Kill All Passwords

•

177 gefällt mir•58,720 views

You have a solid security infrastructure, all user data is encrypted, your users are protected right? As long as passwords remain the standard methods for identifying your users on the web, people will still continue to use "letmein" or "password123" for their secure login, and will continue to be shocked when their accounts become compromised. Passwords are not secure, they need to be replaced. In this talk we're going to explore the pitfalls of a system designed around a username and password, then dive into the ways that technology is giving us a slew of new ways to build a secure user identity system. From biometrics to wearables, hardware to tokens, we'll explore a multitude of ways that we can finally kill all passwords.

Technologie

Kill all Passwords
Jonathan LeBlanc (@jcleblanc)
Head of Global Developer
Advocacy at PayPal + Braintree

Why do we need this?
Passwords are awesome!
twitter: @jcleblanc | hashtag: #ConvergeSE

1.  123456
2.  password
3.  12345678
4.  qwerty
5.  abc123
6.  123456789
7.  111111
8.  1234567
9.  iloveyou
10. adobe123
11. 123123
12. admin
13. 1234567890
14. letmein
15. photoshop
16. 1234
17. monkey
18. shadow
19. sunshine
20. 12345
Top Passwords of 2014
twitter: @jcleblanc | hashtag: #ConvergeSE

4.7% of users have the password password;
8.5% have the passwords password or 123456;
9.8% have the passwords password, 123456 or
12345678;
14% have a password from the top 10 passwords
40% have a password from the top 100 passwords
79% have a password from the top 500 passwords
91% have a password from the top 1000 passwords
Poor Password Choices
twitter: @jcleblanc | hashtag: #ConvergeSE

twitter: @jcleblanc | hashtag: #ConvergeSE
The Weakest Link

The Key Issues
twitter: @jcleblanc | hashtag: #ConvergeSE

twitter: @jcleblanc | hashtag: #ConvergeSE
Security over Usability

twitter: @jcleblanc | hashtag: #ConvergeSE
Replacing the Concept of
a Username and Password

Securing Current Methods
twitter: @jcleblanc | hashtag: #ConvergeSE

Bad Security Algorithms
MD5, SHA-1, SHA-2, SHA-3
twitter: @jcleblanc | hashtag: #ConvergeSE

Good Security Algorithms
PBKDF2, BCRYPT, SCRYPT
twitter: @jcleblanc | hashtag: #ConvergeSE

twitter: @jcleblanc | hashtag: #ConvergeSE
Key Stretching

Scaling Authentication
twitter: @jcleblanc | hashtag: #ConvergeSE

twitter: @jcleblanc | hashtag: #ConvergeSE
Establishing Trust Zones

Location Awareness
Habit Awareness
Browser Uniqueness
Device Fingerprinting
There’s more to it
twitter: @jcleblanc | hashtag: #ConvergeSE

twitter: @jcleblanc | hashtag: #ConvergeSE
Variable Authentication

twitter: @jcleblanc | hashtag: #ConvergeSE
Usability vs Security

Use Another Site Login
Mixed OAuth 2 / OpenID
Connect for auth
Roll Your Own
Username / Password
Fingerprint Scanning
State of Developer Auth
twitter: @jcleblanc | hashtag: #ConvergeSE

twitter: @jcleblanc | hashtag: #ConvergeSE
What Happened to OAuth 1.0a?

twitter: @jcleblanc | hashtag: #ConvergeSE
Security Concerns with
OAuth 2 / OpenID Connect

Identity Biometrics
twitter: @jcleblanc | hashtag: #ConvergeSE

False negative: Valid
user can’t log in
False positive: Invalid
user can log in
False Positive /
Negative Rates
twitter: @jcleblanc | hashtag: #ConvergeSE

The FIDO Alliance
http://fidoalliance.org/
twitter: @jcleblanc | hashtag: #ConvergeSE

twitter: @jcleblanc | hashtag: #ConvergeSE
The Future of Secure
Identity & Data Encryption

Thank You!
slideshare.net/jcleblanc
Jonathan LeBlanc (@jcleblanc)
Head of Global Developer
Advocacy at PayPal + Braintree

Weitere ähnliche Inhalte

Ähnlich wie Kill All Passwords

Death to Passwords

Cristiano Betta

Death To Passwords

PayPal

Are you getting the most from your Analytics? Are your analytics set up properly or are you new to Google Analytics? And which of your marketing activities have the most impact? In this session, Andy will show you how to maximize the value of your Analytics. You’ll go beyond the basic reports, into the deeper analysis with the real value is hiding. We’ll take you step-by-step through setup, finding insights and taking action. You'll learn how to find the nuggets that will make you a better marketer. Be prepared to level-up your digital marketing expertise. The truth waiting to be discovered in your Analytics Join us LIVE for a summit or workshop in Chicago: Find out more about our latest events at: http://digitalmegaphone.com/chicago-digital-marketing-workshops-conferences-and-summits/

Advanced Google Analytics with Andy Crestodina - Part 3

Digital Megaphone

User authentication in mobile apps is a very common and integral use case. Implementing regular passwords is an easy solution but comes with several pitfalls that impair user experience. In this talk the security flaws and UX implications of passwords will be discussed and highlighted which different techniques exist that are able to offer a more mobile friendly flow. Highlighting authorization and authentication techniques like OAuth, OpenID Connect and even hardware features like Bluetooth Low Energy this talk will be interesting for anyone who’s facing a situation where creating and storing user accounts matters. As presented in DroidCon Tel Aviv 2014 by: Tim Messerschmidt, PayPal http://il.droidcon.com

Death To Passwords

DroidConTLV

Death To Passwords

Tim Messerschmidt

Death To Passwords Droid Edition

PayPal

Michael Aagaard - You’re Making My Brain Hurt! The Psychology Behind Terrible...

Marketing Festival

Ultimate Free Digital Marketing Toolkit #EdgeBristol 2012

Steve Lock

Cyber Threats and Data Privacy in a Digital World

qubanewmedia

Wouldn’t you like to know the future of staffing software? Of course, you would — and by attending this webinar you’ll learn the 10 most critical trends in staffing tech. By understanding these trends and what’s driving them, you’ll make better staffing technology purchases. Staffing tech isn’t rocket science, but technology advancements are moving quite fast. Our three goals for this session are that you’re aware, you understand and you’re confident about the immediate future of staffing tech. During this session, you will learn about: Get a full map of the current HCM software market. Find out the 10 staffing tech trends you’ll need to watch. Understand how evolving staffing tech will affect your work.

10 TRENDS IN STAFFING TECH — DON'T GET BLINDSIDED

Human Capital Media

IBM Skills - Practical & Digital Skills for the Future of Work

Dr. Melissa Sassi

Eraswap and Blocklogy

ManasNanivadekar

Online passwords – understanding "credential stuffing" cyberattack

OVHcloud

Is DevOps dead? Have we seen the end of the original intent of the movement that set a path to re-energize the engineering community? With the emergence of a pointed focus on tools and now massive organizations selling 2-day DevOps certifications, have we lost our way? This talk re-centers the focus of the engineering community to why we started this journey originally; to focus on learning, culture and feedback loops within complex systems and organizations. We will use data and stories from the trenches to weave a message about the anti-patterns that are emerging, but shine a focus on the stories of success and what good outcomes look like.

Rip DevOps

Ryan Lockard

Hosted by TechSoup on February 16, 2022. https://events.techsoup.org/e/mved2q/ Discover four innovative volunteer management apps for organizations that provide meal, pantry, and food bank services in their communities. Food security organizations need robust and effective volunteer management solutions to keep track of volunteer hours and program delivery. In this fast-paced demo event, four app developers will introduce you to their solutions designed specifically for nonprofits like yours. APPLICATIONS FEATURED Track it Forward — Volunteers track their own hours & you keep them accountable Food Rescue Hero — Mobilize thousands of volunteers at the touch of a screen OptimoRoute — Automate your route planning and delivery operations SignUpGenius — Say goodbye to reply-all emails and paper sign up sheets This Public Good App House event is in support of the launch of TechSoup’s Quad: The Space for Solutions.

Public Good App House: Volunteer Management Apps for Food Security Organizations

TechSoup

According to the latest Verizon Data Breach Report, breaches caused by stolen or weak credentials are on the rise – up to 81% in 2016. While there is no denying that we need to remove our dependency on the password as a primary method of authentication, the question remains how do we get there? This SC Magazine-hosted Webinar featured SecureAuth CTO Keith Graham discussing how passwordless authentication is possible today, the considerations needed when moving to a password–free world and how removing passwords as your weakest link can increase security while providing a great user experience.

Passwordless is Possible - How to Remove Passwords and Improve Security

SecureAuth

How to trive as an early stage startup by using the right metrics

➚ Mike van Hoenselaar

Adversary Driven Defense in the Real World

James Wickett

Lessons From Spider Support

Oliver Brett

Node.js Authentication and Data Security

Tim Messerschmidt

Ähnlich wie Kill All Passwords (20)

Death to Passwords

Death To Passwords

Advanced Google Analytics with Andy Crestodina - Part 3

Death To Passwords

Death To Passwords Droid Edition

Michael Aagaard - You’re Making My Brain Hurt! The Psychology Behind Terrible...

Ultimate Free Digital Marketing Toolkit #EdgeBristol 2012

Cyber Threats and Data Privacy in a Digital World

10 TRENDS IN STAFFING TECH — DON'T GET BLINDSIDED

IBM Skills - Practical & Digital Skills for the Future of Work

Eraswap and Blocklogy

Online passwords – understanding "credential stuffing" cyberattack

Rip DevOps

Public Good App House: Volunteer Management Apps for Food Security Organizations

Passwordless is Possible - How to Remove Passwords and Improve Security

How to trive as an early stage startup by using the right metrics

Adversary Driven Defense in the Real World

Lessons From Spider Support

Node.js Authentication and Data Security

Mehr von Jonathan LeBlanc

The story is always the same; if you want to create a JavaScript centric app with API and identity security, you’re told that you need to have a server-side component for handling your identity and application security. That’s simply not the case in modern development. In this session we'll look at client-side identity, API, and token security, exploring token downscoping methodologies, key management tools, and security on the client.

JavaScript App Security: Auth and Identity on the Client

Jonathan LeBlanc

A developer platform lives and dies by it's developer community. When huge problems need to be solved, it's easy to make valuable improvements, but what do you do when those are solved and you still see high bounce rates on your site, low developer application completion, and generally poor adoption of your product? This is where your data can save you. In this talk we'll run through: - How to track valuable developer path insights, from moments of anxiety to time to first valuable call. - Overlaying support and ticketing information on top of developer path data to decrease developer friction. - How to create automated analytics systems to measure success. - When these systems should be built, before it's too late.

Improving Developer Onboarding Through Intelligent Data Insights

Jonathan LeBlanc

Creating valuable insights out of raw data files, such as audio or video, has traditionally been a very manual and tedious process, and has produced mixed results due to an influential human element in the mix. Thanks to enhancements in machine learning systems, coupled with the rapidly deployable nature of serverless technology as a middleware layer, we are able to create highly sophisticated data insight platforms to replace the huge time requirements that have typically been required in the past. With this in mind, we’ll look at: - How to build end-to-end data insight and predictor systems, built on the back of serverless and machine learning systems. - Best practices for working with serverless technology for ferrying information between raw data files and machine learning systems through an eventing system. - Considerations and practical examples of working with the security implications of dealing with sensitive information.

Better Data with Machine Learning and Serverless

Jonathan LeBlanc

Best Practices for Application Development with Box

Jonathan LeBlanc

Box Platform Overview

Jonathan LeBlanc

Box Platform Developer Workshop

Jonathan LeBlanc

This topic will go through current standards and future trends for building a scalable security model for distributed cloud based data. We’ll look into practices and considerations behind handing highly privileged data globally, diving into topics such as: - How global compliance and regulations affect security practices. - Handling data permissions, identity, and security with application access to data. - Considerations, trends, and standards for global data availability.

Modern Cloud Data Security Practices

Jonathan LeBlanc

Box Authentication Types

Jonathan LeBlanc

Understanding Box UI Elements

Jonathan LeBlanc

Understanding Box applications, tokens, and scoping

Jonathan LeBlanc

The Future of Online Money: Creating Secure Payments Globally

Jonathan LeBlanc

Building a modern API architecture is a constant struggle between ease of development and security. JSON Web Tokens (JWTs) introduce a means of building authentication into JSON objects being transmitted through APIs. In this session we’ll explore how JWTs work to build verifiable and trusted objects, allowing them to be combined with standards such as OAuth 2 for capturing access tokens, leading to a secure means of JavaScript SDK dev.

Modern API Security with JSON Web Tokens

Jonathan LeBlanc

The future of retail is in removing the divide between the offline shopping state and the enhanced online buying experience. To create this type of enhanced retail experience, we can remove complexities in the process, such as simplifying checkout. In this session we’ll learn how to use internet-connected microelectronics to attach to a buyer’s mobile device to provide the functionality to buy products right from the aisle.

Creating an In-Aisle Purchasing System from Scratch

Jonathan LeBlanc

As web enabled systems become an integral part of everything we interact with, how do we secure data in potential unsecure environments? In this session you'll learn how to apply fundamental security precepts in potentially insecure environments. Topics include: Securing identity and payment data through voice commands or text Tokenization and encryption security Triggering secure transactions from communications media

Secure Payments Over Mixed Communication Media

Jonathan LeBlanc

We are in an age where more people have phones than toilets, and there are more active cell phones than people on the planet. How do we protect all of these devices roaming around unsecured locations, especially when they want to pay for something. Learn the secrets behind building a secure mobile backbone, as we explore how to harden security, build systems based on identity confidence, and work towards a future proofed mobile framework.

Protecting the Future of Mobile Payments

Jonathan LeBlanc

The arena of proper auth & data security standards is often some of the most misunderstood, confusing, and tricky aspects of building Node apps. Using open source auth techniques and proper data encryption standards, we’ll learn how to make intelligent decisions on creating a solid infrastructure to protect our users and data. We’ll dive into auth systems, data attack vectors, how to protect your systems, and common security pitfalls in Node.

Node.js Authentication and Data Security

Jonathan LeBlanc

The screencast of this presentation can be found at https://youtu.be/o3uy7dgG_n4 There is an assumption in the industry, amongst companies large and small alike, that if they store sensitive user data (and sometimes do some mild encryption) in their database, it's locked in and secured from potential attacks. People rely too heavily on their false assumptions of security, and it usually ends up costing them extensively when that is proven wrong. In this session, Jonathan will build a foundation for identity and data security that everyone dealing with sensitive data should understand. We'll break down concepts of identity security, common attack vectors and how to protect yourself, and how to harden your web application.

PHP Identity and Data Security

Jonathan LeBlanc

Web enabled systems are now an integral part of everything we interact with, from microelectronics to voice enabled hardware, from text messages and phone calls to email, and really we’re just limited by our imaginations as to what we can connect. As we explore vast new realms of communication over mixed digital media, we have to ask ourselves how we protect our critical data within potential unsecure environments. Going beyond that, how do we protect some of our more critical data, payment information, in this same realm. As we look at a multitude of different environments, we’ll be exploring how to secure user identity and payment information through the communication channels, covering topics like: * Securing identity and payment data through voice commands or text. * Tokenization and encryption security. * Techniques for triggering secure transactions from communications media. At the end of the session, we’ll have a stronger understanding of proper techniques for working with new communication media sources, and see how we can apply fundamental security precepts in potentially insecure environments.

Secure Payments Over Mixed Communication Media

Jonathan LeBlanc

BattleHack Los Angeles

Jonathan LeBlanc

The video of this presentation is available at https://www.youtube.com/watch?v=b3nB6kZQeaQ As startups and innovation hubs push towards grand notions of technology innovation, connecting the world around them, and building towards a truly online commerce profile, there is a huge segment of the population that falters and is left behind. The underserved community represents over 1 out of every 5 people in the US, and as we explore cash heavy societies, and heavily underbanked populations worldwide, that number increases dramatically. These are markets that are massively underserved by technology and commerce, yet represent a potential hotbed of growth for any business. As we explore this large segment of the world population, we'll dive into how the banking and commerce industries are primed for disruption to build up the underserved communities around the planet into a new digital commerce world. From digital currency to the struggling banking industry, we'll explore how we're on the cusp of a commerce revolution, one that will completely disrupt the banking industry, and our notion of technology reach worldwide.

Rebuilding Commerce

Jonathan LeBlanc

Mehr von Jonathan LeBlanc (20)

JavaScript App Security: Auth and Identity on the Client

Improving Developer Onboarding Through Intelligent Data Insights

Better Data with Machine Learning and Serverless

Best Practices for Application Development with Box

Box Platform Overview

Box Platform Developer Workshop

Modern Cloud Data Security Practices

Box Authentication Types

Understanding Box UI Elements

Understanding Box applications, tokens, and scoping

The Future of Online Money: Creating Secure Payments Globally

Modern API Security with JSON Web Tokens

Creating an In-Aisle Purchasing System from Scratch

Secure Payments Over Mixed Communication Media

Protecting the Future of Mobile Payments

Node.js Authentication and Data Security

PHP Identity and Data Security

Secure Payments Over Mixed Communication Media

BattleHack Los Angeles

Rebuilding Commerce

Kürzlich hochgeladen

Webinar Recording: https://www.panagenda.com/webinars/why-teams-call-analytics-is-critical-to-your-entire-business Nothing is as frustrating and noticeable as being in an important call and being unable to see or hear the other person. Not surprising then, that issues with Teams calls are among the most common problems users call their helpdesk for. Having in depth insight into everything relevant going on at the user’s device, local network, ISP and Microsoft itself during the call is crucial for good Microsoft Teams Call quality support. To ensure a quick and adequate solution and to ensure your users get the most out of their Microsoft 365. But did you know that ‘bad calls’ are also an excellent indicator of other problems arising? Precisely because it is so noticeable!? Like the canary in the mine, bad calls can be early indicators of problems. Problems that might otherwise not have been noticed for a while but can have a big impact on productivity and satisfaction. Join this session by Christoph Adler to learn how true Microsoft Teams call quality analytics helped other organizations troubleshoot bad calls and identify and fix problems that impacted Teams calls or the use of Microsoft365 in general. See what it can do to keep your users happy and productive! In this session we will cover - Why CQD data alone is not enough to troubleshoot call problems - The importance of attributing call problems to the right call participant - What call quality analytics can do to help you quickly find, fix-, and prevent problems - Why having retrospective detailed insights matters - Real life examples of how others have used Microsoft Teams call quality monitoring to problem shoot problems with their ISP, network, device health and more.

Why Teams call analytics are critical to your entire business

panagenda

Modernizing Securities Finance: The cloud-native prime brokerage platform transforming capital markets. Madhu Subbu, Managing Director, Head of Securities Finance Engineering Apidays Singapore 2024: Connecting Customers, Business and Technology (April 17 & 18, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu

apidays

Boost Fertility New Invention Ups Success Rates.pdf

sudhanshuwaghmare1

Artificial Intelligence Chap.5 : Uncertainty

Khushali Kathiriya

💉💊+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHABI}}+971581248768 +971581248768 Mtp-Kit (500MG) Prices » Dubai [(+971581248768**)] Abortion Pills For Sale In Dubai, UAE, Mifepristone and Misoprostol Tablets Available In Dubai, UAE CONTACT DR.Maya Whatsapp +971581248768 We Have Abortion Pills / Cytotec Tablets /Mifegest Kit Available in Dubai, Sharjah, Abudhabi, Ajman, Alain, Fujairah, Ras Al Khaimah, Umm Al Quwain, UAE, Buy cytotec in Dubai +971581248768''''Abortion Pills near me DUBAI | ABU DHABI|UAE. Price of Misoprostol, Cytotec” +971581248768' Dr.DEEM ''BUY ABORTION PILLS MIFEGEST KIT, MISOPROTONE, CYTOTEC PILLS IN DUBAI, ABU DHABI,UAE'' Contact me now via What's App…… abortion Pills Cytotec also available Oman Qatar Doha Saudi Arabia Bahrain Above all, Cytotec Abortion Pills are Available In Dubai / UAE, you will be very happy to do abortion in Dubai we are providing cytotec 200mg abortion pill in Dubai, UAE. Medication abortion offers an alternative to Surgical Abortion for women in the early weeks of pregnancy. We only offer abortion pills from 1 week-6 Months. We then advise you to use surgery if its beyond 6 months. Our Abu Dhabi, Ajman, Al Ain, Dubai, Fujairah, Ras Al Khaimah (RAK), Sharjah, Umm Al Quwain (UAQ) United Arab Emirates Abortion Clinic provides the safest and most advanced techniques for providing non-surgical, medical and surgical abortion methods for early through late second trimester, including the Abortion By Pill Procedure (RU 486, Mifeprex, Mifepristone, early options French Abortion Pill), Tamoxifen, Methotrexate and Cytotec (Misoprostol). The Abu Dhabi, United Arab Emirates Abortion Clinic performs Same Day Abortion Procedure using medications that are taken on the first day of the office visit and will cause the abortion to occur generally within 4 to 6 hours (as early as 30 minutes) for patients who are 3 to 12 weeks pregnant. When Mifepristone and Misoprostol are used, 50% of patients complete in 4 to 6 hours; 75% to 80% in 12 hours; and 90% in 24 hours. We use a regimen that allows for completion without the need for surgery 99% of the time. All advanced second trimester and late term pregnancies at our Tampa clinic (17 to 24 weeks or greater) can be completed within 24 hours or less 99% of the time without the need surgery. The procedure is completed with minimal to no complications. Our Women's Health Center located in Abu Dhabi, United Arab Emirates, uses the latest medications for medical abortions (RU-486, Mifeprex, Mifegyne, Mifepristone, early options French abortion pill), Methotrexate and Cytotec (Misoprostol). The safety standards of our Abu Dhabi, United Arab Emirates Abortion Doctors remain unparalleled. They consistently maintain the lowest complication rates throughout the nation. Our Physicians and staff are always available to answer questions and care for women in one of the most difficult times in their lives. The decision to have an abortion at the Abortion Cl

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@

Axa Assurance Maroc - Insurer Innovation Award 2024

The Digital Insurer

Accelerating FinTech Innovation: Unleashing API Economy and GenAI Vasa Krishnan, Chief Technology Officer - FinResults Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

apidays

Join our latest Connector Corner webinar to discover how UiPath Integration Service revolutionizes API-centric automation in a 'Quote to Cash' process—and how that automation empowers businesses to accelerate revenue generation. A comprehensive demo will explore connecting systems, GenAI, and people, through powerful pre-built connectors designed to speed process cycle times. Speakers: James Dickson, Senior Software Engineer Charlie Greenberg, Host, Product Marketing Manager

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

DianaGray10

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

Edi Saputra

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Product Anonymous

Corporate and higher education. Two industries that, in the past, have had a clear divide with very little crossover. The difference in goals, learning styles and objectives paved the way for differing learning technologies platforms to evolve. Now, those stark lines are blurring as both sides are discovering they have content that’s relevant to the other. Join Tammy Rutherford as she walks through the pros and cons of corporate and higher ed collaborating. And the challenges of these different technology platforms working together for a brighter future.

Corporate and higher education May webinar.pptx

Rustici Software

Scaling API-first – The story of a global engineering organization Ian Reasor, Senior Computer Scientist - Adobe Radu Cotescu, Senior Computer Scientist - Adobe Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

apidays

A Beginners Guide to Building a RAG App Using Open Source Milvus

Zilliz

Manulife - Insurer Transformation Award 2024

The Digital Insurer

Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data. Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery. You'll learn how to: - Effortlessly maintain a comprehensive, up-to-date data inventory - Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning - Simplify compliance by leveraging Privya's integration with TrustArc - Implement proven strategies to mitigate third-party risks Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

TrustArc

Real Time Object Detection Using Open CV

Khem

Architecting Cloud Native Applications

WSO2

presentation ICT roal in 21st century education

jfdjdjcjdnsjd

The value of a flexible API Management solution for Open Banking Steve Melan, Manager for IT Innovation and Architecture - State's and Saving's Bank of Luxembourg Apidays New York 2024: The API Economy in the AI Era (April 30 & May 1, 2024) ------ Check out our conferences at https://www.apidays.global/ Do you want to sponsor or talk at one of our conferences? https://apidays.typeform.com/to/ILJeAaV8 Learn more on APIscene, the global media made by the community for the community: https://www.apiscene.io Explore the API ecosystem with the API Landscape: https://apilandscape.apiscene.io/

Apidays New York 2024 - The value of a flexible API Management solution for O...

apidays

Automating Google Workspace (GWS) & more with Apps Script

wesley chun

Kürzlich hochgeladen (20)

Why Teams call analytics are critical to your entire business

Apidays Singapore 2024 - Modernizing Securities Finance by Madhu Subbu

Boost Fertility New Invention Ups Success Rates.pdf

Artificial Intelligence Chap.5 : Uncertainty

+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...

Axa Assurance Maroc - Insurer Innovation Award 2024

Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving

ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke

Corporate and higher education May webinar.pptx

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe

A Beginners Guide to Building a RAG App Using Open Source Milvus

Manulife - Insurer Transformation Award 2024

TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery

Real Time Object Detection Using Open CV

Architecting Cloud Native Applications

presentation ICT roal in 21st century education

Apidays New York 2024 - The value of a flexible API Management solution for O...

Automating Google Workspace (GWS) & more with Apps Script

Kill All Passwords

1. Kill all Passwords Jonathan LeBlanc (@jcleblanc) Head of Global Developer Advocacy at PayPal + Braintree

2. Why do we need this? Passwords are awesome! twitter: @jcleblanc | hashtag: #ConvergeSE

3. 1.  123456 2.  password 3.  12345678 4.  qwerty 5.  abc123 6.  123456789 7.  111111 8.  1234567 9.  iloveyou 10. adobe123 11. 123123 12. admin 13. 1234567890 14. letmein 15. photoshop 16. 1234 17. monkey 18. shadow 19. sunshine 20. 12345 Top Passwords of 2014 twitter: @jcleblanc | hashtag: #ConvergeSE

4. 4.7% of users have the password password; 8.5% have the passwords password or 123456; 9.8% have the passwords password, 123456 or 12345678; 14% have a password from the top 10 passwords 40% have a password from the top 100 passwords 79% have a password from the top 500 passwords 91% have a password from the top 1000 passwords Poor Password Choices twitter: @jcleblanc | hashtag: #ConvergeSE

5. twitter: @jcleblanc | hashtag: #ConvergeSE The Weakest Link

6. The Key Issues twitter: @jcleblanc | hashtag: #ConvergeSE

7. People Forget Passwords

8. twitter: @jcleblanc | hashtag: #ConvergeSE Security over Usability

9. twitter: @jcleblanc | hashtag: #ConvergeSE Replacing the Concept of a Username and Password

10. Securing Current Methods twitter: @jcleblanc | hashtag: #ConvergeSE

11. Bad Security Algorithms MD5, SHA-1, SHA-2, SHA-3 twitter: @jcleblanc | hashtag: #ConvergeSE

12. Good Security Algorithms PBKDF2, BCRYPT, SCRYPT twitter: @jcleblanc | hashtag: #ConvergeSE

13. twitter: @jcleblanc | hashtag: #ConvergeSE Key Stretching

14. Scaling Authentication twitter: @jcleblanc | hashtag: #ConvergeSE

15. twitter: @jcleblanc | hashtag: #ConvergeSE Establishing Trust Zones

16. Location Awareness Habit Awareness Browser Uniqueness Device Fingerprinting There’s more to it twitter: @jcleblanc | hashtag: #ConvergeSE

17. twitter: @jcleblanc | hashtag: #ConvergeSE Variable Authentication

18. twitter: @jcleblanc | hashtag: #ConvergeSE Usability vs Security

19. Use Another Site Login Mixed OAuth 2 / OpenID Connect for auth Roll Your Own Username / Password Fingerprint Scanning State of Developer Auth twitter: @jcleblanc | hashtag: #ConvergeSE

20. twitter: @jcleblanc | hashtag: #ConvergeSE What Happened to OAuth 1.0a?

21. twitter: @jcleblanc | hashtag: #ConvergeSE Security Concerns with OAuth 2 / OpenID Connect

22. Identity Biometrics twitter: @jcleblanc | hashtag: #ConvergeSE

23. False negative: Valid user can’t log in False positive: Invalid user can log in False Positive / Negative Rates twitter: @jcleblanc | hashtag: #ConvergeSE

24. The FIDO Alliance http://fidoalliance.org/ twitter: @jcleblanc | hashtag: #ConvergeSE

25. twitter: @jcleblanc | hashtag: #ConvergeSE The Future of Secure Identity & Data Encryption

26. Thank You! slideshare.net/jcleblanc Jonathan LeBlanc (@jcleblanc) Head of Global Developer Advocacy at PayPal + Braintree

Kill All Passwords

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Ähnlich wie Kill All Passwords

Ähnlich wie Kill All Passwords (20)

Mehr von Jonathan LeBlanc

Mehr von Jonathan LeBlanc (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Kill All Passwords