The document discusses building strong passwords and password security. It explains that passwords work by being known only to the user and being hard to guess due to randomness. Passwords can be cracked through brute force attacks, so it is important to have high entropy and a large number of possible password combinations. The document recommends making passwords long and complex by combining random words or using a dice-rolling method to generate strong, memorable passwords. Length is more important than complexity alone for security. The summary emphasizes password security, factors that strengthen passwords, and techniques for creating strong passwords.
1. Building Rock Solid Passwords
Dreamforce ‘15 Admin Theater
Mark D. Slayton
Consultant, Red Argyle
mark@redargyle.com
@Mark_D_Slayton
2. Safe harbor statement under the Private Securities Litigation Reform Act of 1995:
This presentation may contain forward-looking statements that involve risks, uncertainties, and assumptions. If any such uncertainties
materialize or if any of the assumptions proves incorrect, the results of salesforce.com, inc. could differ materially from the results expressed
or implied by the forward-looking statements we make. All statements other than statements of historical fact could be deemed forward-
looking, including any projections of product or service availability, subscriber growth, earnings, revenues, or other financial items and any
statements regarding strategies or plans of management for future operations, statements of belief, any statements concerning new,
planned, or upgraded services or technology developments and customer contracts or use of our services.
The risks and uncertainties referred to above include – but are not limited to – risks associated with developing and delivering new
functionality for our service, new products and services, our new business model, our past operating losses, possible fluctuations in our
operating results and rate of growth, interruptions or delays in our Web hosting, breach of our security measures, the outcome of any
litigation, risks associated with completed and any possible mergers and acquisitions, the immature market in which we operate, our
relatively limited operating history, our ability to expand, retain, and motivate our employees and manage our growth, new releases of our
service and successful customer deployment, our limited history reselling non-salesforce.com products, and utilization and selling to larger
enterprise customers. Further information on potential factors that could affect the financial results of salesforce.com, inc. is included in our
annual report on Form 10-K for the most recent fiscal year and in our quarterly report on Form 10-Q for the most recent fiscal quarter.
These documents and others containing important disclosures are available on the SEC Filings section of the Investor Information section
of our Web site.
Any unreleased services or features referenced in this or other presentations, press releases or public statements are not currently available
and may not be delivered on time or at all. Customers who purchase our services should make the purchase decisions based upon features
that are currently available. Salesforce.com, inc. assumes no obligation and does not intend to update these forward-looking statements.
Safe Harbor
4. How and Why Passwords Work
What Makes Passwords Strong (or Weak)
How to Build Stronger Passwords
In the next 15 minutes, you’ll learn…
Today’s Topics
5. Why Does This Matter?
And Why Do I Need To Understand It?
6. 1. They’re Your First Line of Defense.
Why Does This Matter?
“Keep Out” by Flickr user Justin Jensen. Used under Creative Commons CC BY 2.0
7. 2. Security you don’t understand is “magic”.
Why Does This Matter?
“ritual” by Flickr user Paul Stevenson. Used under Creative Commons CC BY 2.0
8. 3. Hackers Understand This Stuff.
Why Does This Matter?
“HTML Code” by Flickr user Marjan Krebelj. Used under Creative Commons CC BY 2.0
9. Known to Few Hard to Guess
How do Passwords Work?
This isn’t exactly new technology.
10. What “Hard to Guess” Means
40-digit wheel
3 number combination
64,000 possible settings
Strength in Randomness
“Combination Lock” by Flickr user Sh4rp_i. Used under Creative Commons CC BY 2.0
11. The Universal Weakness
Brute Force Attacks
“Venice Muscle Beach” by Flickr user Lin Mei. Used under Creative Commons CC BY 2.0
12. We’re Gonna Need a Bigger Haystack
How We Cope: Entropy
“There’s a needle in there somewhere” by Flickr user theilr. Used under Creative Commons CC BY 2.0
13. Let’s See How Bad It Can Get
Here’s a worst-case scenario…
14. Worst-Case Scenario
Somebody Has Access To Your System
Trillion Password per Second Processing Speed
How Long Will These Passwords Last?
Welcome to Siege Warfare
“Cannon on Macau” by Flickr user Marcus Meissner. Used under Creative Commons CC BY 2.0
22. The Truth about “bigmeanbear”
Only about a million possible
values.
Lasts less than the blink of an
eye.
It never stood a chance.
“Broken Lock” by Flickr user lyudagreen. Used under Creative Commons CC BY 2.0
23. It’s a Human Condition
We Are Really Bad At This
“brain power” by Flickr user Allan Ajifo. Used under Creative Commons CC BY 2.0
27. So. how does the math work out?
Some Sample Passwords
28. 7776 ^ 5 Possible Values
~28 Quintillion, or 28 million trillion
Lasts about 1 year
da-pier-monad-(-henry
29. 21-buteo-burtt-maid-87th-yoke
7776 ^ 6 Possible Values
221 Sextillion, or 221 trillion
trillion
Over 200x the number of
stars in the universe
Lasts 7000 years
You heard me.
“M1: The Crab Nebula from Hubble”. Image Credit NASA/ESA/J. Hester/A Loll
30. “I’ll Never Remember That.” – My Wife, Mia
Use a shorter (but still complete) word list
Fewer options requires more length
She has a point.
32. • Passwords Work through Secrecy and Randomness
• Jibberish is Good, Length is (Probably) Better
• Make It Long, But Memorable
What Did We Learn Today?
Take-Aways