SlideShare una empresa de Scribd logo

Death to Passwords: How Authentication Will Evolve Beyond Passwords

Tim Messerschmidt
Tim Messerschmidt

User authentication in mobile and web applications is a very common and integral use case. Implementing basic authentication is an easy solution for developers but comes with several pitfalls that impair user experience like (re-)entering passwords, the need to create a new unique password or even just the input of personal data on a flaky keyboard while registering a new account. In this talk the security flaws and UX implications of passwords will be discussed and Tim will highlight which different techniques exist that are able to offer a more mobile friendly flow. Highlighting authorization and authentication techniques like OAuth, OpenID Connect and even hardware features like Bluetooth Low Energy this talk will be interesting for anyone who's facing a situation where creating and storing user accounts matters.

InternetDatos y análisisTecnología
1 de 83
Descargar para leer sin conexión
@SeraAndroid#DeathToPW Death to Passwords Tim Messerschmidt Head of Developer Advocacy, International PayPal / Braintree SXSW 2015
@SeraAndroid#DeathToPW Death to Passwords Tim Messerschmidt Head of Developer Advocacy, International PayPal / Braintree SXSW 2015
@SeraAndroid#DeathToPW >Death to Passwords_
@SeraAndroid#DeathToPW
@SeraAndroid#DeathToPW The 1000 most used passwords of 2012 wiki.skullsecurity.org/Passwords
@SeraAndroid#DeathToPW 4.7% use password
@SeraAndroid#DeathToPW
@SeraAndroid#DeathToPW 8.5% use password or 123456
@SeraAndroid#DeathToPW 9.8% use password, 123456 or 12345678
@SeraAndroid#DeathToPW Top 10 14%
@SeraAndroid#DeathToPW Top 100 40%
@SeraAndroid#DeathToPW Top 500 79%
@SeraAndroid#DeathToPW Top 1000 91%
@SeraAndroid#DeathToPW 2013cbsn.ws/1siTPGH
@SeraAndroid#DeathToPW 1.  123456 2.  password 3.  12345678 4.  qwerty 5.  abc123 6.  123456789 7.  111111 8.  1234567 9.  iloveyou 10. adobe123 11. 123123 12. admin 13. 1234567890 14. letmein 15. photoshop 16. 1234 17. monkey 18. shadow 19. sunshine 20. 12345
@SeraAndroid#DeathToPW 1.  123456 2.  password 3.  12345678 4.  qwerty 5.  abc123 6.  123456789 7.  111111 8.  1234567 9.  iloveyou 10. adobe123 11. 123123 12. admin 13. 1234567890 14. letmein 15. photoshop 16. 1234 17. monkey 18. shadow 19. sunshine 20. 12345
@SeraAndroid#DeathToPW 2014bit.ly/1xYHjdp
@SeraAndroid#DeathToPW 1.  123456 2.  password 3.  12345 4.  12345678 5.  qwerty 6.  1234567890 7.  1234 8.  baseball 9.  dragon 10. football 11. 1234567 12. monkey 13. letmein 14. abc123 15. 111111 16. mustang 17. access 18. shadow 19. master 20. michael
@SeraAndroid#DeathToPW 1.  123456 2.  password 3.  12345 up 17 4.  12345678 down 1 5.  qwerty down 1 6.  1234567890 7.  1234 up 9 8.  baseball new 9.  dragon new 10. football new 11. 1234567 down 4 12. monkey up 5 13. letmein up 1 14. abc123 down 9 15. 111111 down 8 16. mustang new 17. access new 18. shadow 19. master new 20. michael new
@SeraAndroid#DeathToPW >Honorary mention_
@SeraAndroid#DeathToPW >Honorary mention 21. superman 24. batman _
@SeraAndroid#DeathToPW _
@SeraAndroid#DeathToPW >The 3 key problems_
@SeraAndroid#DeathToPWabstrusegoose.com/296
@SeraAndroid#DeathToPW
@SeraAndroid#DeathToPW
@SeraAndroid#DeathToPW
@SeraAndroid#DeathToPW
@SeraAndroid#DeathToPW
@SeraAndroid#DeathToPW /$d+/ @SeraAndroid#DeathToPW Favor security too much over the experience and you’ll make the website a pain to use. smashingmagazine.com/2012/10/26/password-masking-hurt-signup-form
@SeraAndroid#DeathToPW vs.
@SeraAndroid#DeathToPW
@SeraAndroid#DeathToPW People forget passwords… 45% admit to leaving a website instead of re- setting their password or answering security questions - Blue Inc. 2011
@SeraAndroid#DeathToPW Let’s admit it: Passwords really suck!
@SeraAndroid#DeathToPW /$d+/ @SeraAndroid#DeathToPW Hashing hash(password + salt)
@SeraAndroid#DeathToPW /$d+/ @SeraAndroid#DeathToPW Bad hashing algorithms MD5, SHA-1, SHA-2, SHA-3 bit.ly/1DOfzy7
@SeraAndroid#DeathToPW /$d+/ @SeraAndroid#DeathToPW Awesome hashing algorithms PBKDF2, BCRYPT, SCRYPT bit.ly/1DOfzy7
@SeraAndroid#DeathToPW 2 Factor Authentication twofactorauth.org
@SeraAndroid#DeathToPW Passwordless Authentication medium.com/@ninjudd/passwords-are-obsolete-9ed56d483eb
@SeraAndroid#DeathToPW
@SeraAndroid#DeathToPW
@SeraAndroid#DeathToPW
@SeraAndroid#DeathToPW braintreepayments.com/blog/goodbye-passwords-one-touch-hello-bitcoin > Braintree Says Goodbye to Passwords With One Touch Payments for PayPal and Venmo, and Hello to Bitcoin_
@SeraAndroid#DeathToPW
@SeraAndroid#DeathToPW Merchant app PayPal app Merchant app
@SeraAndroid#DeathToPW Merchant app PayPal app Merchant app
@SeraAndroid#DeathToPW Merchant app PayPal app Merchant app
@SeraAndroid#DeathToPW Merchant app PayPal app Merchant app
@SeraAndroid#DeathToPW People hate to register Out of 657 surveyed users 66% think that social sign-in is a desirable alternative. - Blue Inc. 2011
@SeraAndroid#DeathToPW Person Social Identity Concrete Identity No Identity
@SeraAndroid#DeathToPW Authorization & Authentication stackoverflow.com/questions/6367865/is-there-a-difference- between-authentication-and-authorization
@SeraAndroid#DeathToPW One person's data is another person's noise. - K.C. Cole
@SeraAndroid#DeathToPW >Social vs. Concrete Identities_
@SeraAndroid#DeathToPW /$d+/ @SeraAndroid#DeathToPW OAuth 1.0 2007
@SeraAndroid#DeathToPW Request Request Token Grant Request Token Direct User to Service Obtain Authorization Direct to Consumer Request Access Token Grant Access Token Access Resources The Consumer Service Provider
@SeraAndroid#DeathToPW /$d+/ @SeraAndroid#DeathToPW OAuth 1.0a 2009
@SeraAndroid#DeathToPW /$d+/ @SeraAndroid#DeathToPW OAuth 2.0 2012
@SeraAndroid#DeathToPW Direct User to Service Obtain Authorization Request Access Token Grant Access Token Direct to Consumer Access Resources The Consumer Service Provider @SeraAndroid / @Braintree_Dev
@SeraAndroid#DeathToPW OAuth 2.0 Token via Header URL url = new URL("http://url.com/"); HttpURLConnection urlConnection = (HttpURLConnection) url.openConnection(); setRequestProperty("Authorization", "Bearer …");
@SeraAndroid#DeathToPW OAuth 2.0 Token via URI "url.com/oauth?access_token=…"
@SeraAndroid#DeathToPW OAuth libraries oauth.net/code
@SeraAndroid#DeathToPW OAuth libraries for Android github.com/mttkay/signpost github.com/pakerfeldt/signpost-retrofit
@SeraAndroid#DeathToPW OAuth libraries for iOS github.com/nxtbgthng/OAuth2Client github.com/AFNetworking/AFOAuth2Manager
@SeraAndroid#DeathToPW /$d+/ @SeraAndroid#DeathToPW OpenID 2005
@SeraAndroid#DeathToPW /$d+/ @SeraAndroid#DeathToPW
@SeraAndroid#DeathToPW /$d+/ @SeraAndroid#DeathToPW The Hybrids OpenID OAuth Extension & OpenID Connect
@SeraAndroid#DeathToPW
@SeraAndroid#DeathToPW Upcoming
@SeraAndroid#DeathToPW
@SeraAndroid#DeathToPW A Trusted Environment
@SeraAndroid#DeathToPW
@SeraAndroid#DeathToPW
@SeraAndroid#DeathToPW
@SeraAndroid#DeathToPW >The Realm of Creepy_
@SeraAndroid#DeathToPW
@SeraAndroid#DeathToPW
@SeraAndroid#DeathToPW
@SeraAndroid#DeathToPW Scaling Security
@SeraAndroid#DeathToPW FIDO Alliancefidoalliance.org
@SeraAndroid#DeathToPW Security Needs an accessible standard
@SeraAndroid#DeathToPW Difference Between Authentication and Authorization
@SeraAndroid#DeathToPW User Experience Should be enhanced - not impaired
@SeraAndroid#DeathToPW Thanks tim@getbraintree.com braintreepayments.com/developers slideshare.com/PayPal

Recomendados

Dutch PHP 2018 - Cryptography for Beginners
Dutch PHP 2018 - Cryptography for BeginnersDutch PHP 2018 - Cryptography for Beginners
Dutch PHP 2018 - Cryptography for BeginnersAdam Englander
 
Password Storage And Attacking In PHP - PHP Argentina
Password Storage And Attacking In PHP - PHP ArgentinaPassword Storage And Attacking In PHP - PHP Argentina
Password Storage And Attacking In PHP - PHP ArgentinaAnthony Ferrara
 
Protecting Passwords
Protecting PasswordsProtecting Passwords
Protecting Passwordsinaz2
 
Kanishka_3D Passwords
Kanishka_3D PasswordsKanishka_3D Passwords
Kanishka_3D PasswordsKanishka Khandelwal
 
How-to crack 43kk passwords while drinking your juice/smoozie in the Hood
How-to crack 43kk passwords while drinking your juice/smoozie in the HoodHow-to crack 43kk passwords while drinking your juice/smoozie in the Hood
How-to crack 43kk passwords while drinking your juice/smoozie in the HoodYurii Bilyk
 
SNS 보안 위협 사례
SNS 보안 위협 사례SNS 보안 위협 사례
SNS 보안 위협 사례Youngjun Chang
 
모바일 보안 침해 사례
모바일 보안 침해 사례모바일 보안 침해 사례
모바일 보안 침해 사례JM code group
 
Wikipedia presentation 20130514
Wikipedia presentation 20130514Wikipedia presentation 20130514
Wikipedia presentation 20130514Vassia Atanassova
 

Recomendados

Dutch PHP 2018 - Cryptography for Beginners
Dutch PHP 2018 - Cryptography for BeginnersDutch PHP 2018 - Cryptography for Beginners
Dutch PHP 2018 - Cryptography for BeginnersAdam Englander
 
Password Storage And Attacking In PHP - PHP Argentina
Password Storage And Attacking In PHP - PHP ArgentinaPassword Storage And Attacking In PHP - PHP Argentina
Password Storage And Attacking In PHP - PHP ArgentinaAnthony Ferrara
 
Protecting Passwords
Protecting PasswordsProtecting Passwords
Protecting Passwordsinaz2
 
Kanishka_3D Passwords
Kanishka_3D PasswordsKanishka_3D Passwords
Kanishka_3D PasswordsKanishka Khandelwal
 
How-to crack 43kk passwords while drinking your juice/smoozie in the Hood
How-to crack 43kk passwords while drinking your juice/smoozie in the HoodHow-to crack 43kk passwords while drinking your juice/smoozie in the Hood
How-to crack 43kk passwords while drinking your juice/smoozie in the HoodYurii Bilyk
 
SNS 보안 위협 사례
SNS 보안 위협 사례SNS 보안 위협 사례
SNS 보안 위협 사례Youngjun Chang
 
모바일 보안 침해 사례
모바일 보안 침해 사례모바일 보안 침해 사례
모바일 보안 침해 사례JM code group
 
Wikipedia presentation 20130514
Wikipedia presentation 20130514Wikipedia presentation 20130514
Wikipedia presentation 20130514Vassia Atanassova
 
IT Performance – what differentiates the Leaders
IT Performance – what differentiates the LeadersIT Performance – what differentiates the Leaders
IT Performance – what differentiates the LeadersCapgemini
 
Gráfico diario del ibex 35 para el 15 04 2015
Gráfico diario del ibex 35 para el 15 04 2015Gráfico diario del ibex 35 para el 15 04 2015
Gráfico diario del ibex 35 para el 15 04 2015Experiencia Trading
 
True Life: I work at an advertising agency
True Life: I work at an advertising agencyTrue Life: I work at an advertising agency
True Life: I work at an advertising agencyKait1788
 
10 Strategies Startup Companies Need to Know to Aggressively Build a Patent P...
10 Strategies Startup Companies Need to Know to Aggressively Build a Patent P...10 Strategies Startup Companies Need to Know to Aggressively Build a Patent P...
10 Strategies Startup Companies Need to Know to Aggressively Build a Patent P...Knobbe Martens - Intellectual Property Law
 
Q3 15 earnings slides-final
Q3 15 earnings slides-finalQ3 15 earnings slides-final
Q3 15 earnings slides-finalInvestorBruker
 
Salesforce dug meetup6_summer14apex
Salesforce dug meetup6_summer14apexSalesforce dug meetup6_summer14apex
Salesforce dug meetup6_summer14apexIkou Sanuki
 
Lunar new year celebrations TET QUY TY
Lunar new year celebrations TET QUY TYLunar new year celebrations TET QUY TY
Lunar new year celebrations TET QUY TYvinhbinh2010
 
RFID
RFIDRFID
RFIDn|u - The Open Security Community
 
How effective is the combination of your main product and ancillary?
How effective is the combination of your main product and ancillary?How effective is the combination of your main product and ancillary?
How effective is the combination of your main product and ancillary?CFGSSufiaB
 
Death to passwords - DroidCon Paris 2014
Death to passwords - DroidCon Paris 2014Death to passwords - DroidCon Paris 2014
Death to passwords - DroidCon Paris 2014Paris Android User Group
 
#MBLTdev: Современная аутентификация (PayPal)
#MBLTdev: Современная аутентификация (PayPal)#MBLTdev: Современная аутентификация (PayPal)
#MBLTdev: Современная аутентификация (PayPal)e-Legion
 
Cryptography for Beginners - Sunshine PHP 2018
Cryptography for Beginners - Sunshine PHP 2018Cryptography for Beginners - Sunshine PHP 2018
Cryptography for Beginners - Sunshine PHP 2018Adam Englander
 
Cryptography for Beginners - Midwest PHP 2018
Cryptography for Beginners - Midwest PHP 2018Cryptography for Beginners - Midwest PHP 2018
Cryptography for Beginners - Midwest PHP 2018Adam Englander
 
Online passwords – understanding "credential stuffing" cyberattack
Online passwords – understanding "credential stuffing" cyberattackOnline passwords – understanding "credential stuffing" cyberattack
Online passwords – understanding "credential stuffing" cyberattackOVHcloud
 
Understanding & Facilitating Semantic Search - #SearchFest 2016
Understanding & Facilitating Semantic Search - #SearchFest 2016Understanding & Facilitating Semantic Search - #SearchFest 2016
Understanding & Facilitating Semantic Search - #SearchFest 2016Mike Arnesen
 
CoinMiners are Evasive - BsidesTLV
CoinMiners are Evasive - BsidesTLVCoinMiners are Evasive - BsidesTLV
CoinMiners are Evasive - BsidesTLVThomas Roccia
 
BrightonSEO July 2021: Spilling the T in EAT- Easy CRO Tricks for User Trust
BrightonSEO July 2021: Spilling the T in EAT- Easy CRO Tricks for User TrustBrightonSEO July 2021: Spilling the T in EAT- Easy CRO Tricks for User Trust
BrightonSEO July 2021: Spilling the T in EAT- Easy CRO Tricks for User TrustOliver Brett
 
Racing crypto exchanges, or how I manipulated the balances
Racing crypto exchanges, or how I manipulated the balancesRacing crypto exchanges, or how I manipulated the balances
Racing crypto exchanges, or how I manipulated the balancesVahagn Vardanyan
 
TCS: Competitive Intelligence Tools - Tools Presentation Part 1
TCS: Competitive Intelligence Tools - Tools Presentation Part 1TCS: Competitive Intelligence Tools - Tools Presentation Part 1
TCS: Competitive Intelligence Tools - Tools Presentation Part 1Roland Frasier
 
An Introduction to PASETO Tokens
An Introduction to PASETO TokensAn Introduction to PASETO Tokens
An Introduction to PASETO TokensAll Things Open
 
JSConf Asia: Node.js Authentication and Data Security
JSConf Asia: Node.js Authentication and Data SecurityJSConf Asia: Node.js Authentication and Data Security
JSConf Asia: Node.js Authentication and Data SecurityTim Messerschmidt
 
DWS Mobile Payments Workshop
DWS Mobile Payments WorkshopDWS Mobile Payments Workshop
DWS Mobile Payments WorkshopTim Messerschmidt
 

Más contenido relacionado

Destacado

IT Performance – what differentiates the Leaders
IT Performance – what differentiates the LeadersIT Performance – what differentiates the Leaders
IT Performance – what differentiates the LeadersCapgemini
 
Gráfico diario del ibex 35 para el 15 04 2015
Gráfico diario del ibex 35 para el 15 04 2015Gráfico diario del ibex 35 para el 15 04 2015
Gráfico diario del ibex 35 para el 15 04 2015Experiencia Trading
 
True Life: I work at an advertising agency
True Life: I work at an advertising agencyTrue Life: I work at an advertising agency
True Life: I work at an advertising agencyKait1788
 
10 Strategies Startup Companies Need to Know to Aggressively Build a Patent P...
10 Strategies Startup Companies Need to Know to Aggressively Build a Patent P...10 Strategies Startup Companies Need to Know to Aggressively Build a Patent P...
10 Strategies Startup Companies Need to Know to Aggressively Build a Patent P...Knobbe Martens - Intellectual Property Law
 
Q3 15 earnings slides-final
Q3 15 earnings slides-finalQ3 15 earnings slides-final
Q3 15 earnings slides-finalInvestorBruker
 
Salesforce dug meetup6_summer14apex
Salesforce dug meetup6_summer14apexSalesforce dug meetup6_summer14apex
Salesforce dug meetup6_summer14apexIkou Sanuki
 
Lunar new year celebrations TET QUY TY
Lunar new year celebrations TET QUY TYLunar new year celebrations TET QUY TY
Lunar new year celebrations TET QUY TYvinhbinh2010
 
How effective is the combination of your main product and ancillary?
How effective is the combination of your main product and ancillary?How effective is the combination of your main product and ancillary?
How effective is the combination of your main product and ancillary?CFGSSufiaB
 

Destacado (9)

IT Performance – what differentiates the Leaders
IT Performance – what differentiates the LeadersIT Performance – what differentiates the Leaders
IT Performance – what differentiates the Leaders
 
Gráfico diario del ibex 35 para el 15 04 2015
Gráfico diario del ibex 35 para el 15 04 2015Gráfico diario del ibex 35 para el 15 04 2015
Gráfico diario del ibex 35 para el 15 04 2015
 
True Life: I work at an advertising agency
True Life: I work at an advertising agencyTrue Life: I work at an advertising agency
True Life: I work at an advertising agency
 
10 Strategies Startup Companies Need to Know to Aggressively Build a Patent P...
10 Strategies Startup Companies Need to Know to Aggressively Build a Patent P...10 Strategies Startup Companies Need to Know to Aggressively Build a Patent P...
10 Strategies Startup Companies Need to Know to Aggressively Build a Patent P...
 
Q3 15 earnings slides-final
Q3 15 earnings slides-finalQ3 15 earnings slides-final
Q3 15 earnings slides-final
 
Salesforce dug meetup6_summer14apex
Salesforce dug meetup6_summer14apexSalesforce dug meetup6_summer14apex
Salesforce dug meetup6_summer14apex
 
Lunar new year celebrations TET QUY TY
Lunar new year celebrations TET QUY TYLunar new year celebrations TET QUY TY
Lunar new year celebrations TET QUY TY
 
RFID
RFIDRFID
RFID
 
How effective is the combination of your main product and ancillary?
How effective is the combination of your main product and ancillary?How effective is the combination of your main product and ancillary?
How effective is the combination of your main product and ancillary?
 

Similar a Death to Passwords: How Authentication Will Evolve Beyond Passwords

#MBLTdev: Современная аутентификация (PayPal)
#MBLTdev: Современная аутентификация (PayPal)#MBLTdev: Современная аутентификация (PayPal)
#MBLTdev: Современная аутентификация (PayPal)e-Legion
 
Cryptography for Beginners - Sunshine PHP 2018
Cryptography for Beginners - Sunshine PHP 2018Cryptography for Beginners - Sunshine PHP 2018
Cryptography for Beginners - Sunshine PHP 2018Adam Englander
 
Cryptography for Beginners - Midwest PHP 2018
Cryptography for Beginners - Midwest PHP 2018Cryptography for Beginners - Midwest PHP 2018
Cryptography for Beginners - Midwest PHP 2018Adam Englander
 
Online passwords – understanding "credential stuffing" cyberattack
Online passwords – understanding "credential stuffing" cyberattackOnline passwords – understanding "credential stuffing" cyberattack
Online passwords – understanding "credential stuffing" cyberattackOVHcloud
 
Understanding & Facilitating Semantic Search - #SearchFest 2016
Understanding & Facilitating Semantic Search - #SearchFest 2016Understanding & Facilitating Semantic Search - #SearchFest 2016
Understanding & Facilitating Semantic Search - #SearchFest 2016Mike Arnesen
 
CoinMiners are Evasive - BsidesTLV
CoinMiners are Evasive - BsidesTLVCoinMiners are Evasive - BsidesTLV
CoinMiners are Evasive - BsidesTLVThomas Roccia
 
BrightonSEO July 2021: Spilling the T in EAT- Easy CRO Tricks for User Trust
BrightonSEO July 2021: Spilling the T in EAT- Easy CRO Tricks for User TrustBrightonSEO July 2021: Spilling the T in EAT- Easy CRO Tricks for User Trust
BrightonSEO July 2021: Spilling the T in EAT- Easy CRO Tricks for User TrustOliver Brett
 
Racing crypto exchanges, or how I manipulated the balances
Racing crypto exchanges, or how I manipulated the balancesRacing crypto exchanges, or how I manipulated the balances
Racing crypto exchanges, or how I manipulated the balancesVahagn Vardanyan
 
TCS: Competitive Intelligence Tools - Tools Presentation Part 1
TCS: Competitive Intelligence Tools - Tools Presentation Part 1TCS: Competitive Intelligence Tools - Tools Presentation Part 1
TCS: Competitive Intelligence Tools - Tools Presentation Part 1Roland Frasier
 
An Introduction to PASETO Tokens
An Introduction to PASETO TokensAn Introduction to PASETO Tokens
An Introduction to PASETO TokensAll Things Open
 

Similar a Death to Passwords: How Authentication Will Evolve Beyond Passwords (11)

Death to passwords - DroidCon Paris 2014
Death to passwords - DroidCon Paris 2014Death to passwords - DroidCon Paris 2014
Death to passwords - DroidCon Paris 2014
 
#MBLTdev: Современная аутентификация (PayPal)
#MBLTdev: Современная аутентификация (PayPal)#MBLTdev: Современная аутентификация (PayPal)
#MBLTdev: Современная аутентификация (PayPal)
 
Cryptography for Beginners - Sunshine PHP 2018
Cryptography for Beginners - Sunshine PHP 2018Cryptography for Beginners - Sunshine PHP 2018
Cryptography for Beginners - Sunshine PHP 2018
 
Cryptography for Beginners - Midwest PHP 2018
Cryptography for Beginners - Midwest PHP 2018Cryptography for Beginners - Midwest PHP 2018
Cryptography for Beginners - Midwest PHP 2018
 
Online passwords – understanding "credential stuffing" cyberattack
Online passwords – understanding "credential stuffing" cyberattackOnline passwords – understanding "credential stuffing" cyberattack
Online passwords – understanding "credential stuffing" cyberattack
 
Understanding & Facilitating Semantic Search - #SearchFest 2016
Understanding & Facilitating Semantic Search - #SearchFest 2016Understanding & Facilitating Semantic Search - #SearchFest 2016
Understanding & Facilitating Semantic Search - #SearchFest 2016
 
CoinMiners are Evasive - BsidesTLV
CoinMiners are Evasive - BsidesTLVCoinMiners are Evasive - BsidesTLV
CoinMiners are Evasive - BsidesTLV
 
BrightonSEO July 2021: Spilling the T in EAT- Easy CRO Tricks for User Trust
BrightonSEO July 2021: Spilling the T in EAT- Easy CRO Tricks for User TrustBrightonSEO July 2021: Spilling the T in EAT- Easy CRO Tricks for User Trust
BrightonSEO July 2021: Spilling the T in EAT- Easy CRO Tricks for User Trust
 
Racing crypto exchanges, or how I manipulated the balances
Racing crypto exchanges, or how I manipulated the balancesRacing crypto exchanges, or how I manipulated the balances
Racing crypto exchanges, or how I manipulated the balances
 
TCS: Competitive Intelligence Tools - Tools Presentation Part 1
TCS: Competitive Intelligence Tools - Tools Presentation Part 1TCS: Competitive Intelligence Tools - Tools Presentation Part 1
TCS: Competitive Intelligence Tools - Tools Presentation Part 1
 
An Introduction to PASETO Tokens
An Introduction to PASETO TokensAn Introduction to PASETO Tokens
An Introduction to PASETO Tokens
 

Más de Tim Messerschmidt

JSConf Asia: Node.js Authentication and Data Security
JSConf Asia: Node.js Authentication and Data SecurityJSConf Asia: Node.js Authentication and Data Security
JSConf Asia: Node.js Authentication and Data SecurityTim Messerschmidt
 
DWS Mobile Payments Workshop
DWS Mobile Payments WorkshopDWS Mobile Payments Workshop
DWS Mobile Payments WorkshopTim Messerschmidt
 
Building a Mobile Location Aware System with Beacons
Building a Mobile Location Aware System with BeaconsBuilding a Mobile Location Aware System with Beacons
Building a Mobile Location Aware System with BeaconsTim Messerschmidt
 
Node.js Authentication and Data Security
Node.js Authentication and Data SecurityNode.js Authentication and Data Security
Node.js Authentication and Data SecurityTim Messerschmidt
 
Node.js Authentication & Data Security
Node.js Authentication & Data SecurityNode.js Authentication & Data Security
Node.js Authentication & Data SecurityTim Messerschmidt
 
HackconEU: Hackathons are for Hackers
HackconEU: Hackathons are for HackersHackconEU: Hackathons are for Hackers
HackconEU: Hackathons are for HackersTim Messerschmidt
 
The Anatomy of Invisible Apps
The Anatomy of Invisible AppsThe Anatomy of Invisible Apps
The Anatomy of Invisible AppsTim Messerschmidt
 
Expanding APIs beyond the Web
Expanding APIs beyond the WebExpanding APIs beyond the Web
Expanding APIs beyond the WebTim Messerschmidt
 

Más de Tim Messerschmidt (12)

JSConf Asia: Node.js Authentication and Data Security
JSConf Asia: Node.js Authentication and Data SecurityJSConf Asia: Node.js Authentication and Data Security
JSConf Asia: Node.js Authentication and Data Security
 
DWS Mobile Payments Workshop
DWS Mobile Payments WorkshopDWS Mobile Payments Workshop
DWS Mobile Payments Workshop
 
Building a Mobile Location Aware System with Beacons
Building a Mobile Location Aware System with BeaconsBuilding a Mobile Location Aware System with Beacons
Building a Mobile Location Aware System with Beacons
 
Node.js Authentication and Data Security
Node.js Authentication and Data SecurityNode.js Authentication and Data Security
Node.js Authentication and Data Security
 
Node.js Authentication & Data Security
Node.js Authentication & Data SecurityNode.js Authentication & Data Security
Node.js Authentication & Data Security
 
HackconEU: Hackathons are for Hackers
HackconEU: Hackathons are for HackersHackconEU: Hackathons are for Hackers
HackconEU: Hackathons are for Hackers
 
The Anatomy of Invisible Apps
The Anatomy of Invisible AppsThe Anatomy of Invisible Apps
The Anatomy of Invisible Apps
 
Expanding APIs beyond the Web
Expanding APIs beyond the WebExpanding APIs beyond the Web
Expanding APIs beyond the Web
 
Future Of Payments
Future Of PaymentsFuture Of Payments
Future Of Payments
 
Death To Passwords
Death To PasswordsDeath To Passwords
Death To Passwords
 
Kraken at DevCon TLV
Kraken at DevCon TLVKraken at DevCon TLV
Kraken at DevCon TLV
 
SETapp Präsentation
SETapp PräsentationSETapp Präsentation
SETapp Präsentation
 

Último

TRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptxTRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptxAndrieCagasanAkio
 
Cybersecurity Threats and Cybersecurity Best Practices
Cybersecurity Threats and Cybersecurity Best PracticesCybersecurity Threats and Cybersecurity Best Practices
Cybersecurity Threats and Cybersecurity Best PracticesLumiverse Solutions Pvt Ltd
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书rnrncn29
 
ETHICAL HACKING dddddddddddddddfnandni.pptx
ETHICAL HACKING dddddddddddddddfnandni.pptxETHICAL HACKING dddddddddddddddfnandni.pptx
ETHICAL HACKING dddddddddddddddfnandni.pptxNIMMANAGANTI RAMAKRISHNA
 
Company Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptxCompany Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptxMario
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predieusebiomeyer
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119APNIC
 
Unidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptxUnidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptxmibuzondetrabajo
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书rnrncn29
 

Último (9)

TRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptxTRENDS Enabling and inhibiting dimensions.pptx
TRENDS Enabling and inhibiting dimensions.pptx
 
Cybersecurity Threats and Cybersecurity Best Practices
Cybersecurity Threats and Cybersecurity Best PracticesCybersecurity Threats and Cybersecurity Best Practices
Cybersecurity Threats and Cybersecurity Best Practices
 
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
『澳洲文凭』买拉筹伯大学毕业证书成绩单办理澳洲LTU文凭学位证书
 
ETHICAL HACKING dddddddddddddddfnandni.pptx
ETHICAL HACKING dddddddddddddddfnandni.pptxETHICAL HACKING dddddddddddddddfnandni.pptx
ETHICAL HACKING dddddddddddddddfnandni.pptx
 
Company Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptxCompany Snapshot Theme for Business by Slidesgo.pptx
Company Snapshot Theme for Business by Slidesgo.pptx
 
SCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is prediSCM Symposium PPT Format Customer loyalty is predi
SCM Symposium PPT Format Customer loyalty is predi
 
IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119IP addressing and IPv6, presented by Paul Wilson at IETF 119
IP addressing and IPv6, presented by Paul Wilson at IETF 119
 
Unidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptxUnidad 4 – Redes de ordenadores (en inglés).pptx
Unidad 4 – Redes de ordenadores (en inglés).pptx
 
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
『澳洲文凭』买詹姆士库克大学毕业证书成绩单办理澳洲JCU文凭学位证书
 

Death to Passwords: How Authentication Will Evolve Beyond Passwords

Notas del editor

  1. Have a look at the key issues of passwords Ways to improve working with passwords Alternative technologies that boost UX
  2. Security is a concept Constant struggle to keep up with exploits No 100% security
  3. And it doesn’t even stop here
  4. SplashData
  5. SplashData
  6. Batman vs superman movie DC must have paid for this
  7. Batman vs superman movie DC must have paid for this
  8. Batman vs superman movie DC must have paid for this
  9. Mention 3 key problems: Reused Phished Keylogged
  10. April 7th 2014 public Read the memory of system Compromises secret keys OpenSSL
  11. Jakob Nielsen Denmark
  12. Roberto Orgiu
  13. MD5, SHA-1, 2, 3
  14. MD5, SHA-1, 2, 3
  15. bcrypt scrypt and PBKDF2 Password based key derivation function scrypt 2012 IETF
  16. OTP (One-time password) Not vulnerable to replay attacks Supposed to be used on one system only
  17. OTP (One-time password) Not vulnerable to replay attacks Affects one system only Twitter & Yahoo
  18. Sci-Fi Author The Universe and the Teacup
  19. 3 kinds of token Request Authorization Access
  20. Vulnerability Redirect URI
  21. Open a WebView Request Access Token with Auth Code
  22. More than 1 billion users at peak 2009
  23. OpenID OAuth 2 Hybrid Extension OpenID Connect
  24. Should biometry replace passwords or identity?
  25. Heartbeat
  26. Fujitsu
  27. Emotiv Electrical activity in brain