Your SlideShare is downloading. ×

Kill All Passwords

Jonathan LeBlanc

•

Apr. 15, 2015

• •

Kill all Passwords
Jonathan LeBlanc (@jcleblanc)
Head of Global Developer
Advocacy at PayPal + Braintree

Why do we need this?
Passwords are awesome!
twitter: @jcleblanc | hashtag: #ConvergeSE

1.  123456
2.  password
3.  12345678
4.  qwerty
5.  abc123
6.  123456789
7.  111111
8.  1234567
9.  iloveyou
10. adobe123
...

Next SlideShares

Upcoming SlideShare

Mobile Authentication using Biometrics & Wearables

Mobile Authentication using Biometrics & Wearables

Loading in …3

×

Check these out next

SunshinePHP 2017: Tales From The Crypt - A Cryptography Primer

Securing Your BBC Identity

Marc Littlemore

Best Practices You Must Apply to Secure Your APIs - Scott Morrison, SVP & Dis...

CA API Management

Luis Grangeia IBWAS

Node.js interactive NA 2016: Tales From the Crypt

Kill All Passwords

Apr. 15, 2015

• •

Download to read offline

You have a solid security infrastructure, all user data is encrypted, your users are protected right? As long as passwords remain the standard methods for identifying your users on the web, people will still continue to use "letmein" or "password123" for their secure login, and will continue to be shocked when their accounts become compromised.

Passwords are not secure, they need to be replaced. In this talk we're going to explore the pitfalls of a system designed around a username and password, then dive into the ways that technology is giving us a slew of new ways to build a secure user identity system. From biometrics to wearables, hardware to tokens, we'll explore a multitude of ways that we can finally kill all passwords.

Jonathan LeBlanc

Director of Developer Advocacy

You have a solid security infrastructure, all user data is encrypted, your users are protected right? As long as passwords remain the standard methods for identifying your users on the web, people will still continue to use "letmein" or "password123" for their secure login, and will continue to be shocked when their accounts become compromised.

Passwords are not secure, they need to be replaced. In this talk we're going to explore the pitfalls of a system designed around a username and password, then dive into the ways that technology is giving us a slew of new ways to build a secure user identity system. From biometrics to wearables, hardware to tokens, we'll explore a multitude of ways that we can finally kill all passwords.

More Related Content

No Filter: The Inside Story of Instagram Sarah Frier

Autonomy: The Quest to Build the Driverless Car—And How It Will Reshape Our World Lawrence D. Burns

Bezonomics: How Amazon Is Changing Our Lives and What the World's Best Companies Are Learning from It Brian Dumaine

So You Want to Start a Podcast: Finding Your Voice, Telling Your Story, and Building a Community That Will Listen Kristen Meinzer

The Future Is Faster Than You Think: How Converging Technologies Are Transforming Business, Industries, and Our Lives Peter H. Diamandis

SAM: One Robot, a Dozen Engineers, and the Race to Revolutionize the Way We Build Jonathan Waldman

Everybody Lies: Big Data, New Data, and What the Internet Can Tell Us About Who We Really Are Seth Stephens-Davidowitz

Life After Google: The Fall of Big Data and the Rise of the Blockchain Economy George Gilder

Live Work Work Work Die: A Journey into the Savage Heart of Silicon Valley Corey Pein

Future Presence: How Virtual Reality Is Changing Human Connection, Intimacy, and the Limits of Ordinary Life Peter Rubin

Talk to Me: How Voice Computing Will Transform the Way We Live, Work, and Think James Vlahos

From Gutenberg to Google: The History of Our Future Tom Wheeler

On War: With linked Table of Contents Carl von Clausewitz

Wizard:: The Life and Times of Nikolas Tesla Marc Seifer

The Basics of Bitcoins and Blockchains: An Introduction to Cryptocurrencies and the Technology that Powers Them (Cryptography, Derivatives Investments, Futures Trading, Digital Assets, NFT) Antony Lewis

How to Lie with Maps, Third Edition Mark Monmonier

Spooked: The Trump Dossier, Black Cube, and the Rise of Private Spies Barry Meier

Second Nature: Scenes from a World Remade Nathaniel Rich

Test Gods: Virgin Galactic and the Making of a Modern Astronaut Nicholas Schmidle

A Brief History of Motion: From the Wheel, to the Car, to What Comes Next Tom Standage

The Metaverse: And How It Will Revolutionize Everything Matthew Ball

An Ugly Truth: Inside Facebook’s Battle for Domination Sheera Frenkel

The Wires of War: Technology and the Global Struggle for Power Jacob Helberg

System Error: Where Big Tech Went Wrong and How We Can Reboot Rob Reich

The Quiet Zone: Unraveling the Mystery of a Town Suspended in Silence Stephen Kurczy

The Science of Time Travel: The Secrets Behind Time Machines, Time Loops, Alternate Realities, and More! Elizabeth Howell

The Players Ball: A Genius, a Con Man, and the Secret History of the Internet's Rise David Kushner

Bitcoin Billionaires: A True Story of Genius, Betrayal, and Redemption Ben Mezrich

Driven: The Race to Create the Autonomous Car Alex Davies

Uncanny Valley: A Memoir Anna Wiener

Lean Out: The Truth About Women, Power, and the Workplace Marissa Orr

A World Without Work: Technology, Automation, and How We Should Respond Daniel Susskind

Kill All Passwords

Kill all Passwords Jonathan LeBlanc (@jcleblanc) Head of Global Developer Advocacy at PayPal + Braintree
Why do we need this? Passwords are awesome! twitter: @jcleblanc | hashtag: #ConvergeSE
1.  123456 2.  password 3.  12345678 4.  qwerty 5.  abc123 6.  123456789 7.  111111 8.  1234567 9.  iloveyou 10. adobe123 11. 123123 12. admin 13. 1234567890 14. letmein 15. photoshop 16. 1234 17. monkey 18. shadow 19. sunshine 20. 12345 Top Passwords of 2014 twitter: @jcleblanc | hashtag: #ConvergeSE
4.7% of users have the password password; 8.5% have the passwords password or 123456; 9.8% have the passwords password, 123456 or 12345678; 14% have a password from the top 10 passwords 40% have a password from the top 100 passwords 79% have a password from the top 500 passwords 91% have a password from the top 1000 passwords Poor Password Choices twitter: @jcleblanc | hashtag: #ConvergeSE
twitter: @jcleblanc | hashtag: #ConvergeSE The Weakest Link
The Key Issues twitter: @jcleblanc | hashtag: #ConvergeSE
People Forget Passwords
twitter: @jcleblanc | hashtag: #ConvergeSE Security over Usability
twitter: @jcleblanc | hashtag: #ConvergeSE Replacing the Concept of a Username and Password
Securing Current Methods twitter: @jcleblanc | hashtag: #ConvergeSE
Bad Security Algorithms MD5, SHA-1, SHA-2, SHA-3 twitter: @jcleblanc | hashtag: #ConvergeSE
Good Security Algorithms PBKDF2, BCRYPT, SCRYPT twitter: @jcleblanc | hashtag: #ConvergeSE
twitter: @jcleblanc | hashtag: #ConvergeSE Key Stretching
Scaling Authentication twitter: @jcleblanc | hashtag: #ConvergeSE
twitter: @jcleblanc | hashtag: #ConvergeSE Establishing Trust Zones
Location Awareness Habit Awareness Browser Uniqueness Device Fingerprinting There’s more to it twitter: @jcleblanc | hashtag: #ConvergeSE
twitter: @jcleblanc | hashtag: #ConvergeSE Variable Authentication
twitter: @jcleblanc | hashtag: #ConvergeSE Usability vs Security
Use Another Site Login Mixed OAuth 2 / OpenID Connect for auth Roll Your Own Username / Password Fingerprint Scanning State of Developer Auth twitter: @jcleblanc | hashtag: #ConvergeSE
twitter: @jcleblanc | hashtag: #ConvergeSE What Happened to OAuth 1.0a?
twitter: @jcleblanc | hashtag: #ConvergeSE Security Concerns with OAuth 2 / OpenID Connect
Identity Biometrics twitter: @jcleblanc | hashtag: #ConvergeSE
False negative: Valid user can’t log in False positive: Invalid user can log in False Positive / Negative Rates twitter: @jcleblanc | hashtag: #ConvergeSE
The FIDO Alliance http://fidoalliance.org/ twitter: @jcleblanc | hashtag: #ConvergeSE
twitter: @jcleblanc | hashtag: #ConvergeSE The Future of Secure Identity & Data Encryption
Thank You! slideshare.net/jcleblanc Jonathan LeBlanc (@jcleblanc) Head of Global Developer Advocacy at PayPal + Braintree