Forgot Password? Yes I Did!

•

0 likes•119 views

Every month, we hear about a new data breach and billions of user passwords are being shared as we speak. How can we stop this? There is a simple solution, let’s stop using passwords! From email links to biometrics, more and more technologies are available to help developers handle different types of credentials. During this presentation, the attendees will learn about some of the alternatives and how to implement them in the context of an OAuth flow.

Internet

@joel__lord
#midwestjs
About Me
@joel__lord
joellord

@joel__lord
#midwestjs
Passwords Are Bad
! Cost
! Breach Impact
! Security
! Usability
Cost

@joel__lord
#midwestjs
Cost
! Help desk costs
! Technology
acquisition costs
! Management and
operations costs

@joel__lord
#midwestjs
Breach Impact
! 2,6G data records
compromised in
2017

@joel__lord
#midwestjs
Breach Impact
! 2,6G data records
compromised in
2017
! https://breachlevelindex.com

@joel__lord
#midwestjs
Security
! More computing
power === easier
cracking

@joel__lord
#midwestjs
Security
! More computing
power === easier
cracking
! More social media
presence === easier
social engineering

@joel__lord
#midwestjs
Security
! More computing
power === easier
cracking
! More social media
presence === easier
social engineering
! Users will always be
your weakest link

@joel__lord
#midwestjs
Usability
! 23% of users admit
having only one
password

@joel__lord
#midwestjs
Usability
! 23% of users admit
having only one
password
! More than 60% of
users use at least
two devices
everyday

@joel__lord
#midwestjs
Usability
! 23% of users admit
having only one
password
! More than 60% of
users use at least
two devices
everyday
! We all hate
passwords!

@joel__lord
#midwestjs
Passwords
Usability

@joel__lord
#midwestjs
What Can We Do?
! OAuth

@joel__lord
#midwestjs
Authentication Flows
Implicit Flow

@joel__lord
#midwestjs
What Can We Do?
! OAuth
! Delegate

@joel__lord
#midwestjs
What Can We Do?
! OAuth
! Delegate
! MFA

@joel__lord
#midwestjs
What Can We Do?
! OAuth
! Delegate
! MFA
! Forget Password

@joel__lord
#midwestjs
How to forget a
password
! Build strong
passwords
(something+name of
page)

@joel__lord
#midwestjs
How to forget a
password
! Use a password
manager

@joel__lord
#midwestjs
Alternatives
! Yubikeys
(WebAuthn)

@joel__lord
#midwestjs
WebAuthn
• Let’s look at some code

@joel__lord
#midwestjs
Alternatives
! Yubikeys
(WebAuthn)
! Biometrics

@joel__lord
#midwestjs
Alternatives
! Yubikeys
(WebAuthn)
! Biometrics
! Magic Link

@joel__lord
#midwestjs
Magic Links
• Let’s look at some code

Forgot Password?
Midwest JS
Minneapolis, MN
August 10, 2018
@joel__lord
joellord

Similar to Forgot Password? Yes I Did!

Thiago de Faria - AI with a devops mindset - experimentation, sharing and eas...Codemotion

SEOIRL - Security for SEOs.pdfJess Joyce

Codemotion Berlin 2018 - AI with a devops mindset: experimentation, sharing a...Thiago de Faria

Thiago de Faria - AI with a devops mindset - experimentation, sharing and eas...Codemotion

Designing the Industrial InternetDane Petersen

ArrowsMianlside

New Farming Methods in the Epistemological Wasteland of Application SecurityJames Wickett

Living documentationSamuel ROZE

$HOME Sweet $HOME Devoxx 2015Xavier Mertens

Wearables SEO - Apple Watch & Android Wear (SMX Advanced 2015)Casey Markee, MBA

Instant Visualizations in Every Step of AnalysisDatameer

META - Dark.pptxCostleyVirtualSuppor

Better to Ask Permission? Best Practices for Privacy and SecurityEric Kavanagh

Mobile Authentication using Biometrics & WearablesJonathan LeBlanc

Zanzi make-google-love-your-site-v4 b-1.2Ned Wells

Webinar - Big Data: Power to the User Datameer

Data Fluency for DummiesDavid Blake

Tree diagramMianlside

Create Ugly - Jay Acunzo at Content Marketing World 2015Jay Acunzo

Epistemological Problem of Application SecurityJames Wickett

Similar to Forgot Password? Yes I Did! (20)

Thiago de Faria - AI with a devops mindset - experimentation, sharing and eas...

SEOIRL - Security for SEOs.pdf

Codemotion Berlin 2018 - AI with a devops mindset: experimentation, sharing a...

Thiago de Faria - AI with a devops mindset - experimentation, sharing and eas...

Designing the Industrial Internet

Arrows

New Farming Methods in the Epistemological Wasteland of Application Security

Living documentation

$HOME Sweet $HOME Devoxx 2015

Wearables SEO - Apple Watch & Android Wear (SMX Advanced 2015)

Instant Visualizations in Every Step of Analysis

META - Dark.pptx

Better to Ask Permission? Best Practices for Privacy and Security

Mobile Authentication using Biometrics & Wearables

Zanzi make-google-love-your-site-v4 b-1.2

Webinar - Big Data: Power to the User

Data Fluency for Dummies

Tree diagram

Create Ugly - Jay Acunzo at Content Marketing World 2015

Epistemological Problem of Application Security

Recently uploaded

Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Servicesexy call girls service in goa

Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Delhi Call girls

Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4

Call Girls South Delhi Delhi reach out to us at ☎ 9711199012rehmti665

₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...Diya Sharma

Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Callshivangimorya083

VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service PuneCall girls in Ahmedabad High profile

Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICECall Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure

VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...aditipandeya

Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝soniya singh

Moving Beyond Twitter/X and Facebook - Social Media for local news providersDamian Radcliffe

VIP Kolkata Call Girls Salt Lake 8250192130 Available With Roomgirls4nights

Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts servicesonalikaur4

Challengers I Told Ya ShirtChallengers I Told Ya Shirtrahman018755

Radiant Call girls in Dubai O56338O268 Dubai Call girlsstephieert

Networking in the Penumbra presented by Geoff Huston at NZNOGAPNIC

VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4

Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$kojalkojal131

VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Roomdivyansh0kumar0

How is AI changing journalism? (v. April 2024)Damian Radcliffe

Recently uploaded (20)

Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service

Best VIP Call Girls Noida Sector 75 Call Me: 8448380779

Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata

Call Girls South Delhi Delhi reach out to us at ☎ 9711199012

₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...

Delhi Call Girls Rohini 9711199171 ☎✔👌✔ Whatsapp Hard And Sexy Vip Call

VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune

Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE

VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...

Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝

Moving Beyond Twitter/X and Facebook - Social Media for local news providers

VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room

Chennai Call Girls Porur Phone 🍆 8250192130 👅 celebrity escorts service

Challengers I Told Ya ShirtChallengers I Told Ya Shirt

Radiant Call girls in Dubai O56338O268 Dubai Call girls

Networking in the Penumbra presented by Geoff Huston at NZNOG

VIP Call Girls Kolkata Ananya 🤌 8250192130 🚀 Vip Call Girls Kolkata

Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$

VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room

How is AI changing journalism? (v. April 2024)

Forgot Password? Yes I Did!

1. Forgot Password? Yes I Did !

2. @joel__lord #midwestjs About Me @joel__lord joellord

3. @joel__lord #midwestjs About Me @joel__lord joellord

4. Passwords Are Bad

5. @joel__lord #midwestjs Passwords Are Bad ! Cost ! Breach Impact ! Security ! Usability Cost

6. @joel__lord #midwestjs Cost ! Help desk costs ! Technology acquisition costs ! Management and operations costs

7. @joel__lord #midwestjs Breach Impact ! 2,6G data records compromised in 2017

8. @joel__lord #midwestjs Breach Impact ! 2,6G data records compromised in 2017 ! https://breachlevelindex.com

9. @joel__lord #midwestjs Security ! More computing power === easier cracking

10. @joel__lord #midwestjs Security ! More computing power === easier cracking ! More social media presence === easier social engineering

11. @joel__lord #midwestjs Security ! More computing power === easier cracking ! More social media presence === easier social engineering ! Users will always be your weakest link

12. Title

13. Title

14. Title

15. @joel__lord #midwestjs Usability ! 23% of users admit having only one password

16. @joel__lord #midwestjs Usability ! 23% of users admit having only one password ! More than 60% of users use at least two devices everyday

17. @joel__lord #midwestjs Usability ! 23% of users admit having only one password ! More than 60% of users use at least two devices everyday ! We all hate passwords!

18. @joel__lord #midwestjs Passwords Usability

19. @joel__lord #midwestjs Passwords Usability

20. @joel__lord #midwestjs Passwords Usability

21. @joel__lord #midwestjs Passwords Usability

22. What Can We Do?

23. @joel__lord #midwestjs What Can We Do? ! OAuth

24. @joel__lord #midwestjs Authentication Flows Implicit Flow

25. @joel__lord #midwestjs Authentication Flows Implicit Flow

26. @joel__lord #midwestjs Authentication Flows Implicit Flow

27. @joel__lord #midwestjs Authentication Flows Implicit Flow

28. @joel__lord #midwestjs What Can We Do? ! OAuth ! Delegate

29. @joel__lord #midwestjs What Can We Do? ! OAuth ! Delegate ! MFA