Your SlideShare is downloading. ×

Taking the pain out of signing users in

672

Published on

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
672
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. François Marier – @fmarier Taking the pain out of signing users in
  • 2. passwords
  • 3. problem #1: passwords are hard to secure
  • 4. bcrypt / scrypt / pbkdf2 per-user salt site secret password & lockout policies secure recovery
  • 5. bcrypt / scrypt / pbkdf2 per-user salt site secret password & lockout policies secure recovery
  • 6. bcrypt / scrypt / pbkdf2 per-user salt site secret password & lockout policies secure recovery
  • 7. bcrypt / scrypt / pbkdf2 per-user salt site secret password & lockout policies secure recovery
  • 8. bcrypt / scrypt / pbkdf2 per-user salt site secret password & lockout policies secure recovery
  • 9. bcrypt / scrypt / pbkdf2 per-user salt site secret password & lockout policies secure recovery 2013 2013 password password guidelines guidelines
  • 10. passwords are hard to secure they are a liability
  • 11. ALTER TABLE user DROP COLUMN password;
  • 12. problem #2: passwords are hard to remember
  • 13. pick an easy password
  • 14. use it everywhere
  • 15. passwords are hard to remember they need to be reset
  • 16. control email account control all accounts =
  • 17. “People want a little dating before marriage.” Eric Vishria – Rockmelt
  • 18. decentralised
  • 19. myid.com/u/francois
  • 20. existing login systems are not good enough
  • 21. ideal web-wide identity system
  • 22. ● decentralised simple cross-browser ideal web-wide identity system
  • 23. ● decentralised ● simple cross-browser ideal web-wide identity system
  • 24. ● decentralised ● simple ● cross-browser ideal web-wide identity system
  • 25. what if it were a standard part of the web browser?
  • 26. how does it work?
  • 27. fmarier@gmail.com
  • 28. demo #1: http://www.voo.st/ fmariertest@eyedee.me
  • 29. Persona is already a decentralised system
  • 30. decentralisation is the answer, but it's not a product adoption strategy
  • 31. we can't wait for all domains to adopt Persona
  • 32. we can't wait for all domains to adopt Persona solution: a temporary centralised fallback
  • 33. demo #2: http://sloblog.io/ fmariertest@aol.com
  • 34. Persona already works with all email domains
  • 35. identity bridging
  • 36. demo #3: http://www.reasonwell.com/ fmariertest@yahoo.com
  • 37. >= 8
  • 38. Persona is decentralized, simple and cross-browser
  • 39. it's simple for users, but is it also simple for developers?
  • 40. <script src=”https://login.persona.org/include.js”> </script> </body></html>
  • 41. navigator.id.watch({ loggedInUser: null, onlogin: function (assertion) { $.post('/login', {assertion: assertion}, function (data) { window.location = '/home'; } ); }, onlogout: function () { window.location = '/logout'; } });
  • 42. navigator.id.watch({ loggedInUser: "francois@mozilla.com" onlogin: function (assertion) { $.post('/login', {assertion: assertion}, function (data) { window.location = '/home'; } ); }, onlogout: function () { window.location = '/logout'; } });
  • 43. navigator.id.watch({ loggedInUser: null onlogin: function (assertion) { $.post('/login', {assertion: assertion}, function (data) { window.location = '/home'; } ); }, onlogout: function () { window.location = '/logout'; } });
  • 44. navigator.id.watch({ loggedInUser: null, onlogin: function (assertion) { $.post('/login', {assertion: assertion}, function (data) { window.location = '/home'; } ); } onlogout: function () { window.location = '/logout'; } });
  • 45. navigator.id.watch({ loggedInUser: null, onlogin: function (assertion) { $.post('/login', {assertion: assertion}, function (data) { window.location = '/home'; } ); }, onlogout: function () { window.location = '/logout'; } });
  • 46. navigator.id.request()
  • 47. navigator.id.watch({ loggedInUser: null, onlogin: function (assertion) { $.post('/login', {assertion: assertion}, function (data) { window.location = '/home'; } ); }, onlogout: function () { window.location = '/logout'; } });
  • 48. navigator.id.watch({ loggedInUser: null, onlogin: function (assertion) { $.post('/login', {assertion: assertion}, function (data) { window.location = '/home'; } ); }, onlogout: function () { window.location = '/logout'; } });
  • 49. def verify_assertion(assertion): page = requests.post( 'https://verifier.login.persona.org/verify', data={ "assertion": assertion, "audience": 'http://123done.org'} ) data = page.json return data.status == 'okay'
  • 50. def verify_assertion(assertion): page = requests.post( 'https://verifier.login.persona.org/verify', data={ "assertion": assertion, "audience": 'http://123done.org'} ) data = page.json return data.status == 'okay'
  • 51. def verify_assertion(assertion): page = requests.post( 'https://verifier.login.persona.org/verify', data={ "assertion": assertion, "audience": 'http://123done.org'} ) data = page.json return data.status == 'okay'
  • 52. { status: “okay”, audience: “http://123done.org”, expires: 1344849682560, email: “francois@mozilla.com”, issuer: “login.persona.org” }
  • 53. { status: “failed”, reason: “assertion has expired” }
  • 54. navigator.id.logout()
  • 55. navigator.id.watch({ loggedInUser: null, onlogin: function (assertion) { $.post('/login', {assertion: assertion}, function (data) { window.location = '/home'; } ); }, onlogout: function () { window.location = '/logout'; } });
  • 56. 1. load javascript library 2. setup login & logout callbacks 3. add login and logout buttons 4. verify proof of ownership
  • 57. 1. load javascript library 2. setup login & logout callbacks 3. add login and logout buttons 4. verify proof of ownership
  • 58. 1. load javascript library 2. setup login & logout callbacks 3. add login and logout buttons 4. verify proof of ownership
  • 59. 1. load javascript library 2. setup login & logout callbacks 3. add login and logout buttons 4. verify proof of ownership
  • 60. you can add support for Persona in four easy steps
  • 61. one simple request
  • 62. building a new site: default to Persona
  • 63. working on an existing site/app: add support for Persona
  • 64. To learn more about Persona: https://login.persona.org/ http://identity.mozilla.com/ https://developer.mozilla.org/docs/Persona/Quick_Setup https://github.com/mozilla/browserid-cookbook https://developer.mozilla.org/docs/Persona/Libraries_and_plugins http://123done.org/ https://wiki.mozilla.org/Identity#Get_Involved @fmarier
  • 65. © 2013 François Marier <francois@mozilla.com> This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 New Zealand License. Hotel doorman: https://secure.flickr.com/photos/wildlife_encounters/8024166802/ Top 500 passwords: http://xato.net/passwords/more-top-worst-passwords/ Parchment: https://secure.flickr.com/photos/27613359@N03/6750396225/ Uncle Sam: https://secure.flickr.com/photos/donkeyhotey/5666065982/ Restaurant dinner: https://secure.flickr.com/photos/yourdon/3977084094/ Stop sign: https://secure.flickr.com/photos/artbystevejohnson/6673406227/ Photo credits:

×