#MBLTdev: Конференция мобильных разработчиков Спикер: Тим Мессершмидт Глава EMEA, PayPal http://mbltdev.ru/

1. Modern Day Authentication
Tim Messerschmidt
Head of Developer Advocacy, EMEA
PayPal + Braintree
Braintree_Dev. @SeraAndroid / @PayPalDev

2. Braintree_Dev. @SeraAndroid / @PayPalDev

3. Braintree_Dev. @SeraAndroid / @PayPalDev

4. That’s me
Braintree_Dev. @SeraAndroid / @PayPalDev

5. >Death to Passwords _
Braintree_Dev. @SeraAndroid / @PayPalDev

6. Braintree_Dev. @SeraAndroid / @PayPalDev

7. The top 1000 most used
passwords of 2012
wiki.skullsecurity.org/Passwords
Braintree_Dev. @SeraAndroid / @PayPalDev

8. 4.7% OF ALL USERS USE THE
PASSWORD PASSWORD
Braintree_Dev. @SeraAndroid / @PayPalDev

9. 8.5% OF ARE USING
PASSWORD OR 123456
Braintree_Dev. @SeraAndroid / @PayPalDev

10. 9.8% USE PASSWORD,
123456 OR 12345678
Braintree_Dev. @SeraAndroid / @PayPalDev

11. ... and it doesn’t even stop here
14% have a password from the top 10
40% have a password from the top 100
79% have a password from the top 500
91% have a password from the top 1000
Braintree_Dev. @SeraAndroid / @PayPalDev

12. A brief analysis of the
situation in 2013
cbsn.ws/1siTPGH
Braintree_Dev. @SeraAndroid / @PayPalDev

13. 1. 123456
2. password
3. 12345678
4. qwerty
5. abc123
6. 123456789
7. 111111
8. 1234567
9. iloveyou
10. Adobe123
11. 123123
12. admin
13. 1234567890
14. letmein
15. photoshop
16. 1234
17. monkey down
18. shadow
19. sunshine
20. 12345
Braintree_Dev. @SeraAndroid / @PayPalDev

14. 1. 123456 up 1
2. password down 1
3. 12345678
4. qwerty up 1
5. abc123 down 1
6. 123456789 new
7. 111111 up 2
8. 1234567 up 5
9. iloveyou up 2
10. adobe123 new
11. 123123 up 5
12. admin new
13. 1234567890 new
14. letmein down 7
15. photoshop new
16. 1234 new
17. monkey down 11
18. shadow
19. sunshine down 5
20. 12345 new
Braintree_Dev. @SeraAndroid / @PayPalDev

15. 1. 123456 up 1
2. password down 1
3. 12345678
4. qwerty up 1
5. abc123 down 1
6. 123456789 new
7. 111111 up 2
8. 1234567 up 5
9. iloveyou up 2
10. adobe123 new
11. 123123 up 5
12. admin new
13. 1234567890 new
14. letmein down 7
15. photoshop new
16. 1234 new
17. monkey down 11
18. shadow
19. sunshine down 5
20. 12345 new
Braintree_Dev. @SeraAndroid / @PayPalDev

16. Braintree_Dev. @SeraAndroid / @PayPalDev

17. >The 3 key problems _
Braintree_Dev. @SeraAndroid / @PayPalDev

18. Braintree_Dev. abstrusegoose.com/2@9S6e raAndroid / @PayPalDev

19. “Favor experience /$security too much over the
and you’ll d+/ make the
website a pain to use.”
smashingmagazine.com/2012/10/26/password-masking-hurt-signup-form
Braintree_Dev. @SeraAndroid / @PayPalDev

20. vs.
Braintree_Dev. @SeraAndroid / @PayPalDev

21. People forget passwords…
45% admit to leaving a website instead of re-setting
their password or answering security
questions
- Blue Inc. 2011
Braintree_Dev. @SeraAndroid / @PayPalDev

22. Let’s admit it:
Passwords really suck!
Braintree_Dev. @SeraAndroid / @PayPalDev

23. People hate to register
Out of 657 surveyed users 66% think that
social sign-in is a desirable alternative.
- Blue Inc. 2011
Braintree_Dev. @SeraAndroid / @PayPalDev

24. > Braintree Says Goodbye to Passwords
With One Touch Payments for PayPal and
Venmo, and Hello to Bitcoin braintreepayments.com/blog/goodbye-passwords-one-touch-hello-bitcoin
Braintree_Dev. @SeraAndroid / @PayPalDev

25. Merchant app
PayPal app
Merchant app
Braintree_Dev. @SeraAndroid / @PayPalDev

26. Merchant app
PayPal app
Merchant app
Braintree_Dev. @SeraAndroid / @PayPalDev

27. Merchant app
PayPal app
Merchant app
Braintree_Dev. @SeraAndroid / @PayPalDev

28. Merchant app
PayPal app
Merchant app
Braintree_Dev. @SeraAndroid / @PayPalDev

29. 2 Factor Authentication
twofactorauth.org
Braintree_Dev. @SeraAndroid / @PayPalDev

30. Passwordless Authentication
medium.com/@ninjudd/passwords-are-obsolete-9ed56d483eb
Braintree_Dev. @SeraAndroid / @PayPalDev

31. Braintree_Dev. @SeraAndroid / @PayPalDev

32. Braintree_Dev. @SeraAndroid / @PayPalDev

33. Braintree_Dev. @SeraAndroid / @PayPalDev

34. Authorization Authentication Braintree_Dev. @SeraAndroid / @PayPalDev

35. /OAu$th d1.+0 /
2007
Braintree_Dev. @SeraAndroid / @PayPalDev

36. The
Consumer
Request
Request Token
Service
Provider
Grant
Request Token
Direct User
to Service
Obtain
Authorization
Direct to
Consumer
Request
Access Token
Grant
Access Token
Access
Resources
Braintree_Dev. @SeraAndroid / @PayPalDev

37. /OAu$th 1d.0+a/
2009
Braintree_Dev. @SeraAndroid / @PayPalDev

38. /OAu$th d2.+0 /
2012
Braintree_Dev. @SeraAndroid / @PayPalDev

39. The
Consumer
Direct User
to Service
Service
Provider
Obtain
Authorization
Request
Access Token
Grant
Access Token
Direct to
Consumer
Access
Resources
Braintree_Dev. @SeraAndroid / @PayPalDev

40. /O$penIdD +/
Braintree_Dev. @SeraAndroid / @PayPalDev

41. /Comb$inatdio+n/s
Braintree_Dev. @SeraAndroid / @PayPalDev

42. Braintree_Dev. @SeraAndroid / @PayPalDev

43. What’s next? Braintree_Dev. @SeraAndroid / @PayPalDev

44. Braintree_Dev. @SeraAndroid / @PayPalDev

45. Braintree_Dev. @SeraAndroid / @PayPalDev

46. Braintree_Dev. @SeraAndroid / @PayPalDev

47. Braintree_Dev. @SeraAndroid / @PayPalDev

48. Braintree_Dev. @SeraAndroid / @PayPalDev

49. Utilizing A Trusted Environment Braintree_Dev. @SeraAndroid / @PayPalDev

50. Scaling Security Braintree_Dev. @SeraAndroid / @PayPalDev

51. FIDO Alliance Braintree_Dev. @SeraAndroid / @PayPalDev

52. 1 Security
Matters to users and developers
2 Difference
Authentication and Authorization
3 User Experience
Should be enhanced not impaired
Braintree_Dev. @SeraAndroid / @PayPalDev

53. Спасибо за внимание!
tim@getbraintree.com
braintreepayments.com/developers
slideshare.com/PayPal
Braintree_Dev. @SeraAndroid / @PayPalDev