7. The top 1000 most used
passwords of 2012
wiki.skullsecurity.org/Passwords
Braintree_Dev. @SeraAndroid / @PayPalDev
8. 4.7% OF ALL USERS USE THE
PASSWORD PASSWORD
Braintree_Dev. @SeraAndroid / @PayPalDev
9. 8.5% OF ARE USING
PASSWORD OR 123456
Braintree_Dev. @SeraAndroid / @PayPalDev
10. 9.8% USE PASSWORD,
123456 OR 12345678
Braintree_Dev. @SeraAndroid / @PayPalDev
11. ... and it doesn’t even stop here
14% have a password from the top 10
40% have a password from the top 100
79% have a password from the top 500
91% have a password from the top 1000
Braintree_Dev. @SeraAndroid / @PayPalDev
12. A brief analysis of the
situation in 2013
cbsn.ws/1siTPGH
Braintree_Dev. @SeraAndroid / @PayPalDev
14. 1. 123456 up 1
2. password down 1
3. 12345678
4. qwerty up 1
5. abc123 down 1
6. 123456789 new
7. 111111 up 2
8. 1234567 up 5
9. iloveyou up 2
10. adobe123 new
11. 123123 up 5
12. admin new
13. 1234567890 new
14. letmein down 7
15. photoshop new
16. 1234 new
17. monkey down 11
18. shadow
19. sunshine down 5
20. 12345 new
Braintree_Dev. @SeraAndroid / @PayPalDev
15. 1. 123456 up 1
2. password down 1
3. 12345678
4. qwerty up 1
5. abc123 down 1
6. 123456789 new
7. 111111 up 2
8. 1234567 up 5
9. iloveyou up 2
10. adobe123 new
11. 123123 up 5
12. admin new
13. 1234567890 new
14. letmein down 7
15. photoshop new
16. 1234 new
17. monkey down 11
18. shadow
19. sunshine down 5
20. 12345 new
Braintree_Dev. @SeraAndroid / @PayPalDev
19. “Favor experience /$security too much over the
and you’ll d+/ make the
website a pain to use.”
smashingmagazine.com/2012/10/26/password-masking-hurt-signup-form
Braintree_Dev. @SeraAndroid / @PayPalDev
21. People forget passwords…
45% admit to leaving a website instead of re-setting
their password or answering security
questions
- Blue Inc. 2011
Braintree_Dev. @SeraAndroid / @PayPalDev
23. People hate to register
Out of 657 surveyed users 66% think that
social sign-in is a desirable alternative.
- Blue Inc. 2011
Braintree_Dev. @SeraAndroid / @PayPalDev
24. > Braintree Says Goodbye to Passwords
With One Touch Payments for PayPal and
Venmo, and Hello to Bitcoin braintreepayments.com/blog/goodbye-passwords-one-touch-hello-bitcoin
Braintree_Dev. @SeraAndroid / @PayPalDev
36. The
Consumer
Request
Request Token
Service
Provider
Grant
Request Token
Direct User
to Service
Obtain
Authorization
Direct to
Consumer
Request
Access Token
Grant
Access Token
Access
Resources
Braintree_Dev. @SeraAndroid / @PayPalDev
39. The
Consumer
Direct User
to Service
Service
Provider
Obtain
Authorization
Request
Access Token
Grant
Access Token
Direct to
Consumer
Access
Resources
Braintree_Dev. @SeraAndroid / @PayPalDev
52. 1 Security
Matters to users and developers
2 Difference
Authentication and Authorization
3 User Experience
Should be enhanced not impaired
Braintree_Dev. @SeraAndroid / @PayPalDev