Kill All Passwords

Jonathan LeBlanc
Jonathan LeBlancDirector of Developer Advocacy at Box
Kill all Passwords Jonathan LeBlanc (@jcleblanc) Head of Global Developer Advocacy at PayPal + Braintree
Why do we need this? Passwords are awesome! twitter: @jcleblanc | hashtag: #ConvergeSE
1.  123456 2.  password 3.  12345678 4.  qwerty 5.  abc123 6.  123456789 7.  111111 8.  1234567 9.  iloveyou 10. adobe123 11. 123123 12. admin 13. 1234567890 14. letmein 15. photoshop 16. 1234 17. monkey 18. shadow 19. sunshine 20. 12345 Top Passwords of 2014 twitter: @jcleblanc | hashtag: #ConvergeSE
4.7% of users have the password password; 8.5% have the passwords password or 123456; 9.8% have the passwords password, 123456 or 12345678; 14% have a password from the top 10 passwords 40% have a password from the top 100 passwords 79% have a password from the top 500 passwords 91% have a password from the top 1000 passwords Poor Password Choices twitter: @jcleblanc | hashtag: #ConvergeSE
twitter: @jcleblanc | hashtag: #ConvergeSE The Weakest Link
The Key Issues twitter: @jcleblanc | hashtag: #ConvergeSE
People Forget Passwords
twitter: @jcleblanc | hashtag: #ConvergeSE Security over Usability
twitter: @jcleblanc | hashtag: #ConvergeSE Replacing the Concept of a Username and Password
Securing Current Methods twitter: @jcleblanc | hashtag: #ConvergeSE
Bad Security Algorithms MD5, SHA-1, SHA-2, SHA-3 twitter: @jcleblanc | hashtag: #ConvergeSE
Good Security Algorithms PBKDF2, BCRYPT, SCRYPT twitter: @jcleblanc | hashtag: #ConvergeSE
twitter: @jcleblanc | hashtag: #ConvergeSE Key Stretching
Scaling Authentication twitter: @jcleblanc | hashtag: #ConvergeSE
twitter: @jcleblanc | hashtag: #ConvergeSE Establishing Trust Zones
Location Awareness Habit Awareness Browser Uniqueness Device Fingerprinting There’s more to it twitter: @jcleblanc | hashtag: #ConvergeSE
twitter: @jcleblanc | hashtag: #ConvergeSE Variable Authentication
twitter: @jcleblanc | hashtag: #ConvergeSE Usability vs Security
Use Another Site Login Mixed OAuth 2 / OpenID Connect for auth Roll Your Own Username / Password Fingerprint Scanning State of Developer Auth twitter: @jcleblanc | hashtag: #ConvergeSE
twitter: @jcleblanc | hashtag: #ConvergeSE What Happened to OAuth 1.0a?
twitter: @jcleblanc | hashtag: #ConvergeSE Security Concerns with OAuth 2 / OpenID Connect
Identity Biometrics twitter: @jcleblanc | hashtag: #ConvergeSE
False negative: Valid user can’t log in False positive: Invalid user can log in False Positive / Negative Rates twitter: @jcleblanc | hashtag: #ConvergeSE
The FIDO Alliance http://fidoalliance.org/ twitter: @jcleblanc | hashtag: #ConvergeSE
twitter: @jcleblanc | hashtag: #ConvergeSE The Future of Secure Identity & Data Encryption
Thank You! slideshare.net/jcleblanc Jonathan LeBlanc (@jcleblanc) Head of Global Developer Advocacy at PayPal + Braintree
1 of 26

Kill All Passwords

Download to read offline
Technology

You have a solid security infrastructure, all user data is encrypted, your users are protected right? As long as passwords remain the standard methods for identifying your users on the web, people will still continue to use "letmein" or "password123" for their secure login, and will continue to be shocked when their accounts become compromised. Passwords are not secure, they need to be replaced. In this talk we're going to explore the pitfalls of a system designed around a username and password, then dive into the ways that technology is giving us a slew of new ways to build a secure user identity system. From biometrics to wearables, hardware to tokens, we'll explore a multitude of ways that we can finally kill all passwords.

Jonathan LeBlanc
Jonathan LeBlancDirector of Developer Advocacy at Box

Recommended

Mobile Authentication using Biometrics & Wearables by
Mobile Authentication using Biometrics & WearablesMobile Authentication using Biometrics & Wearables
Mobile Authentication using Biometrics & WearablesJonathan LeBlanc
1.8K views38 slides
Protecting the Future of Mobile Payments by
Protecting the Future of Mobile PaymentsProtecting the Future of Mobile Payments
Protecting the Future of Mobile PaymentsJonathan LeBlanc
10.8K views26 slides
Building a Mobile Location Aware System with Beacons by
Building a Mobile Location Aware System with BeaconsBuilding a Mobile Location Aware System with Beacons
Building a Mobile Location Aware System with BeaconsJonathan LeBlanc
3.1K views32 slides
Future of Identity, Data, and Wearable Security by
Future of Identity, Data, and Wearable SecurityFuture of Identity, Data, and Wearable Security
Future of Identity, Data, and Wearable SecurityJonathan LeBlanc
1.4K views20 slides
Internet Security and Trends by
Internet Security and TrendsInternet Security and Trends
Internet Security and TrendsJonathan LeBlanc
2.8K views14 slides
Webinar: eCommerce Compliance - PCI meets GDPR by
Webinar: eCommerce Compliance - PCI meets GDPRWebinar: eCommerce Compliance - PCI meets GDPR
Webinar: eCommerce Compliance - PCI meets GDPRSucuri
643 views22 slides

More Related Content

Similar to Kill All Passwords

Death to Passwords by
Death to Passwords Death to Passwords
Death to Passwords Cristiano Betta
2.6K views88 slides
Death To Passwords by
Death To PasswordsDeath To Passwords
Death To PasswordsPayPal
1.8K views50 slides
Advanced Google Analytics with Andy Crestodina - Part 3 by
Advanced Google Analytics with Andy Crestodina - Part 3Advanced Google Analytics with Andy Crestodina - Part 3
Advanced Google Analytics with Andy Crestodina - Part 3Digital Megaphone
294 views159 slides
Death To Passwords by
Death To PasswordsDeath To Passwords
Death To PasswordsDroidConTLV
695 views63 slides
Death To Passwords Droid Edition by
Death To Passwords Droid EditionDeath To Passwords Droid Edition
Death To Passwords Droid EditionPayPal
2.1K views62 slides
Death To Passwords by
Death To PasswordsDeath To Passwords
Death To PasswordsTim Messerschmidt
1.4K views62 slides

Similar to Kill All Passwords(20)

Death to Passwords by Cristiano Betta
Death to Passwords Death to Passwords
Death to Passwords
Cristiano Betta2.6K views
Death To Passwords by PayPal
Death To PasswordsDeath To Passwords
Death To Passwords
PayPal1.8K views
Advanced Google Analytics with Andy Crestodina - Part 3 by Digital Megaphone
Advanced Google Analytics with Andy Crestodina - Part 3Advanced Google Analytics with Andy Crestodina - Part 3
Advanced Google Analytics with Andy Crestodina - Part 3
Digital Megaphone 294 views
Death To Passwords by DroidConTLV
Death To PasswordsDeath To Passwords
Death To Passwords
DroidConTLV695 views
Death To Passwords Droid Edition by PayPal
Death To Passwords Droid EditionDeath To Passwords Droid Edition
Death To Passwords Droid Edition
PayPal2.1K views
Death To Passwords by Tim Messerschmidt
Death To PasswordsDeath To Passwords
Death To Passwords
Tim Messerschmidt1.4K views
Michael Aagaard - You’re Making My Brain Hurt! The Psychology Behind Terrible... by Marketing Festival
Michael Aagaard - You’re Making My Brain Hurt! The Psychology Behind Terrible...Michael Aagaard - You’re Making My Brain Hurt! The Psychology Behind Terrible...
Michael Aagaard - You’re Making My Brain Hurt! The Psychology Behind Terrible...
Marketing Festival3.9K views
Ultimate Free Digital Marketing Toolkit #EdgeBristol 2012 by Steve Lock
Ultimate Free Digital Marketing Toolkit #EdgeBristol 2012Ultimate Free Digital Marketing Toolkit #EdgeBristol 2012
Ultimate Free Digital Marketing Toolkit #EdgeBristol 2012
Steve Lock710 views
Cyber Threats and Data Privacy in a Digital World by qubanewmedia
Cyber Threats and Data Privacy in a Digital WorldCyber Threats and Data Privacy in a Digital World
Cyber Threats and Data Privacy in a Digital World
qubanewmedia94 views
10 TRENDS IN STAFFING TECH — DON'T GET BLINDSIDED by Human Capital Media
10 TRENDS IN STAFFING TECH — DON'T GET BLINDSIDED10 TRENDS IN STAFFING TECH — DON'T GET BLINDSIDED
10 TRENDS IN STAFFING TECH — DON'T GET BLINDSIDED
Human Capital Media134 views
IBM Skills - Practical & Digital Skills for the Future of Work by Dr. Melissa Sassi
IBM Skills - Practical & Digital Skills for the Future of WorkIBM Skills - Practical & Digital Skills for the Future of Work
IBM Skills - Practical & Digital Skills for the Future of Work
Dr. Melissa Sassi268 views
Eraswap and Blocklogy by ManasNanivadekar
Eraswap and BlocklogyEraswap and Blocklogy
Eraswap and Blocklogy
ManasNanivadekar71 views
Online passwords – understanding "credential stuffing" cyberattack by OVHcloud
Online passwords – understanding "credential stuffing" cyberattackOnline passwords – understanding "credential stuffing" cyberattack
Online passwords – understanding "credential stuffing" cyberattack
OVHcloud306 views
Rip DevOps by Ryan Lockard
Rip DevOpsRip DevOps
Rip DevOps
Ryan Lockard192 views
Public Good App House: Volunteer Management Apps for Food Security Organizations by TechSoup
Public Good App House: Volunteer Management Apps for Food Security OrganizationsPublic Good App House: Volunteer Management Apps for Food Security Organizations
Public Good App House: Volunteer Management Apps for Food Security Organizations
TechSoup 427 views
Passwordless is Possible - How to Remove Passwords and Improve Security by SecureAuth
Passwordless is Possible - How to Remove Passwords and Improve Security Passwordless is Possible - How to Remove Passwords and Improve Security
Passwordless is Possible - How to Remove Passwords and Improve Security
SecureAuth366 views
How to trive as an early stage startup by using the right metrics by ➚ Mike van Hoenselaar
How to trive as an early stage startup by using the right metricsHow to trive as an early stage startup by using the right metrics
How to trive as an early stage startup by using the right metrics
➚ Mike van Hoenselaar1.1K views
Adversary Driven Defense in the Real World by James Wickett
Adversary Driven Defense in the Real WorldAdversary Driven Defense in the Real World
Adversary Driven Defense in the Real World
James Wickett695 views
Lessons From Spider Support by Oliver Brett
Lessons From Spider SupportLessons From Spider Support
Lessons From Spider Support
Oliver Brett20 views
Node.js Authentication and Data Security by Tim Messerschmidt
Node.js Authentication and Data SecurityNode.js Authentication and Data Security
Node.js Authentication and Data Security
Tim Messerschmidt5.6K views

More from Jonathan LeBlanc

JavaScript App Security: Auth and Identity on the Client by
JavaScript App Security: Auth and Identity on the ClientJavaScript App Security: Auth and Identity on the Client
JavaScript App Security: Auth and Identity on the ClientJonathan LeBlanc
639 views34 slides
Improving Developer Onboarding Through Intelligent Data Insights by
Improving Developer Onboarding Through Intelligent Data InsightsImproving Developer Onboarding Through Intelligent Data Insights
Improving Developer Onboarding Through Intelligent Data InsightsJonathan LeBlanc
347 views23 slides
Better Data with Machine Learning and Serverless by
Better Data with Machine Learning and ServerlessBetter Data with Machine Learning and Serverless
Better Data with Machine Learning and ServerlessJonathan LeBlanc
435 views28 slides
Best Practices for Application Development with Box by
Best Practices for Application Development with BoxBest Practices for Application Development with Box
Best Practices for Application Development with BoxJonathan LeBlanc
431 views42 slides
Box Platform Overview by
Box Platform OverviewBox Platform Overview
Box Platform OverviewJonathan LeBlanc
4.2K views96 slides
Box Platform Developer Workshop by
Box Platform Developer WorkshopBox Platform Developer Workshop
Box Platform Developer WorkshopJonathan LeBlanc
642 views96 slides

More from Jonathan LeBlanc(20)

JavaScript App Security: Auth and Identity on the Client by Jonathan LeBlanc
JavaScript App Security: Auth and Identity on the ClientJavaScript App Security: Auth and Identity on the Client
JavaScript App Security: Auth and Identity on the Client
Jonathan LeBlanc639 views
Improving Developer Onboarding Through Intelligent Data Insights by Jonathan LeBlanc
Improving Developer Onboarding Through Intelligent Data InsightsImproving Developer Onboarding Through Intelligent Data Insights
Improving Developer Onboarding Through Intelligent Data Insights
Jonathan LeBlanc347 views
Better Data with Machine Learning and Serverless by Jonathan LeBlanc
Better Data with Machine Learning and ServerlessBetter Data with Machine Learning and Serverless
Better Data with Machine Learning and Serverless
Jonathan LeBlanc435 views
Best Practices for Application Development with Box by Jonathan LeBlanc
Best Practices for Application Development with BoxBest Practices for Application Development with Box
Best Practices for Application Development with Box
Jonathan LeBlanc431 views
Box Platform Overview by Jonathan LeBlanc
Box Platform OverviewBox Platform Overview
Box Platform Overview
Jonathan LeBlanc4.2K views
Box Platform Developer Workshop by Jonathan LeBlanc
Box Platform Developer WorkshopBox Platform Developer Workshop
Box Platform Developer Workshop
Jonathan LeBlanc642 views
Modern Cloud Data Security Practices by Jonathan LeBlanc
Modern Cloud Data Security PracticesModern Cloud Data Security Practices
Modern Cloud Data Security Practices
Jonathan LeBlanc621 views
Box Authentication Types by Jonathan LeBlanc
Box Authentication TypesBox Authentication Types
Box Authentication Types
Jonathan LeBlanc1.2K views
Understanding Box UI Elements by Jonathan LeBlanc
Understanding Box UI ElementsUnderstanding Box UI Elements
Understanding Box UI Elements
Jonathan LeBlanc1.3K views
Understanding Box applications, tokens, and scoping by Jonathan LeBlanc
Understanding Box applications, tokens, and scopingUnderstanding Box applications, tokens, and scoping
Understanding Box applications, tokens, and scoping
Jonathan LeBlanc350 views
The Future of Online Money: Creating Secure Payments Globally by Jonathan LeBlanc
The Future of Online Money: Creating Secure Payments GloballyThe Future of Online Money: Creating Secure Payments Globally
The Future of Online Money: Creating Secure Payments Globally
Jonathan LeBlanc554 views
Modern API Security with JSON Web Tokens by Jonathan LeBlanc
Modern API Security with JSON Web TokensModern API Security with JSON Web Tokens
Modern API Security with JSON Web Tokens
Jonathan LeBlanc3.7K views
Creating an In-Aisle Purchasing System from Scratch by Jonathan LeBlanc
Creating an In-Aisle Purchasing System from ScratchCreating an In-Aisle Purchasing System from Scratch
Creating an In-Aisle Purchasing System from Scratch
Jonathan LeBlanc498 views
Secure Payments Over Mixed Communication Media by Jonathan LeBlanc
Secure Payments Over Mixed Communication MediaSecure Payments Over Mixed Communication Media
Secure Payments Over Mixed Communication Media
Jonathan LeBlanc678 views
Protecting the Future of Mobile Payments by Jonathan LeBlanc
Protecting the Future of Mobile PaymentsProtecting the Future of Mobile Payments
Protecting the Future of Mobile Payments
Jonathan LeBlanc1.8K views
Node.js Authentication and Data Security by Jonathan LeBlanc
Node.js Authentication and Data SecurityNode.js Authentication and Data Security
Node.js Authentication and Data Security
Jonathan LeBlanc2.9K views
PHP Identity and Data Security by Jonathan LeBlanc
PHP Identity and Data SecurityPHP Identity and Data Security
PHP Identity and Data Security
Jonathan LeBlanc32.5K views
Secure Payments Over Mixed Communication Media by Jonathan LeBlanc
Secure Payments Over Mixed Communication MediaSecure Payments Over Mixed Communication Media
Secure Payments Over Mixed Communication Media
Jonathan LeBlanc1.3K views
BattleHack Los Angeles by Jonathan LeBlanc
BattleHack Los Angeles BattleHack Los Angeles
BattleHack Los Angeles
Jonathan LeBlanc1.3K views
Rebuilding Commerce by Jonathan LeBlanc
Rebuilding CommerceRebuilding Commerce
Rebuilding Commerce
Jonathan LeBlanc6.7K views

Recently uploaded

The Research Portal of Catalonia: Growing more (information) & more (services) by
The Research Portal of Catalonia: Growing more (information) & more (services)The Research Portal of Catalonia: Growing more (information) & more (services)
The Research Portal of Catalonia: Growing more (information) & more (services)CSUC - Consorci de Serveis Universitaris de Catalunya
115 views25 slides
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas... by
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...Bernd Ruecker
48 views69 slides
Zero to Automated in Under a Year by
Zero to Automated in Under a YearZero to Automated in Under a Year
Zero to Automated in Under a YearNetwork Automation Forum
22 views23 slides
Future of AR - Facebook Presentation by
Future of AR - Facebook PresentationFuture of AR - Facebook Presentation
Future of AR - Facebook PresentationRob McCarty
22 views27 slides
PharoJS - Zürich Smalltalk Group Meetup November 2023 by
PharoJS - Zürich Smalltalk Group Meetup November 2023PharoJS - Zürich Smalltalk Group Meetup November 2023
PharoJS - Zürich Smalltalk Group Meetup November 2023Noury Bouraqadi
139 views17 slides
PRODUCT PRESENTATION.pptx by
PRODUCT PRESENTATION.pptxPRODUCT PRESENTATION.pptx
PRODUCT PRESENTATION.pptxangelicacueva6
18 views1 slide

Recently uploaded(20)

The Research Portal of Catalonia: Growing more (information) & more (services) by CSUC - Consorci de Serveis Universitaris de Catalunya
The Research Portal of Catalonia: Growing more (information) & more (services)The Research Portal of Catalonia: Growing more (information) & more (services)
The Research Portal of Catalonia: Growing more (information) & more (services)
CSUC - Consorci de Serveis Universitaris de Catalunya115 views
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas... by Bernd Ruecker
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...
iSAQB Software Architecture Gathering 2023: How Process Orchestration Increas...
Bernd Ruecker48 views
Zero to Automated in Under a Year by Network Automation Forum
Zero to Automated in Under a YearZero to Automated in Under a Year
Zero to Automated in Under a Year
Network Automation Forum22 views
Future of AR - Facebook Presentation by Rob McCarty
Future of AR - Facebook PresentationFuture of AR - Facebook Presentation
Future of AR - Facebook Presentation
Rob McCarty22 views
PharoJS - Zürich Smalltalk Group Meetup November 2023 by Noury Bouraqadi
PharoJS - Zürich Smalltalk Group Meetup November 2023PharoJS - Zürich Smalltalk Group Meetup November 2023
PharoJS - Zürich Smalltalk Group Meetup November 2023
Noury Bouraqadi139 views
PRODUCT PRESENTATION.pptx by angelicacueva6
PRODUCT PRESENTATION.pptxPRODUCT PRESENTATION.pptx
PRODUCT PRESENTATION.pptx
angelicacueva618 views
【USB韌體設計課程】精選講義節錄-USB的列舉過程_艾鍗學院 by IttrainingIttraining
【USB韌體設計課程】精選講義節錄-USB的列舉過程_艾鍗學院【USB韌體設計課程】精選講義節錄-USB的列舉過程_艾鍗學院
【USB韌體設計課程】精選講義節錄-USB的列舉過程_艾鍗學院
IttrainingIttraining69 views
SAP Automation Using Bar Code and FIORI.pdf by Virendra Rai, PMP
SAP Automation Using Bar Code and FIORI.pdfSAP Automation Using Bar Code and FIORI.pdf
SAP Automation Using Bar Code and FIORI.pdf
Virendra Rai, PMP25 views
Melek BEN MAHMOUD.pdf by MelekBenMahmoud
Melek BEN MAHMOUD.pdfMelek BEN MAHMOUD.pdf
Melek BEN MAHMOUD.pdf
MelekBenMahmoud17 views
Business Analyst Series 2023 - Week 3 Session 5 by DianaGray10
Business Analyst Series 2023 - Week 3 Session 5Business Analyst Series 2023 - Week 3 Session 5
Business Analyst Series 2023 - Week 3 Session 5
DianaGray10345 views
Five Things You SHOULD Know About Postman by Postman
Five Things You SHOULD Know About PostmanFive Things You SHOULD Know About Postman
Five Things You SHOULD Know About Postman
Postman38 views
ESPC 2023 - Protect and Govern your Sensitive Data with Microsoft Purview in ... by Jasper Oosterveld
ESPC 2023 - Protect and Govern your Sensitive Data with Microsoft Purview in ...ESPC 2023 - Protect and Govern your Sensitive Data with Microsoft Purview in ...
ESPC 2023 - Protect and Govern your Sensitive Data with Microsoft Purview in ...
Jasper Oosterveld27 views
"Surviving highload with Node.js", Andrii Shumada by Fwdays
"Surviving highload with Node.js", Andrii Shumada "Surviving highload with Node.js", Andrii Shumada
"Surviving highload with Node.js", Andrii Shumada
Fwdays33 views
Microsoft Power Platform.pptx by Uni Systems S.M.S.A.
Microsoft Power Platform.pptxMicrosoft Power Platform.pptx
Microsoft Power Platform.pptx
Uni Systems S.M.S.A.61 views
Special_edition_innovator_2023.pdf by WillDavies22
Special_edition_innovator_2023.pdfSpecial_edition_innovator_2023.pdf
Special_edition_innovator_2023.pdf
WillDavies2218 views
MVP and prioritization.pdf by rahuldharwal141
MVP and prioritization.pdfMVP and prioritization.pdf
MVP and prioritization.pdf
rahuldharwal14137 views
Uni Systems for Power Platform.pptx by Uni Systems S.M.S.A.
Uni Systems for Power Platform.pptxUni Systems for Power Platform.pptx
Uni Systems for Power Platform.pptx
Uni Systems S.M.S.A.58 views
HTTP headers that make your website go faster - devs.gent November 2023 by Thijs Feryn
HTTP headers that make your website go faster - devs.gent November 2023HTTP headers that make your website go faster - devs.gent November 2023
HTTP headers that make your website go faster - devs.gent November 2023
Thijs Feryn26 views
Webinar : Desperately Seeking Transformation - Part 2: Insights from leading... by The Digital Insurer
Webinar : Desperately Seeking Transformation - Part 2: Insights from leading...Webinar : Desperately Seeking Transformation - Part 2: Insights from leading...
Webinar : Desperately Seeking Transformation - Part 2: Insights from leading...
The Digital Insurer24 views
GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N... by James Anderson
GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N...GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N...
GDG Cloud Southlake 28 Brad Taylor and Shawn Augenstein Old Problems in the N...
James Anderson126 views

Kill All Passwords