More Related Content Similar to Taking the pain out of signing users in Similar to Taking the pain out of signing users in (20) More from Francois Marier More from Francois Marier (12) Taking the pain out of signing users in13. bcrypt / scrypt / pbkdf2
per-user salt
site secret
password & lockout policies
secure recovery
14. bcrypt / scrypt / pbkdf2
per-user salt
site secret
password & lockout policies
secure recovery
15. bcrypt / scrypt / pbkdf2
per-user salt
site secret
password & lockout policies
secure recovery
16. bcrypt / scrypt / pbkdf2
per-user salt
site secret
password & lockout policies
secure recovery
17. bcrypt / scrypt / pbkdf2
per-user salt
site secret
password & lockout policies
secure recovery
18. bcrypt / scrypt / pbkdf2
per-user salt
site secret
password & lockout policies
secure recovery
2013
2013
password
password
guidelines
guidelines
30. “People want a little
dating before marriage.”
Eric Vishria – Rockmelt
41. what if it were a standard
part of the web browser?
49. we can't wait for all domains
to adopt Persona
solution: a temporary
centralised fallback
75. def verify_assertion(assertion):
page = requests.post(
'https://verifier.login.persona.org/verify',
data={ "assertion": assertion,
"audience": 'http://123done.org'}
)
data = page.json
return data.status == 'okay'
76. def verify_assertion(assertion):
page = requests.post(
'https://verifier.login.persona.org/verify',
data={ "assertion": assertion,
"audience": 'http://123done.org'}
)
data = page.json
return data.status == 'okay'
77. def verify_assertion(assertion):
page = requests.post(
'https://verifier.login.persona.org/verify',
data={ "assertion": assertion,
"audience": 'http://123done.org'}
)
data = page.json
return data.status == 'okay'
85. 1. load javascript library
2. setup login & logout callbacks
3. add login and logout buttons
4. verify proof of ownership
86. 1. load javascript library
2. setup login & logout callbacks
3. add login and logout buttons
4. verify proof of ownership
87. 1. load javascript library
2. setup login & logout callbacks
3. add login and logout buttons
4. verify proof of ownership
88. 1. load javascript library
2. setup login & logout callbacks
3. add login and logout buttons
4. verify proof of ownership
94. To learn more about Persona:
https://login.persona.org/
http://identity.mozilla.com/
https://developer.mozilla.org/docs/Persona/Quick_Setup
https://github.com/mozilla/browserid-cookbook
https://developer.mozilla.org/docs/Persona/Libraries_and_plugins
http://123done.org/
https://wiki.mozilla.org/Identity#Get_Involved @fmarier
95. © 2013 François Marier <francois@mozilla.com>
This work is licensed under a
Creative Commons Attribution-ShareAlike 3.0 New Zealand License.
Hotel doorman: https://secure.flickr.com/photos/wildlife_encounters/8024166802/
Top 500 passwords: http://xato.net/passwords/more-top-worst-passwords/
Parchment: https://secure.flickr.com/photos/27613359@N03/6750396225/
Uncle Sam: https://secure.flickr.com/photos/donkeyhotey/5666065982/
Restaurant dinner: https://secure.flickr.com/photos/yourdon/3977084094/
Stop sign: https://secure.flickr.com/photos/artbystevejohnson/6673406227/
Photo credits: