Pro Dev Day 2018 - Passwords are Dead

PA S S W O R D S A R E D E A D
P R O D E V D AY - 2 1 S E P T E M B E R 2 0 1 8
L O N G L I V E T H E PA S S W O R D

T
H
E
PA
S
S
W
O
R
D
I N T H E B E G N N I N G , T H E R E WA S

A N D I T H A D O B S C U R E R U L E S

A L L T H E S E
R U L E S G O T U S
S O M E T R U LY
E X C E L L E N T
PA S S W O R D S
( N O T )
• The top 15 passwords on the 2017 list:
• 1. 123456 (Unchanged)
• 2. Password (Unchanged)
• 3. 12345678 (Up 1)
• 4. qwerty (Up 2)
• 5. 12345 (Down 2)
• 6. 123456789 (New)
• 7. letmein (New)
• 8. 1234567 (Unchanged)
• 9. football (Down 4)
• 10. iloveyou (New)
• 11. admin (Up 4)
• 12. welcome (Unchanged)
• 13. monkey (New)
• 14. login (Down 3)
• 15. abc123 (Down 1)

N AT I O N A L I N S T I T U T E O F
S TA N D A R D S A N D T I M E
F R O M T H E F I N E F O L K S AT N I S T
N I S T 8 0 0 - 6 3 - 3
1) Remove periodic password change requirements
2) Drop the algorithmic complexity song and dance
3) Require screening of new passwords against lists of
commonly used or compromised passwords

THEPASSPHRASE
E N T E R :
CHEESE
MOOSE
HOTEL
ISHTAR

THEPASSPHRASE
E N T E R :
CHEESE MOOSE HOTEL ISHTAR

A L O N G , C O M P L E X PA S S W O R D
T H E O N LY T H I N G B E T T E R I S :
T H AT Y O U D O N ’ T H AV E
T O R E M E M B E R

Fully Private
Fully Secure
Fully Open
Fully Collecting
Utility
???
Uninformed
What do I pick?
Huge utility, huge
data disclosure
B A L A N C E
B U T F I R S T, A W O R D O N

Fully Private
Fully Secure
Fully Open
Fully Collecting
Utility
Better informed
Still want utility
Might make better
choices
It’s clear what is collected
It’s clear what it is used for
It’s clear who they share it with
It’s clear how long they keep it
It’s presented so that average beings
can read it quickly and clearly
B A L A N C E

OMG!
I can use w/o sharing
everything?
I can decide what to
share?
Fully Private
Fully Secure
Fully Open
Fully Collecting
It’s clear what is collected
It’s clear what it is used for
It’s clear who they share it with
It’s clear how long they keep it
It’s presented so that average beings
can read it quickly and clearly
Utility
B A L A N C E

Fully Private
Fully Secure
Fully Open
Fully Collecting
I can trust because I’ve verified
They do what they say they do
More value, more control
Data security practises
Depersonalisation (and even better,
aggregation)
Retention (GET RID OF IT FAST!)
Use an identity that user’s care about
and protect
Utility
B A L A N C E

T H E PA S S W O R D M A N A G E R
E N T E R :

K E Y F E AT U R E S O F
PA S S W O R D
M A N A G E R S T O D AY
• Secure storage of info
• Syncing across devices
• Generate strong passwords
• Show password re-use
• Check for weak passwords
• Desktop & Mobile Support
• One Password to Rule Them All
• Amaze Your Friends with Password
Filling Speed

– D A N I E L AYA L A
“A demo is worth 1000 questions”

U N S A F E AT A N Y S P E E D
S M S F O R 2 FA I S

D U O F R E E E D I T I O N
https://duo.com/pricing/duo-free

A
RE
BELO
N
G
TO
U
S
A L L Y O U R K E Y S

P W N E D ?
H AV E I B E E N
https://haveibeenpwned.com/

D
O
N
’T
F O R T H E L O V E O F A L L T H I N G S S E C U R E A N D H O LY
PA
SSW
O
RD
S

And never ever eat pears!
R E - G E N E R AT E
D O N ’ T R E - U S E ,

R E - G E N E R AT E
D O N ’ T R E - U S E ,

P R I VA C Y
Y O U D I D N ’ T T H I N K I W O U L D G O A W H O L E TA L K W / O M E N T I O N I N G
https://www.entrepreneur.com/article/320105

– S G T. E S T E R H A U S
“Let’s be careful out there”
https://vimeo.com/232565071

Pro Dev Day 2018 - Passwords are Dead

More Related Content

What's hot

Similar to Pro Dev Day 2018 - Passwords are Dead

Recently uploaded

Pro Dev Day 2018 - Passwords are Dead