The Grand Challenge to Kill Passwords for Good

  • November 18, 2013 · 6:00 PM
  • This location is shown only to members

WATCH LIVE: http://www.wbt-tv.com/p/live.html

Update! In the wake of Typhoon Haiyan and the terrible devastation it has caused, we will be accepting donations for the Phillipines tonight. Donate to the supporting non-profit of your choice here, or visit our donation table at the event. (Donors who give $15 or greater will get a t-shirt!)

"Our intention is to really obliterate, within a certain number of years, both passwords and PINs and see the whole Internet—including internally in enterprises—obliterate user IDs and passwords and PINs from the face of the planet.”



Michael Barrett, former Chief Information Security Officer at PayPal, stated his path earlier this year. We’ve invited Michael to join us to hear exactly what he’s been up to the past few months and learn how FIDO is working to revolutionize online authentication and the way we interact with technology moving forward, especially mobile.



In this talk with Michael Barrett, we will explore:

1. The FIDO Alliance, and why companies like Google, Mastercard, and PayPal have all jumped on the FIDO wagon

2. Why it is different from other authentication initiatives

3. How Universal Authetication Framework (UAF) and Universal Second Factor (USF) work in demos by Nok Nok Labs



About Michael Barrett

Michael Barrett is President of the FIDO Alliance and serves on the board of directors of StopBadWare, a 501(c)3 Berkman Center spin out organization dedicated to mitigating the impact of malware on businesses and individuals.

From 2006 to 2013, Mr. Barrett was the Chief Information Security Officer for PayPal.

Mr. Barrett was twice named one of the ‘50 most powerful people in networking’ by Network World magazine, has been listed as one of ITSecurity.com’s top influencers in the security industry and was recognized as the ‘Information Security Executive of the year’ in 2010. He is a certified information systems security professional (CISSP) and a certified information security manager (CISM). He graduated from Brighton University (U.K.), where he earned a Bachelor’s of Science degree in Computer Science.



Agenda:

6:15 PM:  Delicious local food, craft beer, music and conversation

7:00 PM:  Michael Barrett

7:25 PM:  Nok Nok Labs

7:45 PM:  Q and A



How to find us: TechXploration takes place at PayPal HQ in the Town Hall building, which faces North First St. Park anywhere.

Public Transit Info: PayPal Town Hall is directly across the street from the Karina Station of VTA/Light Rail in San Jose.



Join or login to comment.

  • Amanda S.

    Video is posted! Let us know what you think of our new closed captioning: Part 1: http://youtu.be/S9mg8ZFETVI
    Part 2: http://youtu.be/H8Lb9FmDobI
    Part 3: http://youtu.be/B1d_EKuAiRc
    Part 4: http://youtu.be/don8Kmc6qSw
    Part 5: http://youtu.be/LwDYgsotiAQ

    2 · December 6, 2013

    • Sagar S.

      Hey Amanda, thanks for sharing these! The places you could improve for future (gripes): 1-Add links to all the parts in the descriptions of each part on YouTube itself. 2-Get rid of parts, YouTube supports long videos! 3-Make smart subtitles! These hard coded subtitles means we cannot toggle them on-off from the YouTube player; it also means that the subtitles cannot be adapted for screen readers and high contrast readers... big loss on accessibility

      1 · December 6, 2013

    • Amanda S.

      @Sagar, oh no! I was hoping this would be a win for accessibility. I'll pass this feedback on to the video team!

      1 · December 6, 2013

  • Saurabh P.

    Was the session video recorded? Is there any place where I can see the video recording? Thanks
    Saurabh

    November 25, 2013

    • Amanda S.

      Hi Saurabh, the video will be uploaded and posted here this week. Stay tuned!

      November 26, 2013

  • Malcolm N.

    I enjoyed the talk, but it I thought the crucial point was less technical, and more of a roadmap for actually getting something implemented. Michael speaks with the voice of experience when he says, don't let the perfect be the enemy of the good-enough, and the focus on minimizing friction spot on. Having said that, I would really have loved to have seen more of a big picture overview of a more complete solution, with something along the lines of, "and this is the bit we are going to work on first". The black and white treatment of the tradeoff between centralized and decentralized authentication was also unsatisfying, because the trade is more complex, and ignore the existence of a continuum of intermediate solutions.

    1 · November 19, 2013

  • Mike C.

    Interested in working on the future of Mobile Identity Management at Yahoo, send your resume to [masked].

    MikeC.

    November 19, 2013

  • Bob C.

    I was disappointed in the concepts covered—it seemed like false advertising. FIDO does nothing to address user passwords. What it does is effectively move the authentication of the user to the user's own device. This would protect a provider like PayPal from large-scale losses due to password database hacking. It does not reduce a user's need for passwords, and worse, makes their own device (smartphone or laptop) a more valuable target for thieves. Bottom line: this is a necessary component but not sufficient for a secure authentication system. From the title of the talk, I had hoped for more.

    November 18, 2013

    • A K.

      Agree with Bob ...

      November 18, 2013

    • Brendon J. W.

      Bob: Ah, I see - You were expecting coverage of the various authentication *mechanisms* that could be used instead of passwords (fingerprint, voice biometrics, gesture recognition, others)? Fair enough - FIDO doesn't explicitly address those, and doesn't do so intentionally. The goal of FIDO is to act as a conduit for those various mechanisms, and allow the relying party to leverage them; at the same time it insulates the relying party from the details of each mechanism. While you're right that solutions like password managers can already leverage things like fingerprint sensors, they suffer from offering a cumbersome user experience (fair amount of user interaction to make them work, doesn't "just work") and inferior security (their continued reliance on passwords mean that they are prone to easy theft of credentials via malware like Zeus, SpyEye, etc). The lack of the fundamental building block provided by FIDO is actually why those solutions have not achieved widespread adoption.

      1 · November 19, 2013

  • A former member
    A former member

    And we are LIVE! TUNE IN HERE:
    http://www.wbt-tv.com/p/live.html

    November 18, 2013

  • Josh

    Caught the flu, really disappointed I won't make it.

    November 18, 2013

  • Diego K.

    Why don't all websites expose a standardized way (API) of entering login and password for a start? A cross-platform tool like keepasx or even the browsers themselves could take over the task of logging in for all sites being opened. This API could be later replaced by a better scheme transparently for a user. This seems like a good transition plan for me.
    Unfortunately I can not join you as I am based out of Berlin.

    November 17, 2013

    • Brendon J. W.

      Actually, such an API exists as part of the HTTP protocol itself - it's called digest authentication. Unfortunately, it suffers a couple of drawbacks: for one, it's based on MD5 hashing, and MD5 is a somewhat weaker hashing scheme. In addition, the authentication is handled natively in the browser, so a website doesn't get much control over the authentication user experience. Finally, it also suffers the flaw that there is no way to log out.

      November 17, 2013

  • Justin 'Red' L.

    I really wish I could attend this one, but unfortunately will be in another time zone entirely. Is there any way I could get my hands on some material that would cover the content of the presentation?

    November 13, 2013

    • Amanda S.

      We'll post the recording here in about a week, Justin.

      1 · November 17, 2013

  • Quincy S.

    I like your great presentations.

    November 11, 2013

  • A former member
    A former member

    Hate id and password

    November 10, 2013

  • Mahesh V.

    Curious to explore new technologies

    November 9, 2013

  • Leticia S.

    looking forward to this topic- facinating!

    November 6, 2013

  • AcroYogi

    see y'all soon. http://gregroberts.com

    November 5, 2013

  • Michael L.

    Wish I could make this one. I'll be out of the country

    October 10, 2013

  • A former member
    A former member

    I am leaving on 21st for India... do let me know if there is anything similar before 21st...
    Thank you

    October 3, 2013

Our Sponsors

  • PayPal

    TechXploration is engineered by PayPal.

People in this
Meetup are also in:

Imagine having a community behind you

Get started Learn more
Henry

I decided to start Reno Motorcycle Riders Group because I wanted to be part of a group of people who enjoyed my passion... I was excited and nervous. Our group has grown by leaps and bounds. I never thought it would be this big.

Henry, started Reno Motorcycle Riders

Sign up

Meetup members, Log in

By clicking "Sign up" or "Sign up using Facebook", you confirm that you accept our Terms of Service & Privacy Policy