Download as PDF, PPTX
![require_once('Auth/BrowserID.php');
$verifier = new Auth_BrowserID('http://123done.org');
$result = $verifier->verifyAssertion($_POST['assertion']);](https://image.slidesharecdn.com/persona-osdc2013-131102025310-phpapp02/75/You-re-still-using-passwords-on-your-site-115-2048.jpg)
![require_once('Auth/BrowserID.php');
$verifier = new Auth_BrowserID('http://123done.org');
$result = $verifier->verifyAssertion($_POST['assertion']);
if ($result->status === 'okay') {
echo "Hi " . $result->email;
} else {
echo "Error: " . $result->reason;
}](https://image.slidesharecdn.com/persona-osdc2013-131102025310-phpapp02/75/You-re-still-using-passwords-on-your-site-117-2048.jpg)
![require_once('Auth/BrowserID.php');
$verifier = new Auth_BrowserID('http://123done.org');
$result = $verifier->verifyAssertion($_POST['assertion']);
if ($result->status === 'okay') {
echo "Hi " . $result->email;
} else {
echo "Error: " . $result->reason;
}](https://image.slidesharecdn.com/persona-osdc2013-131102025310-phpapp02/75/You-re-still-using-passwords-on-your-site-119-2048.jpg)
![require_once('Auth/BrowserID.php');
$verifier = new Auth_BrowserID('http://123done.org');
$result = $verifier->verifyAssertion($_POST['assertion']);](https://crownmelresort.com/image.slidesharecdn.com/persona-osdc2013-131102025310-phpapp02/75/You-re-still-using-passwords-on-your-site-115-2048.jpg)
![require_once('Auth/BrowserID.php');
$verifier = new Auth_BrowserID('http://123done.org');
$result = $verifier->verifyAssertion($_POST['assertion']);
if ($result->status === 'okay') {
echo "Hi " . $result->email;
} else {
echo "Error: " . $result->reason;
}](https://crownmelresort.com/image.slidesharecdn.com/persona-osdc2013-131102025310-phpapp02/75/You-re-still-using-passwords-on-your-site-117-2048.jpg)
![require_once('Auth/BrowserID.php');
$verifier = new Auth_BrowserID('http://123done.org');
$result = $verifier->verifyAssertion($_POST['assertion']);
if ($result->status === 'okay') {
echo "Hi " . $result->email;
} else {
echo "Error: " . $result->reason;
}](https://crownmelresort.com/image.slidesharecdn.com/persona-osdc2013-131102025310-phpapp02/75/You-re-still-using-passwords-on-your-site-119-2048.jpg)
More Related Content
Similar to You're still using passwords on your site?
You're still using passwords on your site?
- 1. You’re still using passwordson your site? François Marier – @fmarier
- 12. problem #1: passwords arehard to secure
- 13. bcrypt / scrypt/ pbkdf2 per-user salt site secret password & lockout policies secure recovery
- 14. bcrypt / scrypt/ pbkdf2 per-user salt site secret password & lockout policies secure recovery
- 15. bcrypt / scrypt/ pbkdf2 per-user salt site secret password & lockout policies secure recovery
- 16. bcrypt / scrypt/ pbkdf2 per-user salt site secret password & lockout policies secure recovery
- 17. bcrypt / scrypt/ pbkdf2 per-user salt site secret password & lockout policies secure recovery
- 18. bcrypt / scrypt/ pbkdf2 3 1 0 2 per-user salt d r o site secret w s s s a & lockoutne p password li policies e id u secure recovery g
- 19. passwords are hardto secure they are a liability
- 20. ALTER TABLE user DROPCOLUMN password;
- 21. problem #2: passwords arehard to remember
- 24. pick an easypassword
- 25. pick an easypassword use it everywhere
- 26. passwords are hardto remember they need to be reset
- 28.
- 30. “People want a littledating before marriage.” Eric Vishria – Rockmelt
- 32.
- 33.
- 36.
- 37. existing login systems arenot good enough
- 38. ideal web-wide identitysystem
- 39. ideal web-wide identitysystem
- 40. ideal web-wide identitysystem
- 41. ideal web-wide identitysystem
- 42. what if itwere a standard part of the web browser?
- 44. how does itwork?
- 45.
- 46.
- 47. why email addresses? alreadyfederated people know their email natural association between person & email easy to have separate identities most sites need a way to contact users no lock-in
- 48. why email addresses? alreadyfederated people know their email natural association between person & email easy to have separate identities most sites need a way to contact users no lock-in
- 49. why email addresses? alreadyfederated people know their email natural association between person & email easy to have separate identities most sites need a way to contact users no lock-in
- 50. why email addresses? alreadyfederated people know their email natural association between person & email easy to have separate identities most sites need a way to contact users no lock-in
- 51. why email addresses? alreadyfederated people know their email natural association between person & email easy to have separate identities most sites need a way to contact users no lock-in
- 52. why email addresses? alreadyfederated people know their email natural association between person & email easy to have separate identities most sites need a way to contact users no lock-in
- 53.
- 54.
- 55. Persona is alreadya decentralised system
- 56. SMS with PINcodes
- 57. SMS with PINcodes Jabber / XMPP
- 58. SMS with PINcodes Jabber / XMPP Yubikeys
- 59. SMS with PINcodes Jabber / XMPP Yubikeys LDAP accounts
- 60. SMS with PINcodes Jabber / XMPP Yubikeys LDAP accounts Client certificates
- 61. SMS with PINcodes { Jabber / XMPP Yubikeys LDAP accounts Client certificates } "public-key": { "algorithm": "RS", "n":"685484565272...", "e":"65537" }, "encrypted-private-key": { "iv": "tmg7gztUQT...", "salt": "JMtGwlF5UWY", "ct": "8DdOjD1IA1..." }, "authentication": "...", "provisioning": "..." Password-wrapped secret key
- 62. decentralisation is theanswer, but it's not a product adoption strategy
- 63. we can't waitfor all browsers to adopt Persona
- 64.
- 68. we can't waitfor all browsers to adopt Persona solution: a temporary javascript shim
- 69. goal: trusted code runningin the browser
- 70.
- 71. localStorage localStorage.setItem("key", serializedKey); var serializedKey= localStorage.getItem("key");
- 72.
- 73.
- 74.
- 75. Persona supports all modernbrowsers >= 8
- 76. we can't waitfor all domains to adopt Persona
- 77. we can't waitfor all domains to adopt Persona solution: a temporary centralised fallback
- 78.
- 79. Persona already works withall email domains
- 80.
- 81.
- 84.
- 85.
- 86.
- 90.
- 91. “how many users doesPersona have?”
- 93.
- 94. #3 if a problemhas been around for a while, it's probably a hard one
- 95. see if youcan solve part of the problem
- 96.
- 98. Persona is asimple sign-in solution for the web
- 99. how simple isit for developers?
- 101.
- 102. navigator.id.watch({ loggedInEmail: “francois@mozilla.com”, onlogin: function(assertion) { $.post('/login', {assertion: assertion}, function (data) { // do something } ); }, onlogout: function () { window.location = '/logout'; } });
- 103. navigator.id.watch({ loggedInUser: “francois@mozilla.com”, onlogin: function(assertion) { $.post('/login', {assertion: assertion}, function (data) { // do something } ); }, onlogout: function () { window.location = '/logout'; } });
- 104. navigator.id.watch({ loggedInUser: null, onlogin: function(assertion) { $.post('/login', {assertion: assertion}, function (data) { // do something } ); }, onlogout: function () { window.location = '/logout'; } });
- 105. navigator.id.watch({ loggedInUser: null, onlogin: function(assertion) { $.post('/login', {assertion: assertion}, function (data) { // do something } ); }, onlogout: function () { window.location = '/logout'; } });
- 106. navigator.id.watch({ loggedInUser: null, onlogin: function(assertion) { $.post('/login', {assertion: assertion}, function (data) { window.location = '/'; } ); }, onlogout: function () { window.location = '/logout'; } });
- 108.
- 112. navigator.id.watch({ loggedInUser: null, onlogin: function(assertion) { $.post('/login', {assertion: assertion}, function (data) { window.location = '/'; } ); }, onlogout: function () { window.location = '/logout'; } });
- 113.
- 114. navigator.id.watch({ loggedInUser: null, onlogin: function(assertion) { $.post('/login', {assertion: assertion}, function (data) { window.location = '/home'; } ); }, onlogout: function () { window.location = '/logout'; } });
- 115. require_once('Auth/BrowserID.php'); $verifier = newAuth_BrowserID('http://123done.org'); $result = $verifier->verifyAssertion($_POST['assertion']);
- 116. { status: “okay”, audience: “http://123done.org”, expires:1344849682560, email: “francois@mozilla.com”, } issuer: “login.persona.org”
- 117. require_once('Auth/BrowserID.php'); $verifier = newAuth_BrowserID('http://123done.org'); $result = $verifier->verifyAssertion($_POST['assertion']); if ($result->status === 'okay') { echo "Hi " . $result->email; } else { echo "Error: " . $result->reason; }
- 118. { status: “failed”, } reason: “assertionhas expired”
- 119. require_once('Auth/BrowserID.php'); $verifier = newAuth_BrowserID('http://123done.org'); $result = $verifier->verifyAssertion($_POST['assertion']); if ($result->status === 'okay') { echo "Hi " . $result->email; } else { echo "Error: " . $result->reason; }
- 122.
- 123. navigator.id.watch({ loggedInUser: null, onlogin: function(assertion) { $.post('/login', {assertion: assertion}, function (data) { window.location = '/home'; } ); }, onlogout: function () { window.location = '/logout'; } });
- 125. 1. load javascriptlibrary
- 126. 1. load javascriptlibrary 2. setup login & logout callbacks
- 127. 1. load javascriptlibrary 2. setup login & logout callbacks 3. add login and logout buttons
- 128. 1. load javascriptlibrary 2. setup login & logout callbacks 3. add login and logout buttons 4. verify proof of ownership
- 129. no 1. load javascriptlibrary API key needed 2. setup login & logout callbacks 3. add login and logout buttons 4. verify proof of ownership
- 130. how simple isit for domain owners?
- 131.
- 132.
- 133.
- 134.
- 135.
- 136. 1. check foryour /.well-known/browserid 2. try the provisioning endpoint 3. show the authentication page 4. call the provisioning endpoint again
- 137. 1. check foryour /.well-known/browserid 2. try the provisioning endpoint 3. show the authentication page 4. call the provisioning endpoint again
- 138. 1. check foryour /.well-known/browserid 2. try the provisioning endpoint 3. show the authentication page 4. call the provisioning endpoint again
- 139. 1. check foryour /.well-known/browserid 2. try the provisioning endpoint 3. show the authentication page 4. call the provisioning endpoint again
- 140.
- 142. building a newsite: default to Persona
- 143. working on anexisting site/app: add support for Persona
- 144.
- 145.
- 146.
- 148. ALTER TABLE user DROPCOLUMN password;
- 149. To learn moreabout Persona: https://login.persona.org/ http://identity.mozilla.com/ https://developer.mozilla.org/docs/Persona/Why_Persona https://developer.mozilla.org/docs/Persona/Quick_Setup https://github.com/mozilla/browserid-cookbook https://developer.mozilla.org/docs/Persona/Libraries_and_plugins https://wiki.mozilla.org/Identity#Get_Involved @fmarier http://fmarier.org
- 150. Photo credits: Laptop password:https://secure.flickr.com/photos/reidrac/4696900602/ Top 500 passwords: http://xato.net/passwords/more-top-worst-passwords/ Restaurant dinner: https://secure.flickr.com/photos/yourdon/3977084094/ Parchment: https://secure.flickr.com/photos/27613359@N03/6750396225/ Yubikey: https://secure.flickr.com/photos/knk/3379897261/ Stop sign: https://secure.flickr.com/photos/artbystevejohnson/6673406227/ © 2013 François Marier <francois@mozilla.com> This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 New Zealand License.