Upload
e-legion
View
647
Download
0
Tags:
Embed Size (px)
DESCRIPTION
#MBLTdev: Конференция мобильных разработчиков Спикер: Тим Мессершмидт Глава EMEA, PayPal http://mbltdev.ru/
Citation preview
Braintree_Dev. @SeraAndroid / @PayPalDev
Modern Day Authentication
Tim Messerschmidt Head of Developer Advocacy, EMEA PayPal + Braintree
Braintree_Dev. @SeraAndroid / @PayPalDev
Braintree_Dev. @SeraAndroid / @PayPalDev
Braintree_Dev. @SeraAndroid / @PayPalDev
That’s me
Braintree_Dev. @SeraAndroid / @PayPalDev
>Death to Passwords _
Braintree_Dev. @SeraAndroid / @PayPalDev
Braintree_Dev. @SeraAndroid / @PayPalDev
The top 1000 most used passwords of 2012 wiki.skullsecurity.org/Passwords
Braintree_Dev. @SeraAndroid / @PayPalDev
4.7% OF ALL USERS USE THE PASSWORD PASSWORD
Braintree_Dev. @SeraAndroid / @PayPalDev
8.5% OF ARE USING PASSWORD OR 123456
Braintree_Dev. @SeraAndroid / @PayPalDev
9.8% USE PASSWORD, 123456 OR 12345678
Braintree_Dev. @SeraAndroid / @PayPalDev
... and it doesn’t even stop here 14% have a password from the top 10 40% have a password from the top 100 79% have a password from the top 500 91% have a password from the top 1000
Braintree_Dev. @SeraAndroid / @PayPalDev
A brief analysis of the situation in 2013 cbsn.ws/1siTPGH
Braintree_Dev. @SeraAndroid / @PayPalDev
1. 123456 2. password 3. 12345678 4. qwerty 5. abc123 6. 123456789 7. 111111 8. 1234567 9. iloveyou 10. Adobe123
11. 123123 12. admin 13. 1234567890 14. letmein 15. photoshop 16. 1234 17. monkey down 18. shadow 19. sunshine 20. 12345
Braintree_Dev. @SeraAndroid / @PayPalDev
1. 123456 up 1 2. password down 1 3. 12345678 4. qwerty up 1 5. abc123 down 1 6. 123456789 new 7. 111111 up 2 8. 1234567 up 5 9. iloveyou up 2 10. adobe123 new
11. 123123 up 5 12. admin new 13. 1234567890 new 14. letmein down 7 15. photoshop new 16. 1234 new 17. monkey down 11 18. shadow 19. sunshine down 5 20. 12345 new
Braintree_Dev. @SeraAndroid / @PayPalDev
1. 123456 up 1 2. password down 1 3. 12345678 4. qwerty up 1 5. abc123 down 1 6. 123456789 new 7. 111111 up 2 8. 1234567 up 5 9. iloveyou up 2 10. adobe123 new
11. 123123 up 5 12. admin new 13. 1234567890 new 14. letmein down 7 15. photoshop new 16. 1234 new 17. monkey down 11 18. shadow 19. sunshine down 5 20. 12345 new
Braintree_Dev. @SeraAndroid / @PayPalDev
Braintree_Dev. @SeraAndroid / @PayPalDev
>The 3 key problems _
Braintree_Dev. @SeraAndroid / @PayPalDev abstrusegoose.com/296
Braintree_Dev. @SeraAndroid / @PayPalDev
/\$\d+/ “Favor security too much over the experience and you’ll make the
website a pain to use.”
smashingmagazine.com/2012/10/26/password-masking-hurt-signup-form
Braintree_Dev. @SeraAndroid / @PayPalDev
vs.
Braintree_Dev. @SeraAndroid / @PayPalDev
People forget passwords…
45% admit to leaving a website instead of re-setting their password or answering security questions
- Blue Inc. 2011
Braintree_Dev. @SeraAndroid / @PayPalDev
Let’s admit it: Passwords really suck!
Braintree_Dev. @SeraAndroid / @PayPalDev
People hate to register
Out of 657 surveyed users 66% think that social sign-in is a desirable alternative.
- Blue Inc. 2011
Braintree_Dev. @SeraAndroid / @PayPalDev
braintreepayments.com/blog/goodbye-passwords-one-touch-hello-bitcoin
> Braintree Says Goodbye to Passwords With One Touch Payments for PayPal and Venmo, and Hello to Bitcoin _
Braintree_Dev. @SeraAndroid / @PayPalDev
Merchant app
PayPal app
Merchant app
�
Braintree_Dev. @SeraAndroid / @PayPalDev �
Merchant app
PayPal app
Merchant app
Braintree_Dev. @SeraAndroid / @PayPalDev �
Merchant app
PayPal app
Merchant app
Braintree_Dev. @SeraAndroid / @PayPalDev �
Merchant app
PayPal app
Merchant app
Braintree_Dev. @SeraAndroid / @PayPalDev
2 Factor Authentication twofactorauth.org
Braintree_Dev. @SeraAndroid / @PayPalDev
Passwordless Authentication medium.com/@ninjudd/passwords-are-obsolete-9ed56d483eb
Braintree_Dev. @SeraAndroid / @PayPalDev
Braintree_Dev. @SeraAndroid / @PayPalDev
Braintree_Dev. @SeraAndroid / @PayPalDev
Braintree_Dev. @SeraAndroid / @PayPalDev
>Authorization & Authentication _
Braintree_Dev. @SeraAndroid / @PayPalDev
/\$\d+/ OAuth 1.0 2007
Braintree_Dev. @SeraAndroid / @PayPalDev
Braintree_Dev. @SeraAndroid / @PayPalDev
Request Request Token
Grant Request Token
Direct User to Service
Obtain Authorization
Direct to Consumer
Request Access Token
Grant Access Token
Access Resources
The Consumer
Service Provider
Braintree_Dev. @SeraAndroid / @PayPalDev
/\$\d+/ OAuth 1.0a 2009
Braintree_Dev. @SeraAndroid / @PayPalDev
Braintree_Dev. @SeraAndroid / @PayPalDev
/\$\d+/ OAuth 2.0 2012
Braintree_Dev. @SeraAndroid / @PayPalDev
Braintree_Dev. @SeraAndroid / @PayPalDev
Direct User to Service
Obtain Authorization
Request Access Token
Grant Access Token
Direct to Consumer
Access Resources
The Consumer
Service Provider
Braintree_Dev. @SeraAndroid / @PayPalDev
Braintree_Dev. @SeraAndroid / @PayPalDev
/\$\d+/ OpenID
Braintree_Dev. @SeraAndroid / @PayPalDev
Braintree_Dev. @SeraAndroid / @PayPalDev
/\$\d+/ Combinations
Braintree_Dev. @SeraAndroid / @PayPalDev
Braintree_Dev. @SeraAndroid / @PayPalDev
Braintree_Dev. @SeraAndroid / @PayPalDev
>What’s next? _
Braintree_Dev. @SeraAndroid / @PayPalDev
Braintree_Dev. @SeraAndroid / @PayPalDev
Braintree_Dev. @SeraAndroid / @PayPalDev
Braintree_Dev. @SeraAndroid / @PayPalDev
Braintree_Dev. @SeraAndroid / @PayPalDev
Braintree_Dev. @SeraAndroid / @PayPalDev
>Utilizing A Trusted Environment _
Braintree_Dev. @SeraAndroid / @PayPalDev
>Scaling Security _
Braintree_Dev. @SeraAndroid / @PayPalDev
>FIDO Alliance _
Braintree_Dev. @SeraAndroid / @PayPalDev
1 Security Matters to users and developers 2 Difference Authentication and Authorization 3 User Experience Should be enhanced not impaired
Braintree_Dev. @SeraAndroid / @PayPalDev
Braintree_Dev. @SeraAndroid / @PayPalDev
Спасибо за внимание!
[email protected] braintreepayments.com/developers
slideshare.com/PayPal