Passwords suck Nico Smit November 2014. “The million passwords dilemma:”  Just like having a million keys suck, so also having a million usernames and.

Slides:



Advertisements
Similar presentations
Research and Innovation Participant Portal How to register for an ECAS account NEXT.
Advertisements

Sterling Heights Public Library Agenda n We’ll learn how to “clean up” the computers n We’ll review how SLC’s mail system works n We’ll review SpamLion.
Existing Customer: Please visit Bonaqua Website for registration.
Web Filtering. ExchangeDefender Web Filtering provides policy-controlled protection from dangerous content on the web. Web Filtering is agent based, allowing.
Information Regarding
For new coming user, you need to request account before log-in to the system by 1. Go to 2. Click “Register”
John R. Kasich, Governor Tracy J. Plouck, Director.
Secure File Interchange 2 Whitenoise Laboratories Inc. Quick User Guide.
Login to University Web Site Enter in to login in which click Institution login.
HNA-Drive Familiarization Presentation. From the address bar in your preferred internet browser, navigate to Site supports: Internet.
How to post to Wordpress Chruton Budd. Click on the Login link.
Student’s registration and class joining. Student’s registration.
PASSWORD MANAGER Why you need one 1. WHAT IS A PASSWORD MANAGER? A modern Password Manager is a browser extension (Chrome, Internet Explorer, Firefox,
Downloading and Installing AutoCAD Architecture 2015 This is a 4 step process 1.Register with the Autodesk Student Community 2.Downloading the software.
Free Wi-Fi Zone. Detail Process of Free Wi-Fi Access Switch on Wi-Fi setup on your Wi-Fi enabled Device like Cell Phone, Tablet PC, Laptop & search for.
On-Line Database Placement Application Tutorial. How to Change Your Information On York’s System.
 When you receive a new you will be shown a highlighted in yellow box where your can be found  To open your new just double click.
Outlook Web Access (OWA) is a web mail service of Microsoft Exchange; allow users to connect remotely via a Web browser OWA is used to access ,
How To Batch Register Your Students
Password Management Programs By SIR Phil Goff, Branch 116 Area 2 Computers and Technology April 18,
CHC DI Group. What We Will Cover Securing your devices and computers. Passwords. s. Safe browsing for shopping and online banks. Social media.
JMU Outlook, Messenger, and Skydrive An easier way to upload and store files to share.
U3A Computing Beginners Class Leader – Brian Moore Week 7 of 10 weeks. Mondays 4:15 to 5:45 pm.
EDW647: Internet for Educators Dr. Roger Webster Department of Computer Science Millersville University July 23, 2008 Create.
McGraw-Hill Connect® First Day of Class
Tablet Camp 2015 Resource Guide for Students at Klein ISD 1:1 Campuses.
Password Management Programs By SIR Phil Goff, Branch 116 Area 2 Computers and Technology January 17,
Basics. 2 Professional Development Centre Class Outline Part 1 - Introduction –Explaining –Parts of an address –Types of services.
Step 1 – Go to the TRANServe Online Application log in screen Step 2 – Do not attempt to log in, instead, click on the “Register” button. This step applies.
Downloading and Installing Autodesk Revit 2016
Creating a Web Site Using 000webhost.com The 000webhost.com Site You will be required to create an account in order to use their host computer 000webhost.com.
How to Attach a File to an . Step One Log onto the Internet and then onto Click on Student Resources.
Downloading and Installing Autodesk Inventor Professional 2015 This is a 4 step process 1.Register with the Autodesk Student Community 2.Downloading the.
At the Log in page enter your college provided username and password then click submit to login to Owl Link.
 When you receive a new you will be shown a highlighted in yellow box where your can be found  To open your new just double click.
Attachments are files that you can open with your for e.g. when you send an you could attach a link or a picture a word document or a spreadsheet.
EBC Flex Help Accessing the website and your account.
Using LastPass. Great password management is impossible w/o a great tool Auto-fill (hands-free login) will save you approximately one hour per month You.
IPSOS / Vodafone / Novartis Kenya 17 December 2014.
1 Mezzanine Ware (Pty) Ltd © 2014 Installing\Uninstalling the Mezzanine Helium Android application.
Catherine Metcalf | Dec U.S. Department of Education 2015 FSA Training Conference for Financial Aid Professionals The FSA ID – Resources for Assisting.
Outlook Web Access (OWA) is a web mail service of Microsoft Exchange; allow users to connect remotely via a Web browser OWA is used to access ,
Getting started with VendorVision Getting started with VendorVision Congratulations on using VendorVision! To get started, go to the VendorVision.
Rosen’s Discrete Mathematics with Connect Connect Mathematics provides an engaging and interactive environment for students to master the chapter content.
Online Login Security Enhancement Creating an online username & password November 2015.
How to set up an account- Non-Technical Aimee Lilley.
SAP – our anti-hacking software. Banking customers can do most transactions, payments and transfer online, through very secure encrypted connections.
1 TRANSPORTER SIGNUP FOR TRANSIT PASS Commercial Taxes Department Government Of Jharkhand.
MyMISLab First Day of Class Registration Walkthrough.
1.Switch on the computer and wait for loading. 2.Select the Windows 7 OS at the end of the list. 3.Click on the link ‘Administrator’ 4.Enter the administrator.
Antony Edwin Keane Inc Ltd
Getting Started with. Before you register A valid address Course ID from your instructor Student access code Before you register, be sure you have:
Create an Account.
Using the Personal Image Photo Library
Contoso Insurance Azure App Services Code Sample
What this activity will show you
 Xfinity is an American based company  Xfinity is basically a telecommunication company  They provide network services to the people of America  Xfinity.
AIM/education directory (Ed dir)
Welcome to BELONG Tech Support Helpline Number Here we provide information and troubleshooting steps for. We have no involvement with any firms unless.
Officeinstall-setup.com Technical expert studying and writing helpful articles on antivirus and other security products.
If you are not logged in, visit your Moodle Cloud LMS and login
Setting up and using secure and document transfer
How To Send And Receive s For Beginner Users.
Steps to Download and Install the Desktop Reader
Discovery Education Streaming
Internet Safety – Social Media
Help Me FedEx – Installing and Using
MyLion Registration Website | Mobile device
WELCOME How to Setup Yahoo Account Key Feature in Browser? CONTACT US
The first time you login in to the upgraded system, please select ‘Forgotten your password?’ to reset your password before using the system.
Presentation transcript:

Passwords suck Nico Smit November 2014

“The million passwords dilemma:”  Just like having a million keys suck, so also having a million usernames and passwords suck

“The million passwords dilemma:”  We are developers, we make life better and more efficient  If something is a drag, a developer finds a way to optimize it

“The million passwords dilemma:”  We are supposed to come up with better solutions/alternatives to the million passwords dilemma

Some possible solutions to consider

Option 1: Globally recognized “proxy” login accounts

Option 1:  Log in with Google  Log in with Facebook  Log in with Twitter  Etc.

Option 1:  Pros  Everyone has one of these accounts, so setup is complete  APIs and functionality already exists

Option 1:  Cons  Granting access to a website through these accounts, also opens up your personal information to the website you log in to.

Option 1:  We as developers should be pushing universal logins on websites we develop as far as possible, when it makes sense

Option 2: Assume someone's address and inbox is secure

Option 2:  Its 2014, s and mailboxes should be secure, hidden behind a username and password, encrypted connections etc.

Option 2:  So assuming that the inbox is secure, we can send any sensitive information to the inbox we want. (usernames, passwords, urls etc.)

Option 2:  So assuming that the inbox is secure, we can send any sensitive information to the inbox we want. (usernames, passwords, urls etc.)

“The encrypted url auto login”

The encrypted url auto login :  (1) Build a JSON object containing username, password, action to commit, page to redirect afterwards etc.

The encrypted url auto login :  (2) Encrypt the JSON object (string) with two way encryption

The encrypted url auto login :  (3) Build a receiver for the encrypted string on the website  Catch as variable from url  Decrypt  Do the awesomeness

The encrypted url auto login :  (4) End result:  Example.com?auto=df7gwgh7gfpsh

Option 2:  Pros  Never log in again, forget your password  Perform any action on website from the url click

Option 2:  Cons  People can hack into your account… (and everything else… so what?)  Must have your open on your device

Option 3: Assume someone’s PC desktop is secure

Option 3:  Build an actual “key” to actually unlock websites

“Website keys”

Option 3:  Actual xml file on your computer dashboard  The xml file contains username, password, address, name, surname etc.

Option 3:  Drag the “key” into the login area on website to log in  Option to allow registration with key as well

Option 3:  After registering on a website, have the option to “download your key for xxxxx”

Option 3:  A universal standard will have to be implemented for “website keys”

Option 3:  Stack ‘em up. Have a folder on your dashboard full of keys  Or password protect the folder…

Option 3:  Pros  Drag and drop  Your mother could understand it

Option 3:  Cons  Do you really want all your passwords lying on your PC dashboard?

Option 4: Create an online “password vault” for everything

Option 4:  Implement accessible API

Option 4:  Pure in-browser example:  At login, button that says “Get details from password vault” - click

Option 4:  Pure in-browser example:  Opens in new tab, Redirects to password vault with current domain name attached (?site=randomsite.com)

Option 4:  Pure in-browser example:  and password login to password vault  Immediately shows username and password for site

Option 4:  Mobile phone example:  At login, show QR code to scan: “Get details from password vault”

Option 4:  Mobile phone example:  Phone goes to password vault with current domain name attached (?site=randomsite.com)

Option 4:  Mobile phone example:  and password login to password vault

Option 4:  Mobile phone example:  Immediately shows username and password for site

Option 4:  One time pin solution:  Instead of password vault showing username and password, let it generate a one time pin, valid for one minute

Option 4:  One time pin solution:  Website where user is trying to log in, has a textbox to fill in one time pin. “Log in with password vault one time pin”

Option 4:  One time pin solution:  Submit does API call to password vault, if success, logs user in

Option 4:  Pros  Everything in browser  Device independent

Option 4:  Cons  Getting the whole world to buy into the idea of “one password vault”

Questions? Criticisms? Rotten tomatoes??