 So I will talk a little bit about what we have added with hindsight to security to the product in the year 2016 I won't go into much of technical details, but more shows some nice slides One example that we have added is we now have a brute force detection enabled by default in the login So how it works is basically if somebody tries to log in and uses an invalid password The next login attempt from this subnet range will be limited and will be troddled to do Smaller speed so in an extreme case each login attempt from a specific sub range will take up to 30 seconds and this is pretty nice because it's enabled by default you don't have to do anything and Most users won't be affected by it until you enter your password like wrong 20 times And then you are confused right logging in takes a little bit longer Another thing that has been added is support for a second factor. Christopher's written great stuff for this Thank you very much So how it works is basically what once you have entered your password your username you will be asked Hey, please provide this second factor as well And if you don't have the second factor you won't be authenticated so even if somebody has your password they won't be able to access your account and this is Implemented in a pretty modular way, so you can write your very own Second factor providers, so this is for example one using the tootp standard, but it's also possible to integrate physical hardware devices like ube keys or Whatever you you please it's pretty Not a lot. That's nice Another thing that has been added are same side who is that something that probably nobody has ever seen as an active user What it does is actually It's a specific type of attribute you can set to a cookie and these cookies will only be sent if the page if the request has been sent from the same page, so if I send you a link to your next cloud and It's a controller which enforces this specific security check the page won't even open So your browser will say no hand open this. This is at the moment supported in chrome and opera So if you use those you will automatically profit benefit from this and It works pretty nicely So another thing that has been added are application specific password So what you can do now is you go to your personal settings you create a new application specific password And then you say hey, this is my I don't know iPhone or Android device And then you get a new password which you can use as login password on your mobile device This is something you need if you have for example a second factor enabled because obviously at the moment The Android device won't ask you. Hey, please enter your second factor so you need to provide an application specific password which by design bypasses the second factor of integration and This is also pretty nice because it also allows you to revoke access for specific devices So if you are look in with an application specific password or with a client which already Kind of uses the sessions probably you will see in your user account which clients are locked in for And when the last access was and if you click on this little delete button the user won't be able to look in anymore from this device So this also is implemented in a way that it also works together with the password change mechanism So the reasoning here is if you change your password The expectation may be that everything you previously used will be locked out So if you for example have your iPhone configured with your next cloud It would still be able to log in before because it uses the session and not the user password But with this change if you change your user password every client will be locked out And they have to re-authenticate at the moment one exception for this is application specific password which you can Obviously configure and will always stay in well always in most cases will stay valid So that's it for my side and next