocuments.us/reader033/viewer/2022052507/558d18b1d8b42a02418b4702/html5/thumbnails/40.jpg)
Braintree_Dev. @SeraAndroid / @PayPalDev
/\$\d+/ OpenID
Braintree_Dev. @SeraAndroid / @PayPalDev
![Page 41: #MBLTdev: Современная аутентификация (PayPal)](https://reader033.fdocuments.us/reader033/viewer/2022052507/558d18b1d8b42a02418b4702/html5/thumbnails/41.jpg)
Braintree_Dev. @SeraAndroid / @PayPalDev
/\$\d+/ Combinations
Braintree_Dev. @SeraAndroid / @PayPalDev
![Page 42: #MBLTdev: Современная аутентификация (PayPal)](https://reader033.fdocuments.us/reader033/viewer/2022052507/558d18b1d8b42a02418b4702/html5/thumbnails/42.jpg)
Braintree_Dev. @SeraAndroid / @PayPalDev
![Page 43: #MBLTdev: Современная аутентификация (PayPal)](https://reader033.fdocuments.us/reader033/viewer/2022052507/558d18b1d8b42a02418b4702/html5/thumbnails/43.jpg)
Braintree_Dev. @SeraAndroid / @PayPalDev
>What’s next? _
![Page 44: #MBLTdev: Современная аутентификация (PayPal)](https://reader033.fdocuments.us/reader033/viewer/2022052507/558d18b1d8b42a02418b4702/html5/thumbnails/44.jpg)
Braintree_Dev. @SeraAndroid / @PayPalDev
![Page 45: #MBLTdev: Современная аутентификация (PayPal)](https://reader033.fdocuments.us/reader033/viewer/2022052507/558d18b1d8b42a02418b4702/html5/thumbnails/45.jpg)
Braintree_Dev. @SeraAndroid / @PayPalDev
![Page 46: #MBLTdev: Современная аутентификация (PayPal)](https://reader033.fdocuments.us/reader033/viewer/2022052507/558d18b1d8b42a02418b4702/html5/thumbnails/46.jpg)
Braintree_Dev. @SeraAndroid / @PayPalDev
![Page 47: #MBLTdev: Современная аутентификация (PayPal)](https://reader033.fdocuments.us/reader033/viewer/2022052507/558d18b1d8b42a02418b4702/html5/thumbnails/47.jpg)
Braintree_Dev. @SeraAndroid / @PayPalDev
![Page 48: #MBLTdev: Современная аутентификация (PayPal)](https://reader033.fdocuments.us/reader033/viewer/2022052507/558d18b1d8b42a02418b4702/html5/thumbnails/48.jpg)
Braintree_Dev. @SeraAndroid / @PayPalDev
![Page 49: #MBLTdev: Современная аутентификация (PayPal)](https://reader033.fdocuments.us/reader033/viewer/2022052507/558d18b1d8b42a02418b4702/html5/thumbnails/49.jpg)
Braintree_Dev. @SeraAndroid / @PayPalDev
>Utilizing A Trusted Environment _
![Page 50: #MBLTdev: Современная аутентификация (PayPal)](https://reader033.fdocuments.us/reader033/viewer/2022052507/558d18b1d8b42a02418b4702/html5/thumbnails/50.jpg)
Braintree_Dev. @SeraAndroid / @PayPalDev
>Scaling Security _
![Page 51: #MBLTdev: Современная аутентификация (PayPal)](https://reader033.fdocuments.us/reader033/viewer/2022052507/558d18b1d8b42a02418b4702/html5/thumbnails/51.jpg)
Braintree_Dev. @SeraAndroid / @PayPalDev
>FIDO Alliance _
![Page 52: #MBLTdev: Современная аутентификация (PayPal)](https://reader033.fdocuments.us/reader033/viewer/2022052507/558d18b1d8b42a02418b4702/html5/thumbnails/52.jpg)
Braintree_Dev. @SeraAndroid / @PayPalDev
1 Security Matters to users and developers 2 Difference Authentication and Authorization 3 User Experience Should be enhanced not impaired
Braintree_Dev. @SeraAndroid / @PayPalDev
![Page 53: #MBLTdev: Современная аутентификация (PayPal)](https://reader033.fdocuments.us/reader033/viewer/2022052507/558d18b1d8b42a02418b4702/html5/thumbnails/53.jpg)
Braintree_Dev. @SeraAndroid / @PayPalDev
Спасибо за внимание!
[email protected] braintreepayments.com/developers
slideshare.com/PayPal