Kill All Passwords

Jonathan LeBlanc
Jonathan LeBlancDirector of Developer Advocacy at Box
Kill all Passwords
Jonathan LeBlanc (@jcleblanc)
Head of Global Developer
Advocacy at PayPal + Braintree
Why do we need this?
Passwords are awesome!
twitter: @jcleblanc | hashtag: #ConvergeSE
1.  123456
2.  password
3.  12345678
4.  qwerty
5.  abc123
6.  123456789
7.  111111
8.  1234567
9.  iloveyou
10. adobe123
11. 123123
12. admin
13. 1234567890
14. letmein
15. photoshop
16. 1234
17. monkey
18. shadow
19. sunshine
20. 12345
Top Passwords of 2014
twitter: @jcleblanc | hashtag: #ConvergeSE
4.7% of users have the password password;
8.5% have the passwords password or 123456;
9.8% have the passwords password, 123456 or
12345678;
14% have a password from the top 10 passwords
40% have a password from the top 100 passwords
79% have a password from the top 500 passwords
91% have a password from the top 1000 passwords
Poor Password Choices
twitter: @jcleblanc | hashtag: #ConvergeSE
twitter: @jcleblanc | hashtag: #ConvergeSE
The Weakest Link
The Key Issues
twitter: @jcleblanc | hashtag: #ConvergeSE
People Forget Passwords
twitter: @jcleblanc | hashtag: #ConvergeSE
Security over Usability
twitter: @jcleblanc | hashtag: #ConvergeSE
Replacing the Concept of
a Username and Password
Securing Current Methods
twitter: @jcleblanc | hashtag: #ConvergeSE
Bad Security Algorithms
MD5, SHA-1, SHA-2, SHA-3
twitter: @jcleblanc | hashtag: #ConvergeSE
Good Security Algorithms
PBKDF2, BCRYPT, SCRYPT
twitter: @jcleblanc | hashtag: #ConvergeSE
twitter: @jcleblanc | hashtag: #ConvergeSE
Key Stretching
Scaling Authentication
twitter: @jcleblanc | hashtag: #ConvergeSE
twitter: @jcleblanc | hashtag: #ConvergeSE
Establishing Trust Zones
Location Awareness
Habit Awareness
Browser Uniqueness
Device Fingerprinting
There’s more to it
twitter: @jcleblanc | hashtag: #ConvergeSE
twitter: @jcleblanc | hashtag: #ConvergeSE
Variable Authentication
twitter: @jcleblanc | hashtag: #ConvergeSE
Usability vs Security
Use Another Site Login
Mixed OAuth 2 / OpenID
Connect for auth
Roll Your Own
Username / Password
Fingerprint Scanning
State of Developer Auth
twitter: @jcleblanc | hashtag: #ConvergeSE
twitter: @jcleblanc | hashtag: #ConvergeSE
What Happened to OAuth 1.0a?
twitter: @jcleblanc | hashtag: #ConvergeSE
Security Concerns with
OAuth 2 / OpenID Connect
Identity Biometrics
twitter: @jcleblanc | hashtag: #ConvergeSE
False negative: Valid
user can’t log in
False positive: Invalid
user can log in
False Positive /
Negative Rates
twitter: @jcleblanc | hashtag: #ConvergeSE
The FIDO Alliance
http://fidoalliance.org/
twitter: @jcleblanc | hashtag: #ConvergeSE
twitter: @jcleblanc | hashtag: #ConvergeSE
The Future of Secure
Identity & Data Encryption
Thank You!
slideshare.net/jcleblanc
Jonathan LeBlanc (@jcleblanc)
Head of Global Developer
Advocacy at PayPal + Braintree
1 of 26

Recommended

Mobile Authentication using Biometrics & Wearables by
Mobile Authentication using Biometrics & WearablesMobile Authentication using Biometrics & Wearables
Mobile Authentication using Biometrics & WearablesJonathan LeBlanc
1.8K views38 slides
Protecting the Future of Mobile Payments by
Protecting the Future of Mobile PaymentsProtecting the Future of Mobile Payments
Protecting the Future of Mobile PaymentsJonathan LeBlanc
10.8K views26 slides
Building a Mobile Location Aware System with Beacons by
Building a Mobile Location Aware System with BeaconsBuilding a Mobile Location Aware System with Beacons
Building a Mobile Location Aware System with BeaconsJonathan LeBlanc
3.1K views32 slides
Future of Identity, Data, and Wearable Security by
Future of Identity, Data, and Wearable SecurityFuture of Identity, Data, and Wearable Security
Future of Identity, Data, and Wearable SecurityJonathan LeBlanc
1.4K views20 slides
Internet Security and Trends by
Internet Security and TrendsInternet Security and Trends
Internet Security and TrendsJonathan LeBlanc
2.8K views14 slides
Webinar: eCommerce Compliance - PCI meets GDPR by
Webinar: eCommerce Compliance - PCI meets GDPRWebinar: eCommerce Compliance - PCI meets GDPR
Webinar: eCommerce Compliance - PCI meets GDPRSucuri
643 views22 slides

More Related Content

Similar to Kill All Passwords

Death to Passwords by
Death to Passwords Death to Passwords
Death to Passwords Cristiano Betta
2.6K views88 slides
Death To Passwords by
Death To PasswordsDeath To Passwords
Death To PasswordsPayPal
1.8K views50 slides
Advanced Google Analytics with Andy Crestodina - Part 3 by
Advanced Google Analytics with Andy Crestodina - Part 3Advanced Google Analytics with Andy Crestodina - Part 3
Advanced Google Analytics with Andy Crestodina - Part 3Digital Megaphone
294 views159 slides
Death To Passwords by
Death To PasswordsDeath To Passwords
Death To PasswordsDroidConTLV
695 views63 slides
Death To Passwords Droid Edition by
Death To Passwords Droid EditionDeath To Passwords Droid Edition
Death To Passwords Droid EditionPayPal
2.1K views62 slides
Death To Passwords by
Death To PasswordsDeath To Passwords
Death To PasswordsTim Messerschmidt
1.4K views62 slides

Similar to Kill All Passwords(20)

Death To Passwords by PayPal
Death To PasswordsDeath To Passwords
Death To Passwords
PayPal1.8K views
Advanced Google Analytics with Andy Crestodina - Part 3 by Digital Megaphone
Advanced Google Analytics with Andy Crestodina - Part 3Advanced Google Analytics with Andy Crestodina - Part 3
Advanced Google Analytics with Andy Crestodina - Part 3
Digital Megaphone 294 views
Death To Passwords by DroidConTLV
Death To PasswordsDeath To Passwords
Death To Passwords
DroidConTLV695 views
Death To Passwords Droid Edition by PayPal
Death To Passwords Droid EditionDeath To Passwords Droid Edition
Death To Passwords Droid Edition
PayPal2.1K views
Michael Aagaard - You’re Making My Brain Hurt! The Psychology Behind Terrible... by Marketing Festival
Michael Aagaard - You’re Making My Brain Hurt! The Psychology Behind Terrible...Michael Aagaard - You’re Making My Brain Hurt! The Psychology Behind Terrible...
Michael Aagaard - You’re Making My Brain Hurt! The Psychology Behind Terrible...
Marketing Festival3.9K views
Ultimate Free Digital Marketing Toolkit #EdgeBristol 2012 by Steve Lock
Ultimate Free Digital Marketing Toolkit #EdgeBristol 2012Ultimate Free Digital Marketing Toolkit #EdgeBristol 2012
Ultimate Free Digital Marketing Toolkit #EdgeBristol 2012
Steve Lock710 views
Cyber Threats and Data Privacy in a Digital World by qubanewmedia
Cyber Threats and Data Privacy in a Digital WorldCyber Threats and Data Privacy in a Digital World
Cyber Threats and Data Privacy in a Digital World
qubanewmedia94 views
10 TRENDS IN STAFFING TECH — DON'T GET BLINDSIDED by Human Capital Media
10 TRENDS IN STAFFING TECH — DON'T GET BLINDSIDED10 TRENDS IN STAFFING TECH — DON'T GET BLINDSIDED
10 TRENDS IN STAFFING TECH — DON'T GET BLINDSIDED
IBM Skills - Practical & Digital Skills for the Future of Work by Dr. Melissa Sassi
IBM Skills - Practical & Digital Skills for the Future of WorkIBM Skills - Practical & Digital Skills for the Future of Work
IBM Skills - Practical & Digital Skills for the Future of Work
Dr. Melissa Sassi268 views
Online passwords – understanding "credential stuffing" cyberattack by OVHcloud
Online passwords – understanding "credential stuffing" cyberattackOnline passwords – understanding "credential stuffing" cyberattack
Online passwords – understanding "credential stuffing" cyberattack
OVHcloud306 views
Public Good App House: Volunteer Management Apps for Food Security Organizations by TechSoup
Public Good App House: Volunteer Management Apps for Food Security OrganizationsPublic Good App House: Volunteer Management Apps for Food Security Organizations
Public Good App House: Volunteer Management Apps for Food Security Organizations
TechSoup 427 views
Passwordless is Possible - How to Remove Passwords and Improve Security by SecureAuth
Passwordless is Possible - How to Remove Passwords and Improve Security Passwordless is Possible - How to Remove Passwords and Improve Security
Passwordless is Possible - How to Remove Passwords and Improve Security
SecureAuth366 views
How to trive as an early stage startup by using the right metrics by ➚ Mike van Hoenselaar
How to trive as an early stage startup by using the right metricsHow to trive as an early stage startup by using the right metrics
How to trive as an early stage startup by using the right metrics
Adversary Driven Defense in the Real World by James Wickett
Adversary Driven Defense in the Real WorldAdversary Driven Defense in the Real World
Adversary Driven Defense in the Real World
James Wickett695 views
Lessons From Spider Support by Oliver Brett
Lessons From Spider SupportLessons From Spider Support
Lessons From Spider Support
Oliver Brett20 views
Node.js Authentication and Data Security by Tim Messerschmidt
Node.js Authentication and Data SecurityNode.js Authentication and Data Security
Node.js Authentication and Data Security
Tim Messerschmidt5.6K views

More from Jonathan LeBlanc

JavaScript App Security: Auth and Identity on the Client by
JavaScript App Security: Auth and Identity on the ClientJavaScript App Security: Auth and Identity on the Client
JavaScript App Security: Auth and Identity on the ClientJonathan LeBlanc
639 views34 slides
Improving Developer Onboarding Through Intelligent Data Insights by
Improving Developer Onboarding Through Intelligent Data InsightsImproving Developer Onboarding Through Intelligent Data Insights
Improving Developer Onboarding Through Intelligent Data InsightsJonathan LeBlanc
347 views23 slides
Better Data with Machine Learning and Serverless by
Better Data with Machine Learning and ServerlessBetter Data with Machine Learning and Serverless
Better Data with Machine Learning and ServerlessJonathan LeBlanc
435 views28 slides
Best Practices for Application Development with Box by
Best Practices for Application Development with BoxBest Practices for Application Development with Box
Best Practices for Application Development with BoxJonathan LeBlanc
431 views42 slides
Box Platform Overview by
Box Platform OverviewBox Platform Overview
Box Platform OverviewJonathan LeBlanc
4.2K views96 slides
Box Platform Developer Workshop by
Box Platform Developer WorkshopBox Platform Developer Workshop
Box Platform Developer WorkshopJonathan LeBlanc
642 views96 slides

More from Jonathan LeBlanc(20)

JavaScript App Security: Auth and Identity on the Client by Jonathan LeBlanc
JavaScript App Security: Auth and Identity on the ClientJavaScript App Security: Auth and Identity on the Client
JavaScript App Security: Auth and Identity on the Client
Jonathan LeBlanc639 views
Improving Developer Onboarding Through Intelligent Data Insights by Jonathan LeBlanc
Improving Developer Onboarding Through Intelligent Data InsightsImproving Developer Onboarding Through Intelligent Data Insights
Improving Developer Onboarding Through Intelligent Data Insights
Jonathan LeBlanc347 views
Better Data with Machine Learning and Serverless by Jonathan LeBlanc
Better Data with Machine Learning and ServerlessBetter Data with Machine Learning and Serverless
Better Data with Machine Learning and Serverless
Jonathan LeBlanc435 views
Best Practices for Application Development with Box by Jonathan LeBlanc
Best Practices for Application Development with BoxBest Practices for Application Development with Box
Best Practices for Application Development with Box
Jonathan LeBlanc431 views
Modern Cloud Data Security Practices by Jonathan LeBlanc
Modern Cloud Data Security PracticesModern Cloud Data Security Practices
Modern Cloud Data Security Practices
Jonathan LeBlanc621 views
Understanding Box applications, tokens, and scoping by Jonathan LeBlanc
Understanding Box applications, tokens, and scopingUnderstanding Box applications, tokens, and scoping
Understanding Box applications, tokens, and scoping
Jonathan LeBlanc350 views
The Future of Online Money: Creating Secure Payments Globally by Jonathan LeBlanc
The Future of Online Money: Creating Secure Payments GloballyThe Future of Online Money: Creating Secure Payments Globally
The Future of Online Money: Creating Secure Payments Globally
Jonathan LeBlanc554 views
Modern API Security with JSON Web Tokens by Jonathan LeBlanc
Modern API Security with JSON Web TokensModern API Security with JSON Web Tokens
Modern API Security with JSON Web Tokens
Jonathan LeBlanc3.7K views
Creating an In-Aisle Purchasing System from Scratch by Jonathan LeBlanc
Creating an In-Aisle Purchasing System from ScratchCreating an In-Aisle Purchasing System from Scratch
Creating an In-Aisle Purchasing System from Scratch
Jonathan LeBlanc498 views
Secure Payments Over Mixed Communication Media by Jonathan LeBlanc
Secure Payments Over Mixed Communication MediaSecure Payments Over Mixed Communication Media
Secure Payments Over Mixed Communication Media
Jonathan LeBlanc678 views
Protecting the Future of Mobile Payments by Jonathan LeBlanc
Protecting the Future of Mobile PaymentsProtecting the Future of Mobile Payments
Protecting the Future of Mobile Payments
Jonathan LeBlanc1.8K views
Node.js Authentication and Data Security by Jonathan LeBlanc
Node.js Authentication and Data SecurityNode.js Authentication and Data Security
Node.js Authentication and Data Security
Jonathan LeBlanc2.9K views
PHP Identity and Data Security by Jonathan LeBlanc
PHP Identity and Data SecurityPHP Identity and Data Security
PHP Identity and Data Security
Jonathan LeBlanc32.5K views
Secure Payments Over Mixed Communication Media by Jonathan LeBlanc
Secure Payments Over Mixed Communication MediaSecure Payments Over Mixed Communication Media
Secure Payments Over Mixed Communication Media
Jonathan LeBlanc1.3K views

Recently uploaded

The Research Portal of Catalonia: Growing more (information) & more (services) by
The Research Portal of Catalonia: Growing more (information) & more (services)The Research Portal of Catalonia: Growing more (information) & more (services)
The Research Portal of Catalonia: Growing more (information) & more (services)CSUC - Consorci de Serveis Universitaris de Catalunya
115 views25 slides
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas... by
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...Bernd Ruecker
48 views69 slides
Zero to Automated in Under a Year by
Zero to Automated in Under a YearZero to Automated in Under a Year
Zero to Automated in Under a YearNetwork Automation Forum
22 views23 slides
Future of AR - Facebook Presentation by
Future of AR - Facebook PresentationFuture of AR - Facebook Presentation
Future of AR - Facebook PresentationRob McCarty
22 views27 slides
PharoJS - Zürich Smalltalk Group Meetup November 2023 by
PharoJS - Zürich Smalltalk Group Meetup November 2023PharoJS - Zürich Smalltalk Group Meetup November 2023
PharoJS - Zürich Smalltalk Group Meetup November 2023Noury Bouraqadi
139 views17 slides
PRODUCT PRESENTATION.pptx by
PRODUCT PRESENTATION.pptxPRODUCT PRESENTATION.pptx
PRODUCT PRESENTATION.pptxangelicacueva6
18 views1 slide

Recently uploaded(20)

iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas... by Bernd Ruecker
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...
Bernd Ruecker48 views
Future of AR - Facebook Presentation by Rob McCarty
Future of AR - Facebook PresentationFuture of AR - Facebook Presentation
Future of AR - Facebook Presentation
Rob McCarty22 views
PharoJS - Zürich Smalltalk Group Meetup November 2023 by Noury Bouraqadi
PharoJS - Zürich Smalltalk Group Meetup November 2023PharoJS - Zürich Smalltalk Group Meetup November 2023
PharoJS - Zürich Smalltalk Group Meetup November 2023
Noury Bouraqadi139 views
【USB韌體設計課程】精選講義節錄-USB的列舉過程_艾鍗學院 by IttrainingIttraining
【USB韌體設計課程】精選講義節錄-USB的列舉過程_艾鍗學院【USB韌體設計課程】精選講義節錄-USB的列舉過程_艾鍗學院
【USB韌體設計課程】精選講義節錄-USB的列舉過程_艾鍗學院
SAP Automation Using Bar Code and FIORI.pdf by Virendra Rai, PMP
SAP Automation Using Bar Code and FIORI.pdfSAP Automation Using Bar Code and FIORI.pdf
SAP Automation Using Bar Code and FIORI.pdf
Business Analyst Series 2023 - Week 3 Session 5 by DianaGray10
Business Analyst Series 2023 -  Week 3 Session 5Business Analyst Series 2023 -  Week 3 Session 5
Business Analyst Series 2023 - Week 3 Session 5
DianaGray10345 views
Five Things You SHOULD Know About Postman by Postman
Five Things You SHOULD Know About PostmanFive Things You SHOULD Know About Postman
Five Things You SHOULD Know About Postman
Postman38 views
ESPC 2023 - Protect and Govern your Sensitive Data with Microsoft Purview in ... by Jasper Oosterveld
ESPC 2023 - Protect and Govern your Sensitive Data with Microsoft Purview in ...ESPC 2023 - Protect and Govern your Sensitive Data with Microsoft Purview in ...
ESPC 2023 - Protect and Govern your Sensitive Data with Microsoft Purview in ...
"Surviving highload with Node.js", Andrii Shumada by Fwdays
"Surviving highload with Node.js", Andrii Shumada "Surviving highload with Node.js", Andrii Shumada
"Surviving highload with Node.js", Andrii Shumada
Fwdays33 views
Special_edition_innovator_2023.pdf by WillDavies22
Special_edition_innovator_2023.pdfSpecial_edition_innovator_2023.pdf
Special_edition_innovator_2023.pdf
WillDavies2218 views
HTTP headers that make your website go faster - devs.gent November 2023 by Thijs Feryn
HTTP headers that make your website go faster - devs.gent November 2023HTTP headers that make your website go faster - devs.gent November 2023
HTTP headers that make your website go faster - devs.gent November 2023
Thijs Feryn26 views
Webinar : Desperately Seeking Transformation - Part 2: Insights from leading... by The Digital Insurer
Webinar : Desperately Seeking Transformation - Part 2:  Insights from leading...Webinar : Desperately Seeking Transformation - Part 2:  Insights from leading...
Webinar : Desperately Seeking Transformation - Part 2: Insights from leading...
GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N... by James Anderson
GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N...GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N...
GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N...
James Anderson126 views

Kill All Passwords