You have a solid security infrastructure, all user data is encrypted, your users are protected right? As long as passwords remain the standard methods for identifying your users on the web, people will still continue to use "letmein" or "password123" for their secure login, and will continue to be shocked when their accounts become compromised.
Passwords are not secure, they need to be replaced. In this talk we're going to explore the pitfalls of a system designed around a username and password, then dive into the ways that technology is giving us a slew of new ways to build a secure user identity system. From biometrics to wearables, hardware to tokens, we'll explore a multitude of ways that we can finally kill all passwords.
4. 4.7% of users have the password password;
8.5% have the passwords password or 123456;
9.8% have the passwords password, 123456 or
12345678;
14% have a password from the top 10 passwords
40% have a password from the top 100 passwords
79% have a password from the top 500 passwords
91% have a password from the top 1000 passwords
Poor Password Choices
twitter: @jcleblanc | hashtag: #ConvergeSE
19. Use Another Site Login
Mixed OAuth 2 / OpenID
Connect for auth
Roll Your Own
Username / Password
Fingerprint Scanning
State of Developer Auth
twitter: @jcleblanc | hashtag: #ConvergeSE
23. False negative: Valid
user can’t log in
False positive: Invalid
user can log in
False Positive /
Negative Rates
twitter: @jcleblanc | hashtag: #ConvergeSE