Death to Passwords

•

8 likes•2,598 views

The document discusses the problems with passwords and advocates for moving away from password-based authentication. It notes that passwords are often weak and vulnerable to leaks. Alternative authentication methods are proposed, such as multifactor authentication using something a user has (possession factor) in addition to something they know (knowledge factor). New technologies like wearables may also enable novel authentication approaches.

Technology

Death to Passwords
Cristiano Betta
Developer Advocate

Death to Passwords
Cristiano Betta
Developer Advocate
@cbetta | @braintree_dev

WHERE I LIVE
Braintree_Dev. @cbetta | @braintree_dev

WHERE I USED TO LIVE
Braintree_Dev. @cbetta | @braintree_dev

That’s me
Braintree_Dev. @cbetta | @braintree_dev

>Death to Passwords_
Braintree_Dev. @cbetta | @braintree_dev

>The 3 key problems_
Braintree_Dev. @cbetta | @braintree_dev

The top 1000 most used
passwords of 2012
wiki.skullsecurity.org/Passwords
Braintree_Dev. @cbetta | @braintree_dev

The top 1000 most leaked
passwords of 2012
wiki.skullsecurity.org/Passwords
Braintree_Dev. @cbetta | @braintree_dev

4.7% OF ALL LEAKED PASSWORDS ARE
Braintree_Dev. @cbetta | @braintree_dev

4.7% OF ALL LEAKED PASSWORDS ARE
PASSWORD
Braintree_Dev. @cbetta | @braintree_dev

8.5% OF ALL LEAKED PASSWORDS ARE
Braintree_Dev. @cbetta | @braintree_dev

8.5% OF ALL LEAKED PASSWORDS ARE
PASSWORD or 123456
Braintree_Dev. @cbetta | @braintree_dev

4.7% OF ALL LEAKED PASSWORDS ARE
PASSWORD or 123456 or 12345678
Braintree_Dev. @cbetta | @braintree_dev

... and it doesn’t even stop there
14% have a password from the top 10
40% have a password from the top 100
79% have a password from the top 500
91% have a password from the top 1000
Braintree_Dev. @cbetta | @braintree_dev

Braintree_Dev. @cbettaab s|t r@ubsergaoiosnet.rceome/_2d96ev

A brief analysis of the
situation in 2013
cbsn.ws/1siTPGH
Braintree_Dev. @cbetta | @braintree_dev

1. 123456
2. password
3. 12345678
4. qwerty
5. abc123
6. 123456789
7. 111111
8. 1234567
9. iloveyou
10. adobe123
11. 123123
12. admin
13. 1234567890
14. letmein
15. photoshop
16. 1234
17. monkey
18. shadow
19. sunshine
20. 12345
Braintree_Dev. @cbetta | @braintree_dev

1. 123456 up 1
2. password down 1
3. 12345678
4. qwerty up 1
5. abc123 down 1
6. 123456789 new
7. 111111 up 2
8. 1234567 up 5
9. iloveyou up 2
10. adobe123 new
11. 123123 up 5
12. admin new
13. 1234567890 new
14. letmein down 7
15. photoshop new
16. 1234 new
17. monkey down 11
18. shadow
19. sunshine down 5
20. 12345 new
Braintree_Dev. @cbetta | @braintree_dev

11. 123123 up 5
12. admin new
13. 1234567890 new
14. letmein down 7
15. photoshop new
16. 1234 new
17. monkey down 11
18. shadow
19. sunshine down 5
20. 12345 new
1. 123456 up 1
2. password down 1
3. 12345678
4. qwerty up 1
5. abc123 down 1
6. 123456789 new
7. 111111 up 2
8. 1234567 up 5
9. iloveyou up 2
10. adobe123 new
Braintree_Dev. @cbetta | @braintree_dev

“FAVOR SECURITY TOO MUCH OVER THE
EXPERIENCE AND YOU’LL MAKE THE
WEBSITE A PAIN TO USE.”
smashingmagazine.com
/2012/10/26/password-masking-hurt-signup-form
Braintree_Dev. @cbetta | @braintree_dev

vs
Braintree_Dev. @cbetta | @braintree_dev

People forget passwords…
45% admit to leaving a website instead of re-setting
their password or answering security
questions
- Blue Inc. 2011
Braintree_Dev. @SeraAndroid / @PayPalDev

Let’s admit it...
Passwords really suck!
Braintree_Dev. @cbetta | @braintree_dev

People hate to register
Out of 657 surveyed users 66% think that
social sign-in is a desirable alternative.
- Blue Inc. 2011
Braintree_Dev. @SeraAndroid / @PayPalDev

Let’s admit it...
Passwords really, really suck!
Braintree_Dev. @cbetta | @braintree_dev

“Braintree Says Goodbye to
Passwords With One Touch
Payments for PayPal and Venmo,
and Hello to Bitcoin”
braintreepayments.com
/blog/goodbye-passwords-one-touch-hello-bitcoin
Braintree_Dev. @cbetta | @braintree_dev

Merchant app
PayPal app
Merchant app

Braintree_Dev. @cbetta | @braintree_dev

> Continue? (Y/n) _
Braintree_Dev. @cbetta | @braintree_dev

Multi-Factor Authentication
en.wikipedia.org
/wiki/Multi-factor_authentication
Braintree_Dev. @cbetta | @braintree_dev

KNOWLEDGE FACTOR
Braintree_Dev. @cbetta | @braintree_dev

INHERENCE FACTOR
Braintree_Dev. @cbetta | @braintree_dev

POSSESSION FACTOR
Braintree_Dev. @cbetta | @braintree_dev

2-Factor Authentication
twofactorauth.org
Braintree_Dev. @cbetta | @braintree_dev

twofactorauth.org
Braintree_Dev. @cbetta | @braintree_dev

Passwordless Authentication
medium.com
/@ninjudd/passwords-are-obsolete-9ed56d483eb
Braintree_Dev. @cbetta | @braintree_dev

> Exit? (Y/n) _
Braintree_Dev. @cbetta | @braintree_dev

Authorization &
Authentication
stackoverflow.com
/questions/6367865/is-there-a-difference-between-
authentication-and-authorization
Braintree_Dev. @cbetta | @braintree_dev

Google Facebook Twitter
Braintree_Dev. @cbetta | @braintree_dev

• Passwords are awesome
Braintree_Dev. @cbetta | @braintree_dev

• Passwords are awesome
• But people+passwords suck
Braintree_Dev. @cbetta | @braintree_dev

• Passwords are awesome
• But people+passwords suck
• We need something you have, know
and/or are
Braintree_Dev. @cbetta | @braintree_dev

• Passwords are awesome
• But people+passwords suck
• We need something you have, know
and/or are
• Wearable tech opens up a new
world of possibilities
Braintree_Dev. @cbetta | @braintree_dev

• Passwords are awesome
• But people+passwords suck
• We need something you have, know
and/or are
• Wearable tech opens up a new
world of possibilities
• Don’t re-invent the wheel
Braintree_Dev. @cbetta | @braintree_dev

THANK YOU
Cristiano Betta
Developer Advocate
braintreepayments.com
cbetta@braintreepayments.com
@cbetta | @braintree_dev

Deploying your application whenever you want is easy. Everyone does it nowadays. And that works great when you have a small group of people responsible for an application. But what if you have several teams working on the same application? What if you have almost 80 people committing more than 30 times a day? Can you face the challenge of deploying that application as often as you wish and succeed in keeping it stable? In this talk Mike will explore the journey from a conservative four week release cycle to full autonomy. What are the challenges you will face, how to tackled them and why this brings you closer to the clouds.

Tom Capper Mozcon 2021 - Core Web Vitals - The Fast & The Spurious

Tom Capper

We love seo 2019 - Tom Capper

Tom Capper

Automate, Create Tools, & Test Ideas Quickly with Google Apps Script

Catalyst

TechSEO Boost 2019: Research Competition

Catalyst

Organic Click Through Rate Optimisation Tactics - MKGO - June 2018

Stacey MacNaught

TechSEO Boost: Machine Learning for SEOs

Catalyst

People generally react to machine learning in one of two ways: either with a combination of fascination and terror brought on by the possibilities that lie ahead, or with looks of utter confusion and slight embarrassment at not really knowing much about it. With the advent of RankBrain, not even higher-ups at Google can tell us exactly how some things rank above others, and the impact of machine learning on SEO is only going to increase from here. Fear not: Moz's own senior SEO scientist, Britney Muller, will talk you through what you need to know.

Project Peace of Mind

Rob Keefer

For years we’ve heard the news that SEO is dead, links are dead. Now we hear that Google would magically “figure it all out”. But links are more powerful than ever. With many people shying away, not wanting to take any risks and thereby leaving all the money on the table – for YOU. Learn what’s working and what’s not working in links for SEO in 2018 and beyond. Learn why Link Audits and the Disavow file is still so important, especially in gaming and what kind of links work and where and how you’d better be careful. Key areas covered in this session: Should we still use the disavow tool? Are link audits still important? Are links still important? How can redirects impact my rankings? Should we still build links?

"What?", "So what?", "NOW WHAT?" How to influence people and accomplish change

Larry Maccherone

The evening before the space shuttle Challenger explosion, scientists at NASA caught what they thought was a potentially catastrophic risk with the o-rings considering the unusually cold temperature expected for the morning’s launch. They brought the issue to management attention but failed to influence the final decision enough to stop the launch. Your failure to influence may not cost lives but it could be “catastrophic” for your business. This talk presents my top tips for using data to influence others toward better decisions. Learning outcomes: - The do's and don'ts of visualization - How others lie with data - What makes an effective dashboard - How to communicate uncertainty

Searchmetrics - NOAH13 London

NOAH Advisors

Low Budget Link Building Tactics - Stacey MacNaught - Digital Olympus

Stacey MacNaught

The Role of Social in Search - SAScon 2013

Steve Lock

What Fantasy Football Taught Me About Building Nuanced SEO Reports

Owain Lloyd-Williams

Universal Google Analytics: Event Tracking

Vlad Mysla

How to have less rubbish ideas #brightonseo

Kelvin Newman

The Trope Factory #SearchLeeds - Why your content should be less original

Kelvin Newman

Kill All Passwords

Jonathan LeBlanc

You have a solid security infrastructure, all user data is encrypted, your users are protected right? As long as passwords remain the standard methods for identifying your users on the web, people will still continue to use "letmein" or "password123" for their secure login, and will continue to be shocked when their accounts become compromised. Passwords are not secure, they need to be replaced. In this talk we're going to explore the pitfalls of a system designed around a username and password, then dive into the ways that technology is giving us a slew of new ways to build a secure user identity system. From biometrics to wearables, hardware to tokens, we'll explore a multitude of ways that we can finally kill all passwords.

Out of this world payments. Cristiano Betta

Future Insights

FOWA London 2015 Join Senior Developer Advocate at PayPal/Braintree, Cristiano Betta, as he welcomes our alien visitors and introduced them to this strange planet earth. The year is 2015 and Lord Command Zorg is new our planet. The good news? He’s not here to rule the world, but to trade with our world. The bad news? With 7 billion people in the world, we’ve come close to developing a similar amount of ways to pay each other based on our cultural, historical and sometimes comical preferences. Zorg is up for a surprise here. He does not know that nobody pays with credit card in Germany. Nor does he fully understand the size of global debt. Not to mention countries with their own cryptocurrencies. In this talk, Cristiano will discuss in detail how people pay around the world and why, and how technology helps solve multiple problems. Whether you're a startup or developer, head to this session and Cristiano will show you why payments around the world matter, and how new technologies like tokenisation are the future to a truly sci-fi payment experience.

What's hot

Gaps in the algorithm

Will Critchlow

#MBLTdev: Современная аутентификация (PayPal)

e-Legion

SEO, Social Media & PR Convergence - Digital Marketing London 2011

Steve Lock

Ungagged UK Talk - Google in a Post Update and Mobile First World.

Kristine Schachinger SEO and Online Marketing

HOW TO INCREASE YOUR TRAFFIC 5X WITH THIS ONE SEO METHOD

Christoph C. Cemper

Everything You Need to Know About Panda 3.3 AND What to do About It (Webinar ...TheHOTHCorp

Keynote: Bias in Search and Recommender Systems

Catalyst

Workshop State-management in React with Context and Hooks

Roy Derks

Generating Qualitative Content with GPT-2 in All Languages

Catalyst

Bad Ideas Kill Content - How to Generate Better Ideas

Stacey MacNaught

Can Google properly crawl and index JavaScript? SEO Experiments - Results and...

Onely

Links for SEO in 2018 - Christoph C. Cemper at London Affiliate Conference 2018

Christoph C. Cemper

"What?", "So what?", "NOW WHAT?" How to influence people and accomplish change

Larry Maccherone

Searchmetrics - NOAH13 London

NOAH Advisors

Low Budget Link Building Tactics - Stacey MacNaught - Digital Olympus

Stacey MacNaught

The Role of Social in Search - SAScon 2013

Steve Lock

What Fantasy Football Taught Me About Building Nuanced SEO Reports

Owain Lloyd-Williams

Universal Google Analytics: Event Tracking

Vlad Mysla

How to have less rubbish ideas #brightonseo

Kelvin Newman

The Trope Factory #SearchLeeds - Why your content should be less original

Kelvin Newman

What's hot (20)

Gaps in the algorithm

#MBLTdev: Современная аутентификация (PayPal)

SEO, Social Media & PR Convergence - Digital Marketing London 2011

Ungagged UK Talk - Google in a Post Update and Mobile First World.

HOW TO INCREASE YOUR TRAFFIC 5X WITH THIS ONE SEO METHOD

Everything You Need to Know About Panda 3.3 AND What to do About It (Webinar ...

Keynote: Bias in Search and Recommender Systems

Workshop State-management in React with Context and Hooks

Generating Qualitative Content with GPT-2 in All Languages

Bad Ideas Kill Content - How to Generate Better Ideas

Can Google properly crawl and index JavaScript? SEO Experiments - Results and...

Links for SEO in 2018 - Christoph C. Cemper at London Affiliate Conference 2018

"What?", "So what?", "NOW WHAT?" How to influence people and accomplish change

Searchmetrics - NOAH13 London

Low Budget Link Building Tactics - Stacey MacNaught - Digital Olympus

The Role of Social in Search - SAScon 2013

What Fantasy Football Taught Me About Building Nuanced SEO Reports

Universal Google Analytics: Event Tracking

How to have less rubbish ideas #brightonseo

The Trope Factory #SearchLeeds - Why your content should be less original

Similar to Death to Passwords

Kill All Passwords

Jonathan LeBlanc

Out of this world payments. Cristiano Betta

Future Insights

BrightonSEO July 2021: Spilling the T in EAT- Easy CRO Tricks for User Trust

Oliver Brett

Attribute Driven Styles: The Good, the Bad, and the Unknown (SassConf 2015 Di...

Jonathan Cutrell

Future of Identity, Data, and Wearable Security

Jonathan LeBlanc

In a world where technology is transforming with mobile devices and wearables, its key to have a solid security backbone. From having a strong password to using biometrics, companies are finding ways to help consumers protect themselves without impacting the experience. We'll take a look at the current landscape of passwords, the importance of proper systems and how we can use wearables and mobile devices to build trust systems.

JoomlaDay Conference_September 2023 PDF.pdf

Oliver Brett

Passwords, Passwords and more Passwords

clcewing

SEO Audits for DFWSEM State of Search

Evolve Digital Labs

This strange planet earth

Cristiano Betta

Mobile Authentication using Biometrics & Wearables

Jonathan LeBlanc

Have you ever had to implement a client- or server-side authentication system and actually enjoyed it? Did you ever notice the wide landscape of mechanisms that seem to be complementary but are in fact hard to combine? As we move towards mobile-centric technology and wearables, this landscape becomes even more difficult to navigate. Centralized group and identification mechanisms are starting to rise to fill this need, building out standards for how authentication should be implemented on emerging technology and devices. As these areas develop, the need for new security measures is also becoming paramount. Come and join Jon Leblanc and Tim Messerschmidt from PayPal to learn about how identification, through biometrics, is being used to build the future of mobile centric devices and technology, breaking into the world of wearables. We’ll look at the security behind this technology, and see where the future of biometrics is leading us.

Ultimate Free Digital Marketing Toolkit #EdgeBristol 2012

Steve Lock

Changes, innovation and… an axe!

Alberto López Martín

Identity in the Future of Embeddables & Wearables

Jonathan LeBlanc

The audio recording of this talk is available at https://archive.org/details/identity_wearables_embeddables Ways of identifying a person to the technology around them is shifting from antiquated external body definitions, to internal body functions. In this session, we'll explore how the technology behind this embeddable and wearable movement works, exploring vein recognition biometrics, heartbeat identification, and going into embeddable body modifications as sources of identification.

Webstock Workshop: Creating Simple

Daniel Burka

Smart social scheduling

Jo Gifford

Cheapass.in — presented at JSFoo 2016

Aakash Goel

Candy for everybody - APIDays Mediterranea 2015Alberto López Martín

Agile is a 4 letter word - dev nexus 2020

Jen Krieger

Apache spark workshop

Pawel Szulc

Alex Schedrov, Dmitry Drozdik - Everyone does this ...! from routine to start...

DrupalCamp Kyiv

Similar to Death to Passwords (20)

Kill All Passwords

Out of this world payments. Cristiano Betta

BrightonSEO July 2021: Spilling the T in EAT- Easy CRO Tricks for User Trust

Attribute Driven Styles: The Good, the Bad, and the Unknown (SassConf 2015 Di...

Future of Identity, Data, and Wearable Security

JoomlaDay Conference_September 2023 PDF.pdf

Passwords, Passwords and more Passwords

SEO Audits for DFWSEM State of Search

This strange planet earth

Mobile Authentication using Biometrics & Wearables

Ultimate Free Digital Marketing Toolkit #EdgeBristol 2012

Changes, innovation and… an axe!

Identity in the Future of Embeddables & Wearables

Webstock Workshop: Creating Simple

Smart social scheduling

Cheapass.in — presented at JSFoo 2016

Candy for everybody - APIDays Mediterranea 2015

Agile is a 4 letter word - dev nexus 2020

Apache spark workshop

Alex Schedrov, Dmitry Drozdik - Everyone does this ...! from routine to start...

Recently uploaded

20240607 QFM018 Elixir Reading List May 2024

Matthew Sinclair

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

James Anderson

Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management. The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM). Speakers: Bob Boule Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle. Gopinath Rebala Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.

PHP Frameworks: I want to break free (IPC Berlin 2024)

Ralf Eggert

In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development. This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.

Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf

91mobiles

Essentials of Automations: The Art of Triggers and Actions in FME

Safe Software

In this second installment of our Essentials of Automations webinar series, we’ll explore the landscape of triggers and actions, guiding you through the nuances of authoring and adapting workspaces for seamless automations. Gain an understanding of the full spectrum of triggers and actions available in FME, empowering you to enhance your workspaces for efficient automation. We’ll kick things off by showcasing the most commonly used event-based triggers, introducing you to various automation workflows like manual triggers, schedules, directory watchers, and more. Plus, see how these elements play out in real scenarios. Whether you’re tweaking your current setup or building from the ground up, this session will arm you with the tools and insights needed to transform your FME usage into a powerhouse of productivity. Join us to discover effective strategies that simplify complex processes, enhancing your productivity and transforming your data management practices with FME. Let’s turn complexity into clarity and make your workspaces work wonders!

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf

Paige Cruz

Monitoring and observability aren’t traditionally found in software curriculums and many of us cobble this knowledge together from whatever vendor or ecosystem we were first introduced to and whatever is a part of your current company’s observability stack. While the dev and ops silo continues to crumble….many organizations still relegate monitoring & observability as the purview of ops, infra and SRE teams. This is a mistake - achieving a highly observable system requires collaboration up and down the stack. I, a former op, would like to extend an invitation to all application developers to join the observability party will share these foundational concepts to build on:

Climate Impact of Software Testing at Nordic Testing Days

Kari Kakkonen

My slides at Nordic Testing Days 6.6.2024 Climate impact / sustainability of software testing discussed on the talk. ICT and testing must carry their part of global responsibility to help with the climat warming. We can minimize the carbon footprint but we can also have a carbon handprint, a positive impact on the climate. Quality characteristics can be added with sustainability, and then measured continuously. Test environments can be used less, and in smaller scale and on demand. Test techniques can be used in optimizing or minimizing number of tests. Test automation can be used to speed up testing.

UiPath Test Automation using UiPath Test Suite series, part 5

DianaGray10

Microsoft - Power Platform_G.Aspiotis.pdf

Uni Systems S.M.S.A.

Pushing the limits of ePRTC: 100ns holdover for 100 days

Adtran

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

FIDO Alliance

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

DanBrown980551

Do you want to learn how to model and simulate an electrical network from scratch in under an hour? Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)! During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook. PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides: - A fully editable and extendable library for grid component modelling; - Visualization tools to display your network; - Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses; The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well. What you will learn during the webinar: - For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills; - For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.

Free Complete Python - A step towards Data Science

RinaMondal9

Securing your Kubernetes cluster_ a step-by-step guide to success !

KatiaHIMEUR1

Today, after several years of existence, an extremely active community and an ultra-dynamic ecosystem, Kubernetes has established itself as the de facto standard in container orchestration. Thanks to a wide range of managed services, it has never been so easy to set up a ready-to-use Kubernetes cluster. However, this ease of use means that the subject of security in Kubernetes is often left for later, or even neglected. This exposes companies to significant risks. In this talk, I'll show you step-by-step how to secure your Kubernetes cluster for greater peace of mind and reliability.

National Security Agency - NSA mobile device best practices

Quotidiano Piemontese

Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...

SOFTTECHHUB

The choice of an operating system plays a pivotal role in shaping our computing experience. For decades, Microsoft's Windows has dominated the market, offering a familiar and widely adopted platform for personal and professional use. However, as technological advancements continue to push the boundaries of innovation, alternative operating systems have emerged, challenging the status quo and offering users a fresh perspective on computing. One such alternative that has garnered significant attention and acclaim is Nitrux Linux 3.5.0, a sleek, powerful, and user-friendly Linux distribution that promises to redefine the way we interact with our devices. With its focus on performance, security, and customization, Nitrux Linux presents a compelling case for those seeking to break free from the constraints of proprietary software and embrace the freedom and flexibility of open-source computing.

GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...

Neo4j

Sudheer Mechineni, Head of Application Frameworks, Standard Chartered Bank Discover how Standard Chartered Bank harnessed the power of Neo4j to transform complex data access challenges into a dynamic, scalable graph database solution. This keynote will cover their journey from initial adoption to deploying a fully automated, enterprise-grade causal cluster, highlighting key strategies for modelling organisational changes and ensuring robust disaster recovery. Learn how these innovations have not only enhanced Standard Chartered Bank’s data infrastructure but also positioned them as pioneers in the banking sector’s adoption of graph technology.

GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024

Neo4j

Uni Systems Copilot event_05062024_C.Vlachos.pdf

Uni Systems S.M.S.A.

Introduction to CHERI technology - Cybersecurity

mikeeftimakis1

Recently uploaded (20)

20240607 QFM018 Elixir Reading List May 2024

GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...

PHP Frameworks: I want to break free (IPC Berlin 2024)

Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf

Essentials of Automations: The Art of Triggers and Actions in FME

Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf

Climate Impact of Software Testing at Nordic Testing Days

UiPath Test Automation using UiPath Test Suite series, part 5

Microsoft - Power Platform_G.Aspiotis.pdf

Pushing the limits of ePRTC: 100ns holdover for 100 days

FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf

LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...

Free Complete Python - A step towards Data Science

Securing your Kubernetes cluster_ a step-by-step guide to success !

National Security Agency - NSA mobile device best practices

Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...

GraphSummit Singapore | Graphing Success: Revolutionising Organisational Stru...

GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024

Uni Systems Copilot event_05062024_C.Vlachos.pdf

Introduction to CHERI technology - Cybersecurity

Death to Passwords

2. Death to Passwords

3. Death to Passwords Cristiano Betta Developer Advocate

4. Death to Passwords Cristiano Betta Developer Advocate

5. Death to Passwords Cristiano Betta Developer Advocate @cbetta | @braintree_dev

6. WHERE I LIVE Braintree_Dev. @cbetta | @braintree_dev

7. WHERE I USED TO LIVE Braintree_Dev. @cbetta | @braintree_dev

8. Braintree_Dev. @cbetta | @braintree_dev

9. That’s me Braintree_Dev. @cbetta | @braintree_dev

10. Braintree_Dev. @cbetta | @braintree_dev

11. Braintree_Dev. @cbetta | @braintree_dev

12. Braintree_Dev. @cbetta | @braintree_dev

13. >Death to Passwords_ Braintree_Dev. @cbetta | @braintree_dev

14. Braintree_Dev. @cbetta | @braintree_dev

15. Braintree_Dev. @cbetta | @braintree_dev

16. >The 3 key problems_ Braintree_Dev. @cbetta | @braintree_dev

17. The top 1000 most used passwords of 2012 wiki.skullsecurity.org/Passwords Braintree_Dev. @cbetta | @braintree_dev

18. The top 1000 most leaked passwords of 2012 wiki.skullsecurity.org/Passwords Braintree_Dev. @cbetta | @braintree_dev

19. 4.7% OF ALL LEAKED PASSWORDS ARE Braintree_Dev. @cbetta | @braintree_dev

20. 4.7% OF ALL LEAKED PASSWORDS ARE PASSWORD Braintree_Dev. @cbetta | @braintree_dev

21. Braintree_Dev. @cbetta | @braintree_dev

22. 8.5% OF ALL LEAKED PASSWORDS ARE Braintree_Dev. @cbetta | @braintree_dev

23. 8.5% OF ALL LEAKED PASSWORDS ARE PASSWORD or 123456 Braintree_Dev. @cbetta | @braintree_dev

24. 4.7% OF ALL LEAKED PASSWORDS ARE Braintree_Dev. @cbetta | @braintree_dev

25. 4.7% OF ALL LEAKED PASSWORDS ARE PASSWORD or 123456 or 12345678 Braintree_Dev. @cbetta | @braintree_dev

26. ... and it doesn’t even stop there 14% have a password from the top 10 40% have a password from the top 100 79% have a password from the top 500 91% have a password from the top 1000 Braintree_Dev. @cbetta | @braintree_dev

27. Braintree_Dev. @cbettaab s|t r@ubsergaoiosnet.rceome/_2d96ev

28. A brief analysis of the situation in 2013 cbsn.ws/1siTPGH Braintree_Dev. @cbetta | @braintree_dev

29. 1. 123456 2. password 3. 12345678 4. qwerty 5. abc123 6. 123456789 7. 111111 8. 1234567 9. iloveyou 10. adobe123 11. 123123 12. admin 13. 1234567890 14. letmein 15. photoshop 16. 1234 17. monkey 18. shadow 19. sunshine 20. 12345 Braintree_Dev. @cbetta | @braintree_dev

30. 1. 123456 up 1 2. password down 1 3. 12345678 4. qwerty up 1 5. abc123 down 1 6. 123456789 new 7. 111111 up 2 8. 1234567 up 5 9. iloveyou up 2 10. adobe123 new 11. 123123 up 5 12. admin new 13. 1234567890 new 14. letmein down 7 15. photoshop new 16. 1234 new 17. monkey down 11 18. shadow 19. sunshine down 5 20. 12345 new Braintree_Dev. @cbetta | @braintree_dev

31. 11. 123123 up 5 12. admin new 13. 1234567890 new 14. letmein down 7 15. photoshop new 16. 1234 new 17. monkey down 11 18. shadow 19. sunshine down 5 20. 12345 new 1. 123456 up 1 2. password down 1 3. 12345678 4. qwerty up 1 5. abc123 down 1 6. 123456789 new 7. 111111 up 2 8. 1234567 up 5 9. iloveyou up 2 10. adobe123 new Braintree_Dev. @cbetta | @braintree_dev

32. 11. 123123 up 5 12. admin new 13. 1234567890 new 14. letmein down 7 15. photoshop new 16. 1234 new 17. monkey down 11 18. shadow 19. sunshine down 5 20. 12345 new 1. 123456 up 1 2. password down 1 3. 12345678 4. qwerty up 1 5. abc123 down 1 6. 123456789 new 7. 111111 up 2 8. 1234567 up 5 9. iloveyou up 2 10. adobe123 new Braintree_Dev. @cbetta | @braintree_dev

33. 11. 123123 up 5 12. admin new 13. 1234567890 new 14. letmein down 7 15. photoshop new 16. 1234 new 17. monkey down 11 18. shadow 19. sunshine down 5 20. 12345 new 1. 123456 up 1 2. password down 1 3. 12345678 4. qwerty up 1 5. abc123 down 1 6. 123456789 new 7. 111111 up 2 8. 1234567 up 5 9. iloveyou up 2 10. adobe123 new Braintree_Dev. @cbetta | @braintree_dev

34. Braintree_Dev. @cbetta | @braintree_dev

35. Braintree_Dev. @cbetta | @braintree_dev

36. Braintree_Dev. @cbetta | @braintree_dev

37. Braintree_Dev. @cbetta | @braintree_dev

38. Braintree_Dev. @cbetta | @braintree_dev

39. Braintree_Dev. @cbetta | @braintree_dev

40. “FAVOR SECURITY TOO MUCH OVER THE EXPERIENCE AND YOU’LL MAKE THE WEBSITE A PAIN TO USE.” smashingmagazine.com /2012/10/26/password-masking-hurt-signup-form Braintree_Dev. @cbetta | @braintree_dev

41. vs Braintree_Dev. @cbetta | @braintree_dev

42. Braintree_Dev. @cbetta | @braintree_dev

43. People forget passwords… 45% admit to leaving a website instead of re-setting their password or answering security questions - Blue Inc. 2011 Braintree_Dev. @SeraAndroid / @PayPalDev

44. Let’s admit it... Passwords really suck! Braintree_Dev. @cbetta | @braintree_dev

45. People hate to register Out of 657 surveyed users 66% think that social sign-in is a desirable alternative. - Blue Inc. 2011 Braintree_Dev. @SeraAndroid / @PayPalDev

46. Let’s admit it... Passwords really, really suck! Braintree_Dev. @cbetta | @braintree_dev

47. “Braintree Says Goodbye to Passwords With One Touch Payments for PayPal and Venmo, and Hello to Bitcoin” braintreepayments.com /blog/goodbye-passwords-one-touch-hello-bitcoin Braintree_Dev. @cbetta | @braintree_dev

48. Merchant app PayPal app Merchant app Braintree_Dev. @cbetta | @braintree_dev

49. Merchant app PayPal app Merchant app Braintree_Dev. @cbetta | @braintree_dev

50. Merchant app PayPal app Merchant app Braintree_Dev. @cbetta | @braintree_dev

51. Merchant app PayPal app Merchant app Braintree_Dev. @cbetta | @braintree_dev

52. > Continue? (Y/n) _ Braintree_Dev. @cbetta | @braintree_dev

53. Multi-Factor Authentication en.wikipedia.org /wiki/Multi-factor_authentication Braintree_Dev. @cbetta | @braintree_dev

54. KNOWLEDGE FACTOR Braintree_Dev. @cbetta | @braintree_dev

55. INHERENCE FACTOR Braintree_Dev. @cbetta | @braintree_dev

56. POSSESSION FACTOR Braintree_Dev. @cbetta | @braintree_dev

57. 2-Factor Authentication twofactorauth.org Braintree_Dev. @cbetta | @braintree_dev

58. twofactorauth.org Braintree_Dev. @cbetta | @braintree_dev

59. Passwordless Authentication medium.com /@ninjudd/passwords-are-obsolete-9ed56d483eb Braintree_Dev. @cbetta | @braintree_dev

60. Braintree_Dev. @cbetta | @braintree_dev

61. Braintree_Dev. @cbetta | @braintree_dev

62. Braintree_Dev. @cbetta | @braintree_dev

63. Braintree_Dev. @cbetta | @braintree_dev

64. Braintree_Dev. @cbetta | @braintree_dev

65. fidoalliance.org

66. Braintree_Dev. @cbetta | @braintree_dev

67. Braintree_Dev. @cbetta | @braintree_dev

68. Braintree_Dev. @cbetta | @braintree_dev

69. Braintree_Dev. @cbetta | @braintree_dev

70. Braintree_Dev. @cbetta | @braintree_dev

71. > Exit? (Y/n) _ Braintree_Dev. @cbetta | @braintree_dev

72. Authorization & Authentication stackoverflow.com /questions/6367865/is-there-a-difference-between- authentication-and-authorization Braintree_Dev. @cbetta | @braintree_dev

73. Google Facebook Twitter Braintree_Dev. @cbetta | @braintree_dev

74. Braintree_Dev. @cbetta | @braintree_dev

75. Braintree_Dev. @cbetta | @braintree_dev

76.

77.

78.

79. Braintree_Dev. @cbetta | @braintree_dev

80. • Passwords are awesome Braintree_Dev. @cbetta | @braintree_dev

81. • Passwords are awesome • But people+passwords suck Braintree_Dev. @cbetta | @braintree_dev

82. • Passwords are awesome • But people+passwords suck • We need something you have, know and/or are Braintree_Dev. @cbetta | @braintree_dev

83. • Passwords are awesome • But people+passwords suck • We need something you have, know and/or are • Wearable tech opens up a new world of possibilities Braintree_Dev. @cbetta | @braintree_dev

84. • Passwords are awesome • But people+passwords suck • We need something you have, know and/or are • Wearable tech opens up a new world of possibilities • Don’t re-invent the wheel Braintree_Dev. @cbetta | @braintree_dev

85. • Passwords are awesome • But people+passwords suck • We need something you have, know and/or are • Wearable tech opens up a new world of possibilities • Don’t re-invent the wheel • FIDO Braintree_Dev. @cbetta | @braintree_dev

86. • Passwords are awesome • But people+passwords suck • We need something you have, know and/or are • Wearable tech opens up a new world of possibilities • Don’t re-invent the wheel • FIDO • Third party auth Braintree_Dev. @cbetta | @braintree_dev

87. Braintree_Dev. @cbetta | @braintree_dev

88. THANK YOU Cristiano Betta Developer Advocate braintreepayments.com cbetta@braintreepayments.com @cbetta | @braintree_dev

Death to Passwords

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Similar to Death to Passwords

Similar to Death to Passwords (20)

More from Cristiano Betta

More from Cristiano Betta (20)

Recently uploaded

Recently uploaded (20)

Death to Passwords