SlideShare a Scribd company logo

Kill All Passwords

Jonathan LeBlanc, profile picture
Jonathan LeBlanc

The document discusses the shortcomings of traditional passwords, highlighting that many users rely on weak and commonly used passwords. It underscores the need for improved security measures such as better algorithms, variable authentication methods, and identity biometrics. The content suggests that new approaches like OAuth and the FIDO Alliance could pave the way for a more secure identity management system.

Technology
1 of 26
Downloaded 484 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
Kill all Passwords Jonathan LeBlanc (@jcleblanc) Head of Global Developer Advocacy at PayPal + Braintree
Why do we need this? Passwords are awesome! twitter: @jcleblanc | hashtag: #ConvergeSE
1.  123456 2.  password 3.  12345678 4.  qwerty 5.  abc123 6.  123456789 7.  111111 8.  1234567 9.  iloveyou 10. adobe123 11. 123123 12. admin 13. 1234567890 14. letmein 15. photoshop 16. 1234 17. monkey 18. shadow 19. sunshine 20. 12345 Top Passwords of 2014 twitter: @jcleblanc | hashtag: #ConvergeSE
4.7% of users have the password password; 8.5% have the passwords password or 123456; 9.8% have the passwords password, 123456 or 12345678; 14% have a password from the top 10 passwords 40% have a password from the top 100 passwords 79% have a password from the top 500 passwords 91% have a password from the top 1000 passwords Poor Password Choices twitter: @jcleblanc | hashtag: #ConvergeSE
twitter: @jcleblanc | hashtag: #ConvergeSE The Weakest Link
The Key Issues twitter: @jcleblanc | hashtag: #ConvergeSE
People Forget Passwords
twitter: @jcleblanc | hashtag: #ConvergeSE Security over Usability
twitter: @jcleblanc | hashtag: #ConvergeSE Replacing the Concept of a Username and Password
Securing Current Methods twitter: @jcleblanc | hashtag: #ConvergeSE
Bad Security Algorithms MD5, SHA-1, SHA-2, SHA-3 twitter: @jcleblanc | hashtag: #ConvergeSE
Good Security Algorithms PBKDF2, BCRYPT, SCRYPT twitter: @jcleblanc | hashtag: #ConvergeSE
twitter: @jcleblanc | hashtag: #ConvergeSE Key Stretching
Scaling Authentication twitter: @jcleblanc | hashtag: #ConvergeSE
twitter: @jcleblanc | hashtag: #ConvergeSE Establishing Trust Zones
Location Awareness Habit Awareness Browser Uniqueness Device Fingerprinting There’s more to it twitter: @jcleblanc | hashtag: #ConvergeSE
twitter: @jcleblanc | hashtag: #ConvergeSE Variable Authentication
twitter: @jcleblanc | hashtag: #ConvergeSE Usability vs Security
Use Another Site Login Mixed OAuth 2 / OpenID Connect for auth Roll Your Own Username / Password Fingerprint Scanning State of Developer Auth twitter: @jcleblanc | hashtag: #ConvergeSE
twitter: @jcleblanc | hashtag: #ConvergeSE What Happened to OAuth 1.0a?
twitter: @jcleblanc | hashtag: #ConvergeSE Security Concerns with OAuth 2 / OpenID Connect
Identity Biometrics twitter: @jcleblanc | hashtag: #ConvergeSE
False negative: Valid user can’t log in False positive: Invalid user can log in False Positive / Negative Rates twitter: @jcleblanc | hashtag: #ConvergeSE
The FIDO Alliance http://fidoalliance.org/ twitter: @jcleblanc | hashtag: #ConvergeSE
twitter: @jcleblanc | hashtag: #ConvergeSE The Future of Secure Identity & Data Encryption
Thank You! slideshare.net/jcleblanc Jonathan LeBlanc (@jcleblanc) Head of Global Developer Advocacy at PayPal + Braintree

More Related Content

PDF
Mobile Authentication using Biometrics & Wearables
Jonathan LeBlanc
 
PDF
Protecting the Future of Mobile Payments
Jonathan LeBlanc
 
PDF
Building a Mobile Location Aware System with Beacons
Jonathan LeBlanc
 
PPTX
Future of Identity, Data, and Wearable Security
Jonathan LeBlanc
 
PDF
Internet Security and Trends
Jonathan LeBlanc
 
PPTX
Webinar: eCommerce Compliance - PCI meets GDPR
Sucuri
 
PPTX
Webinar: CWAF for Mid Market/Enterprise Organizations
Sucuri
 
PDF
Identity in the Future of Embeddables & Wearables
Jonathan LeBlanc
 
Mobile Authentication using Biometrics & Wearables
Jonathan LeBlanc
 
Protecting the Future of Mobile Payments
Jonathan LeBlanc
 
Building a Mobile Location Aware System with Beacons
Jonathan LeBlanc
 
Future of Identity, Data, and Wearable Security
Jonathan LeBlanc
 
Internet Security and Trends
Jonathan LeBlanc
 
Webinar: eCommerce Compliance - PCI meets GDPR
Sucuri
 
Webinar: CWAF for Mid Market/Enterprise Organizations
Sucuri
 
Identity in the Future of Embeddables & Wearables
Jonathan LeBlanc
 

Similar to Kill All Passwords (20)

PDF
Death to Passwords
Cristiano Betta
 
PDF
Death To Passwords
PayPal
 
PPTX
Advanced Google Analytics with Andy Crestodina - Part 3
Digital Megaphone
 
PDF
Death To Passwords
DroidConTLV
 
PDF
Death To Passwords Droid Edition
PayPal
 
PDF
Death To Passwords
Tim Messerschmidt
 
PDF
Michael Aagaard - You’re Making My Brain Hurt! The Psychology Behind Terrible...
Marketing Festival
 
PDF
Ultimate Free Digital Marketing Toolkit #EdgeBristol 2012
Steve Lock
 
PPTX
Cyber Threats and Data Privacy in a Digital World
qubanewmedia
 
PDF
10 TRENDS IN STAFFING TECH — DON'T GET BLINDSIDED
Human Capital Media
 
PDF
IBM Skills - Practical & Digital Skills for the Future of Work
Dr. Melissa Sassi
 
DOCX
Eraswap and Blocklogy
ManasNanivadekar
 
PDF
Online passwords – understanding "credential stuffing" cyberattack
OVHcloud
 
PDF
Rip DevOps
Ryan Lockard
 
PPTX
Public Good App House: Volunteer Management Apps for Food Security Organizations
TechSoup
 
PDF
Passwordless is Possible - How to Remove Passwords and Improve Security
SecureAuth
 
PDF
How to trive as an early stage startup by using the right metrics
➚ Mike van Hoenselaar
 
PDF
Adversary Driven Defense in the Real World
James Wickett
 
PDF
Lessons From Spider Support
Oliver Brett
 
PDF
Node.js Authentication and Data Security
Tim Messerschmidt
 
Death to Passwords
Cristiano Betta
 
Death To Passwords
PayPal
 
Advanced Google Analytics with Andy Crestodina - Part 3
Digital Megaphone
 
Death To Passwords
DroidConTLV
 
Death To Passwords Droid Edition
PayPal
 
Death To Passwords
Tim Messerschmidt
 
Michael Aagaard - You’re Making My Brain Hurt! The Psychology Behind Terrible...
Marketing Festival
 
Ultimate Free Digital Marketing Toolkit #EdgeBristol 2012
Steve Lock
 
Cyber Threats and Data Privacy in a Digital World
qubanewmedia
 
10 TRENDS IN STAFFING TECH — DON'T GET BLINDSIDED
Human Capital Media
 
IBM Skills - Practical & Digital Skills for the Future of Work
Dr. Melissa Sassi
 
Eraswap and Blocklogy
ManasNanivadekar
 
Online passwords – understanding "credential stuffing" cyberattack
OVHcloud
 
Rip DevOps
Ryan Lockard
 
Public Good App House: Volunteer Management Apps for Food Security Organizations
TechSoup
 
Passwordless is Possible - How to Remove Passwords and Improve Security
SecureAuth
 
How to trive as an early stage startup by using the right metrics
➚ Mike van Hoenselaar
 
Adversary Driven Defense in the Real World
James Wickett
 
Lessons From Spider Support
Oliver Brett
 
Node.js Authentication and Data Security
Tim Messerschmidt
 
Ad

More from Jonathan LeBlanc (20)

PDF
JavaScript App Security: Auth and Identity on the Client
Jonathan LeBlanc
 
PDF
Improving Developer Onboarding Through Intelligent Data Insights
Jonathan LeBlanc
 
PDF
Better Data with Machine Learning and Serverless
Jonathan LeBlanc
 
PPTX
Best Practices for Application Development with Box
Jonathan LeBlanc
 
PPTX
Box Platform Overview
Jonathan LeBlanc
 
PPTX
Box Platform Developer Workshop
Jonathan LeBlanc
 
PPTX
Modern Cloud Data Security Practices
Jonathan LeBlanc
 
PPTX
Box Authentication Types
Jonathan LeBlanc
 
PPTX
Understanding Box UI Elements
Jonathan LeBlanc
 
PPTX
Understanding Box applications, tokens, and scoping
Jonathan LeBlanc
 
PPTX
The Future of Online Money: Creating Secure Payments Globally
Jonathan LeBlanc
 
PDF
Modern API Security with JSON Web Tokens
Jonathan LeBlanc
 
PPTX
Creating an In-Aisle Purchasing System from Scratch
Jonathan LeBlanc
 
PDF
Secure Payments Over Mixed Communication Media
Jonathan LeBlanc
 
PDF
Protecting the Future of Mobile Payments
Jonathan LeBlanc
 
PDF
Node.js Authentication and Data Security
Jonathan LeBlanc
 
PDF
PHP Identity and Data Security
Jonathan LeBlanc
 
PPTX
Secure Payments Over Mixed Communication Media
Jonathan LeBlanc
 
PDF
BattleHack Los Angeles
Jonathan LeBlanc
 
PDF
Rebuilding Commerce
Jonathan LeBlanc
 
JavaScript App Security: Auth and Identity on the Client
Jonathan LeBlanc
 
Improving Developer Onboarding Through Intelligent Data Insights
Jonathan LeBlanc
 
Better Data with Machine Learning and Serverless
Jonathan LeBlanc
 
Best Practices for Application Development with Box
Jonathan LeBlanc
 
Box Platform Overview
Jonathan LeBlanc
 
Box Platform Developer Workshop
Jonathan LeBlanc
 
Modern Cloud Data Security Practices
Jonathan LeBlanc
 
Box Authentication Types
Jonathan LeBlanc
 
Understanding Box UI Elements
Jonathan LeBlanc
 
Understanding Box applications, tokens, and scoping
Jonathan LeBlanc
 
The Future of Online Money: Creating Secure Payments Globally
Jonathan LeBlanc
 
Modern API Security with JSON Web Tokens
Jonathan LeBlanc
 
Creating an In-Aisle Purchasing System from Scratch
Jonathan LeBlanc
 
Secure Payments Over Mixed Communication Media
Jonathan LeBlanc
 
Protecting the Future of Mobile Payments
Jonathan LeBlanc
 
Node.js Authentication and Data Security
Jonathan LeBlanc
 
PHP Identity and Data Security
Jonathan LeBlanc
 
Secure Payments Over Mixed Communication Media
Jonathan LeBlanc
 
BattleHack Los Angeles
Jonathan LeBlanc
 
Rebuilding Commerce
Jonathan LeBlanc
 
Ad

Recently uploaded (20)

PDF
DASA ADMISSION 2024_FirstRound_FirstRank_LastRank.pdf
rameswartudu05
 
PDF
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PDF
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
PDF
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
PPTX
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
PPTX
OMC Textile Division Presentation 2021.pptx
JahangirAlam816069
 
PDF
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
PPTX
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
PDF
DP Operators-handbook-extract for the Mautical Institute
LeonelMejiaLarios
 
PDF
Accuracy of neural networks in brain wave diagnosis of schizophrenia
IAESIJAI
 
PDF
project resource management chapter-09.pdf
ssuser00e6e21
 
PDF
Hybrid model detection and classification of lung cancer
IAESIJAI
 
PDF
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
PPTX
cloud_computing_Infrastucture_as_cloud_p
mainakbhattacharya20
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
PDF
August Patch Tuesday
Ivanti
 
PPTX
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
PDF
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
DASA ADMISSION 2024_FirstRound_FirstRank_LastRank.pdf
rameswartudu05
 
From MVP to Full-Scale Product A Startup’s Software Journey.pdf
KodekX
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
Microsoft Solutions Partner Drive Digital Transformation with D365.pdf
Microsoft Dynamics
 
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
OMC Textile Division Presentation 2021.pptx
JahangirAlam816069
 
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
Group 1 Presentation -Planning and Decision Making .pptx
MatthewLewis227954
 
DP Operators-handbook-extract for the Mautical Institute
LeonelMejiaLarios
 
Accuracy of neural networks in brain wave diagnosis of schizophrenia
IAESIJAI
 
project resource management chapter-09.pdf
ssuser00e6e21
 
Hybrid model detection and classification of lung cancer
IAESIJAI
 
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
cloud_computing_Infrastucture_as_cloud_p
mainakbhattacharya20
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
gpt5_lecture_notes_comprehensive_20250812015547.pdf
Chinchu40
 
August Patch Tuesday
Ivanti
 
Programs and apps: productivity, graphics, security and other tools
4mqw9zch22
 
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 

Kill All Passwords