death to passwords sxsw 15
Post on 14-Jul-2015
4.839 Views
Preview:
TRANSCRIPT
@SeraAndroid #DeathToPW
Death to Passwords Tim Messerschmidt Head of Developer Advocacy, International PayPal / Braintree SXSW 2015
@SeraAndroid #DeathToPW
Death to Passwords Tim Messerschmidt Head of Developer Advocacy, International PayPal / Braintree SXSW 2015
@SeraAndroid #DeathToPW
1. 123456 2. password 3. 12345678 4. qwerty 5. abc123 6. 123456789 7. 111111 8. 1234567 9. iloveyou 10. adobe123
11. 123123 12. admin 13. 1234567890 14. letmein 15. photoshop 16. 1234 17. monkey 18. shadow 19. sunshine 20. 12345
@SeraAndroid #DeathToPW
1. 123456 2. password 3. 12345678 4. qwerty 5. abc123 6. 123456789 7. 111111 8. 1234567 9. iloveyou 10. adobe123
11. 123123 12. admin 13. 1234567890 14. letmein 15. photoshop 16. 1234 17. monkey 18. shadow 19. sunshine 20. 12345
@SeraAndroid #DeathToPW
1. 123456 2. password 3. 12345 4. 12345678 5. qwerty 6. 1234567890 7. 1234 8. baseball 9. dragon 10. football
11. 1234567 12. monkey 13. letmein 14. abc123 15. 111111 16. mustang 17. access 18. shadow 19. master 20. michael
@SeraAndroid #DeathToPW
1. 123456 2. password 3. 12345 up 17 4. 12345678 down 1 5. qwerty down 1 6. 1234567890 7. 1234 up 9 8. baseball new 9. dragon new 10. football new
11. 1234567 down 4 12. monkey up 5 13. letmein up 1 14. abc123 down 9 15. 111111 down 8 16. mustang new 17. access new 18. shadow 19. master new 20. michael new
@SeraAndroid #DeathToPW
/\$\d+/ @SeraAndroid #DeathToPW
Favor security too much over the experience and you’ll make the
website a pain to use.
smashingmagazine.com/2012/10/26/password-masking-hurt-signup-form
@SeraAndroid #DeathToPW
People forget passwords…
45% admit to leaving a website instead of re-setting their password or answering security questions
- Blue Inc. 2011
@SeraAndroid #DeathToPW
/\$\d+/ @SeraAndroid #DeathToPW
Bad hashing algorithms
MD5, SHA-1, SHA-2, SHA-3 bit.ly/1DOfzy7
@SeraAndroid #DeathToPW
/\$\d+/ @SeraAndroid #DeathToPW
Awesome hashing algorithms
PBKDF2, BCRYPT, SCRYPT bit.ly/1DOfzy7
@SeraAndroid #DeathToPW
Passwordless Authentication medium.com/@ninjudd/passwords-are-obsolete-9ed56d483eb
@SeraAndroid #DeathToPW
braintreepayments.com/blog/goodbye-passwords-one-touch-hello-bitcoin
> Braintree Says Goodbye to Passwords With One Touch Payments for PayPal and Venmo, and Hello to Bitcoin _
@SeraAndroid #DeathToPW
People hate to register
Out of 657 surveyed users 66% think that social sign-in is a desirable alternative.
- Blue Inc. 2011
@SeraAndroid #DeathToPW
Authorization & Authentication stackoverflow.com/questions/6367865/is-there-a-difference-between-authentication-and-authorization
@SeraAndroid #DeathToPW
Request Request Token
Grant Request Token
Direct User to Service
Obtain Authorization
Direct to Consumer
Request Access Token
Grant Access Token
Access Resources
The Consumer
Service Provider
@SeraAndroid #DeathToPW
Direct User to Service
Obtain Authorization
Request Access Token
Grant Access Token
Direct to Consumer
Access Resources
The Consumer
Service Provider
@SeraAndroid / @Braintree_Dev
@SeraAndroid #DeathToPW
OAuth 2.0 Token via Header URL url = new URL("http://url.com/"); HttpURLConnection urlConnection =
(HttpURLConnection) url.openConnection(); setRequestProperty("Authorization", "Bearer …");
@SeraAndroid #DeathToPW
OAuth libraries for Android github.com/mttkay/signpost github.com/pakerfeldt/signpost-retrofit
@SeraAndroid #DeathToPW
OAuth libraries for iOS github.com/nxtbgthng/OAuth2Client github.com/AFNetworking/AFOAuth2Manager
@SeraAndroid #DeathToPW
/\$\d+/ @SeraAndroid #DeathToPW
The Hybrids OpenID OAuth Extension
& OpenID Connect
top related