The document discusses the problems with passwords and advocates for moving away from password-based authentication. It notes that passwords are often weak and vulnerable to leaks. Alternative authentication methods are proposed, such as multifactor authentication using something a user has (possession factor) in addition to something they know (knowledge factor). New technologies like wearables may also enable novel authentication approaches.

2. Death to Passwords

3. Death to Passwords
Cristiano Betta
Developer Advocate

4. Death to Passwords
Cristiano Betta
Developer Advocate

5. Death to Passwords
Cristiano Betta
Developer Advocate
@cbetta | @braintree_dev

6. WHERE I LIVE
Braintree_Dev. @cbetta | @braintree_dev

7. WHERE I USED TO LIVE
Braintree_Dev. @cbetta | @braintree_dev

8. Braintree_Dev. @cbetta | @braintree_dev

9. That’s me
Braintree_Dev. @cbetta | @braintree_dev

10. Braintree_Dev. @cbetta | @braintree_dev

11. Braintree_Dev. @cbetta | @braintree_dev

12. Braintree_Dev. @cbetta | @braintree_dev

13. >Death to Passwords_
Braintree_Dev. @cbetta | @braintree_dev

14. Braintree_Dev. @cbetta | @braintree_dev

15. Braintree_Dev. @cbetta | @braintree_dev

16. >The 3 key problems_
Braintree_Dev. @cbetta | @braintree_dev

17. The top 1000 most used
passwords of 2012
wiki.skullsecurity.org/Passwords
Braintree_Dev. @cbetta | @braintree_dev

18. The top 1000 most leaked
passwords of 2012
wiki.skullsecurity.org/Passwords
Braintree_Dev. @cbetta | @braintree_dev

19. 4.7% OF ALL LEAKED PASSWORDS ARE
Braintree_Dev. @cbetta | @braintree_dev

20. 4.7% OF ALL LEAKED PASSWORDS ARE
PASSWORD
Braintree_Dev. @cbetta | @braintree_dev

21. Braintree_Dev. @cbetta | @braintree_dev

22. 8.5% OF ALL LEAKED PASSWORDS ARE
Braintree_Dev. @cbetta | @braintree_dev

23. 8.5% OF ALL LEAKED PASSWORDS ARE
PASSWORD or 123456
Braintree_Dev. @cbetta | @braintree_dev

24. 4.7% OF ALL LEAKED PASSWORDS ARE
Braintree_Dev. @cbetta | @braintree_dev

25. 4.7% OF ALL LEAKED PASSWORDS ARE
PASSWORD or 123456 or 12345678
Braintree_Dev. @cbetta | @braintree_dev

26. ... and it doesn’t even stop there
14% have a password from the top 10
40% have a password from the top 100
79% have a password from the top 500
91% have a password from the top 1000
Braintree_Dev. @cbetta | @braintree_dev

27. Braintree_Dev. @cbettaab s|t r@ubsergaoiosnet.rceome/_2d96ev

28. A brief analysis of the
situation in 2013
cbsn.ws/1siTPGH
Braintree_Dev. @cbetta | @braintree_dev

29. 1. 123456
2. password
3. 12345678
4. qwerty
5. abc123
6. 123456789
7. 111111
8. 1234567
9. iloveyou
10. adobe123
11. 123123
12. admin
13. 1234567890
14. letmein
15. photoshop
16. 1234
17. monkey
18. shadow
19. sunshine
20. 12345
Braintree_Dev. @cbetta | @braintree_dev

30. 1. 123456 up 1
2. password down 1
3. 12345678
4. qwerty up 1
5. abc123 down 1
6. 123456789 new
7. 111111 up 2
8. 1234567 up 5
9. iloveyou up 2
10. adobe123 new
11. 123123 up 5
12. admin new
13. 1234567890 new
14. letmein down 7
15. photoshop new
16. 1234 new
17. monkey down 11
18. shadow
19. sunshine down 5
20. 12345 new
Braintree_Dev. @cbetta | @braintree_dev

31. 11. 123123 up 5
12. admin new
13. 1234567890 new
14. letmein down 7
15. photoshop new
16. 1234 new
17. monkey down 11
18. shadow
19. sunshine down 5
20. 12345 new
1. 123456 up 1
2. password down 1
3. 12345678
4. qwerty up 1
5. abc123 down 1
6. 123456789 new
7. 111111 up 2
8. 1234567 up 5
9. iloveyou up 2
10. adobe123 new
Braintree_Dev. @cbetta | @braintree_dev

32. 11. 123123 up 5
12. admin new
13. 1234567890 new
14. letmein down 7
15. photoshop new
16. 1234 new
17. monkey down 11
18. shadow
19. sunshine down 5
20. 12345 new
1. 123456 up 1
2. password down 1
3. 12345678
4. qwerty up 1
5. abc123 down 1
6. 123456789 new
7. 111111 up 2
8. 1234567 up 5
9. iloveyou up 2
10. adobe123 new
Braintree_Dev. @cbetta | @braintree_dev

33. 11. 123123 up 5
12. admin new
13. 1234567890 new
14. letmein down 7
15. photoshop new
16. 1234 new
17. monkey down 11
18. shadow
19. sunshine down 5
20. 12345 new
1. 123456 up 1
2. password down 1
3. 12345678
4. qwerty up 1
5. abc123 down 1
6. 123456789 new
7. 111111 up 2
8. 1234567 up 5
9. iloveyou up 2
10. adobe123 new
Braintree_Dev. @cbetta | @braintree_dev

34. Braintree_Dev. @cbetta | @braintree_dev

35. Braintree_Dev. @cbetta | @braintree_dev

36. Braintree_Dev. @cbetta | @braintree_dev

37. Braintree_Dev. @cbetta | @braintree_dev

38. Braintree_Dev. @cbetta | @braintree_dev

39. Braintree_Dev. @cbetta | @braintree_dev

40. “FAVOR SECURITY TOO MUCH OVER THE
EXPERIENCE AND YOU’LL MAKE THE
WEBSITE A PAIN TO USE.”
smashingmagazine.com
/2012/10/26/password-masking-hurt-signup-form
Braintree_Dev. @cbetta | @braintree_dev

41. vs
Braintree_Dev. @cbetta | @braintree_dev

42. Braintree_Dev. @cbetta | @braintree_dev

43. People forget passwords…
45% admit to leaving a website instead of re-setting
their password or answering security
questions
- Blue Inc. 2011
Braintree_Dev. @SeraAndroid / @PayPalDev

44. Let’s admit it...
Passwords really suck!
Braintree_Dev. @cbetta | @braintree_dev

45. People hate to register
Out of 657 surveyed users 66% think that
social sign-in is a desirable alternative.
- Blue Inc. 2011
Braintree_Dev. @SeraAndroid / @PayPalDev

46. Let’s admit it...
Passwords really, really suck!
Braintree_Dev. @cbetta | @braintree_dev

47. “Braintree Says Goodbye to
Passwords With One Touch
Payments for PayPal and Venmo,
and Hello to Bitcoin”
braintreepayments.com
/blog/goodbye-passwords-one-touch-hello-bitcoin
Braintree_Dev. @cbetta | @braintree_dev

48. Merchant app
PayPal app
Merchant app

Braintree_Dev. @cbetta | @braintree_dev

49. 
Merchant app
PayPal app
Merchant app
Braintree_Dev. @cbetta | @braintree_dev

50. 
Merchant app
PayPal app
Merchant app
Braintree_Dev. @cbetta | @braintree_dev

51. 
Merchant app
PayPal app
Merchant app
Braintree_Dev. @cbetta | @braintree_dev

52. > Continue? (Y/n) _
Braintree_Dev. @cbetta | @braintree_dev

53. Multi-Factor Authentication
en.wikipedia.org
/wiki/Multi-factor_authentication
Braintree_Dev. @cbetta | @braintree_dev

54. KNOWLEDGE FACTOR
Braintree_Dev. @cbetta | @braintree_dev

55. INHERENCE FACTOR
Braintree_Dev. @cbetta | @braintree_dev

56. POSSESSION FACTOR
Braintree_Dev. @cbetta | @braintree_dev

57. 2-Factor Authentication
twofactorauth.org
Braintree_Dev. @cbetta | @braintree_dev

58. twofactorauth.org
Braintree_Dev. @cbetta | @braintree_dev

59. Passwordless Authentication
medium.com
/@ninjudd/passwords-are-obsolete-9ed56d483eb
Braintree_Dev. @cbetta | @braintree_dev

60. Braintree_Dev. @cbetta | @braintree_dev

61. Braintree_Dev. @cbetta | @braintree_dev

62. Braintree_Dev. @cbetta | @braintree_dev

63. Braintree_Dev. @cbetta | @braintree_dev

64. Braintree_Dev. @cbetta | @braintree_dev

65. fidoalliance.org

66. Braintree_Dev. @cbetta | @braintree_dev

67. Braintree_Dev. @cbetta | @braintree_dev

68. Braintree_Dev. @cbetta | @braintree_dev

69. Braintree_Dev. @cbetta | @braintree_dev

70. Braintree_Dev. @cbetta | @braintree_dev

71. > Exit? (Y/n) _
Braintree_Dev. @cbetta | @braintree_dev

72. Authorization &
Authentication
stackoverflow.com
/questions/6367865/is-there-a-difference-between-
authentication-and-authorization
Braintree_Dev. @cbetta | @braintree_dev

73. Google Facebook Twitter
Braintree_Dev. @cbetta | @braintree_dev

74. Braintree_Dev. @cbetta | @braintree_dev

75. Braintree_Dev. @cbetta | @braintree_dev

79. Braintree_Dev. @cbetta | @braintree_dev

80. • Passwords are awesome
Braintree_Dev. @cbetta | @braintree_dev

81. • Passwords are awesome
• But people+passwords suck
Braintree_Dev. @cbetta | @braintree_dev

82. • Passwords are awesome
• But people+passwords suck
• We need something you have, know
and/or are
Braintree_Dev. @cbetta | @braintree_dev

83. • Passwords are awesome
• But people+passwords suck
• We need something you have, know
and/or are
• Wearable tech opens up a new
world of possibilities
Braintree_Dev. @cbetta | @braintree_dev

84. • Passwords are awesome
• But people+passwords suck
• We need something you have, know
and/or are
• Wearable tech opens up a new
world of possibilities
• Don’t re-invent the wheel
Braintree_Dev. @cbetta | @braintree_dev

85. • Passwords are awesome
• But people+passwords suck
• We need something you have, know
and/or are
• Wearable tech opens up a new
world of possibilities
• Don’t re-invent the wheel
• FIDO
Braintree_Dev. @cbetta | @braintree_dev

86. • Passwords are awesome
• But people+passwords suck
• We need something you have, know
and/or are
• Wearable tech opens up a new
world of possibilities
• Don’t re-invent the wheel
• FIDO
• Third party auth
Braintree_Dev. @cbetta | @braintree_dev

87. Braintree_Dev. @cbetta | @braintree_dev

88. THANK YOU
Cristiano Betta
Developer Advocate
braintreepayments.com
cbetta@braintreepayments.com
@cbetta | @braintree_dev