SlideShare a Scribd company logo

Building Rock Solid Passwords - Mark Slayton

Salesforce Admins
Salesforce Admins

The document discusses building strong passwords and password security. It explains that passwords work by being known only to the user and being hard to guess due to randomness. Passwords can be cracked through brute force attacks, so it is important to have high entropy and a large number of possible password combinations. The document recommends making passwords long and complex by combining random words or using a dice-rolling method to generate strong, memorable passwords. Length is more important than complexity alone for security. The summary emphasizes password security, factors that strengthen passwords, and techniques for creating strong passwords.

Technology
1 of 33
Download to read offline
Building Rock Solid Passwords Dreamforce ‘15 Admin Theater ​ Mark D. Slayton ​ Consultant, Red Argyle ​ mark@redargyle.com ​ @Mark_D_Slayton ​ 
​ Safe harbor statement under the Private Securities Litigation Reform Act of 1995: ​ This presentation may contain forward-looking statements that involve risks, uncertainties, and assumptions. If any such uncertainties materialize or if any of the assumptions proves incorrect, the results of salesforce.com, inc. could differ materially from the results expressed or implied by the forward-looking statements we make. All statements other than statements of historical fact could be deemed forward- looking, including any projections of product or service availability, subscriber growth, earnings, revenues, or other financial items and any statements regarding strategies or plans of management for future operations, statements of belief, any statements concerning new, planned, or upgraded services or technology developments and customer contracts or use of our services. ​ The risks and uncertainties referred to above include – but are not limited to – risks associated with developing and delivering new functionality for our service, new products and services, our new business model, our past operating losses, possible fluctuations in our operating results and rate of growth, interruptions or delays in our Web hosting, breach of our security measures, the outcome of any litigation, risks associated with completed and any possible mergers and acquisitions, the immature market in which we operate, our relatively limited operating history, our ability to expand, retain, and motivate our employees and manage our growth, new releases of our service and successful customer deployment, our limited history reselling non-salesforce.com products, and utilization and selling to larger enterprise customers. Further information on potential factors that could affect the financial results of salesforce.com, inc. is included in our annual report on Form 10-K for the most recent fiscal year and in our quarterly report on Form 10-Q for the most recent fiscal quarter. These documents and others containing important disclosures are available on the SEC Filings section of the Investor Information section of our Web site. ​ Any unreleased services or features referenced in this or other presentations, press releases or public statements are not currently available and may not be delivered on time or at all. Customers who purchase our services should make the purchase decisions based upon features that are currently available. Salesforce.com, inc. assumes no obligation and does not intend to update these forward-looking statements. Safe Harbor
Mark D. Slayton Consultant Red Argyle
​ How and Why Passwords Work ​ What Makes Passwords Strong (or Weak) ​ How to Build Stronger Passwords In the next 15 minutes, you’ll learn… Today’s Topics
Why Does This Matter? And Why Do I Need To Understand It?
1. They’re Your First Line of Defense. Why Does This Matter? “Keep Out” by Flickr user Justin Jensen. Used under Creative Commons CC BY 2.0
2. Security you don’t understand is “magic”. Why Does This Matter? “ritual” by Flickr user Paul Stevenson. Used under Creative Commons CC BY 2.0
3. Hackers Understand This Stuff. Why Does This Matter? “HTML Code” by Flickr user Marjan Krebelj. Used under Creative Commons CC BY 2.0
​ Known to Few ​ Hard to Guess How do Passwords Work? ​ This isn’t exactly new technology.
What “Hard to Guess” Means ​ 40-digit wheel ​ 3 number combination ​ 64,000 possible settings ​ Strength in Randomness “Combination Lock” by Flickr user Sh4rp_i. Used under Creative Commons CC BY 2.0
The Universal Weakness Brute Force Attacks “Venice Muscle Beach” by Flickr user Lin Mei. Used under Creative Commons CC BY 2.0
We’re Gonna Need a Bigger Haystack How We Cope: Entropy “There’s a needle in there somewhere” by Flickr user theilr. Used under Creative Commons CC BY 2.0
Let’s See How Bad It Can Get Here’s a worst-case scenario…
Worst-Case Scenario ​ Somebody Has Access To Your System ​ Trillion Password per Second Processing Speed ​ How Long Will These Passwords Last? ​ Welcome to Siege Warfare “Cannon on Macau” by Flickr user Marcus Meissner. Used under Creative Commons CC BY 2.0
meanbear ​ 52 ^ 8 Possible Values ​ ~53 Trillion ​ Lasts 1 minute ​ 62 ^ 8 Possible Values ​ ~218 Trillion ​ Lasts 3.5 minutes ​ 94 ^ 8 Possible Values ​ ~6 Quadrillion (or 6 thousand trillion) ​ Lasts 1.7 hours MeaNbeaR M3aNbe4R M3@Nb#4R ​ 26 ^ 8 Possible Values ​ ~200 Billion ​ Lasts 0.2 Seconds Password Breakdown
More Values means More Security Complexity Helps “Alphabet Soup” by Flickr user Scott Veg. Used under Creative Commons CC BY 2.0
But wait!
​ 26 ^ 11 Possible Values ​ ~3.6 Quadrillion (or 3.6 thousand trillion) ​ Lasts about an hour Will It Work? bigmeanbear
…in my opinion Length Beats Complexity “Measuring Tape” by Flickr user Sean MacEntee. Used under Creative Commons CC BY 2.0
Time for a confession.
…I lied. But at least I admitted it!
The Truth about “bigmeanbear” ​ Only about a million possible values. ​ Lasts less than the blink of an eye. ​ It never stood a chance. “Broken Lock” by Flickr user lyudagreen. Used under Creative Commons CC BY 2.0
It’s a Human Condition We Are Really Bad At This “brain power” by Flickr user Allan Ajifo. Used under Creative Commons CC BY 2.0
Combining Complexity and Memorability The “Secret Sauce” of Password Security
So Simple, Anyone Can Do It! One Possible Method: Diceware “Dice” by Flickr user Toshiyuki IMAI. Used under Creative Commons CC BY 2.0
Some Sample Rolls
So. how does the math work out? Some Sample Passwords
​ 7776 ^ 5 Possible Values ​ ~28 Quintillion, or 28 million trillion ​ Lasts about 1 year da-pier-monad-(-henry
21-buteo-burtt-maid-87th-yoke ​ 7776 ^ 6 Possible Values ​ 221 Sextillion, or 221 trillion trillion ​ Over 200x the number of stars in the universe ​ Lasts 7000 years ​ You heard me. “M1: The Crab Nebula from Hubble”. Image Credit NASA/ESA/J. Hester/A Loll
“I’ll Never Remember That.” – My Wife, Mia ​ Use a shorter (but still complete) word list ​ Fewer options requires more length ​ She has a point.
sell-located-suddenly-position-close-lost-truck-addition ​ 1000 ^ 8 Possible Values ​ 1 Septillion, or 1 trillion trillion ​ Lasts 32 thousand years ​ The rhyming is a lucky coincidence.
•  Passwords Work through Secrecy and Randomness •  Jibberish is Good, Length is (Probably) Better •  Make It Long, But Memorable What Did We Learn Today? Take-Aways
Thank you

Recommended

"How to learn, develop and decide under uncertainty in the public sector?"
"How to learn, develop and decide under uncertainty in the public sector?""How to learn, develop and decide under uncertainty in the public sector?"
"How to learn, develop and decide under uncertainty in the public sector?"Klaus Haasis
 
Disintegrated enterprise-architecture?
Disintegrated enterprise-architecture?Disintegrated enterprise-architecture?
Disintegrated enterprise-architecture?Tetradian Consulting
 
Get involved with the security community at Elastic
Get involved with the security community at ElasticGet involved with the security community at Elastic
Get involved with the security community at ElasticElasticsearch
 
Live Coding with Salesforce Developers: Decoupling your org with Triggers
Live Coding with Salesforce Developers: Decoupling your org with TriggersLive Coding with Salesforce Developers: Decoupling your org with Triggers
Live Coding with Salesforce Developers: Decoupling your org with TriggersDeveloper Force
 
Intersection ofeverything peter coffee presentation
Intersection ofeverything peter coffee presentationIntersection ofeverything peter coffee presentation
Intersection ofeverything peter coffee presentationMassTLC
 
Using Oculus Rift and VR to Visualize Data on Salesforce
Using Oculus Rift and VR to Visualize Data on SalesforceUsing Oculus Rift and VR to Visualize Data on Salesforce
Using Oculus Rift and VR to Visualize Data on SalesforceCodeScience
 
The Three Waves of Financial Disruption in Fintech
The Three Waves of Financial Disruption in FintechThe Three Waves of Financial Disruption in Fintech
The Three Waves of Financial Disruption in FintechReinventure Group
 
Finding Security Issues Fast!
Finding Security Issues Fast!Finding Security Issues Fast!
Finding Security Issues Fast!Salesforce Engineering
 

Recommended

"How to learn, develop and decide under uncertainty in the public sector?"
"How to learn, develop and decide under uncertainty in the public sector?""How to learn, develop and decide under uncertainty in the public sector?"
"How to learn, develop and decide under uncertainty in the public sector?"Klaus Haasis
 
Disintegrated enterprise-architecture?
Disintegrated enterprise-architecture?Disintegrated enterprise-architecture?
Disintegrated enterprise-architecture?Tetradian Consulting
 
Get involved with the security community at Elastic
Get involved with the security community at ElasticGet involved with the security community at Elastic
Get involved with the security community at ElasticElasticsearch
 
Live Coding with Salesforce Developers: Decoupling your org with Triggers
Live Coding with Salesforce Developers: Decoupling your org with TriggersLive Coding with Salesforce Developers: Decoupling your org with Triggers
Live Coding with Salesforce Developers: Decoupling your org with TriggersDeveloper Force
 
Intersection ofeverything peter coffee presentation
Intersection ofeverything peter coffee presentationIntersection ofeverything peter coffee presentation
Intersection ofeverything peter coffee presentationMassTLC
 
Using Oculus Rift and VR to Visualize Data on Salesforce
Using Oculus Rift and VR to Visualize Data on SalesforceUsing Oculus Rift and VR to Visualize Data on Salesforce
Using Oculus Rift and VR to Visualize Data on SalesforceCodeScience
 
The Three Waves of Financial Disruption in Fintech
The Three Waves of Financial Disruption in FintechThe Three Waves of Financial Disruption in Fintech
The Three Waves of Financial Disruption in FintechReinventure Group
 
Finding Security Issues Fast!
Finding Security Issues Fast!Finding Security Issues Fast!
Finding Security Issues Fast!Salesforce Engineering
 
What's new at Elastic: Update on major initiatives and releases
What's new at Elastic: Update on major initiatives and releasesWhat's new at Elastic: Update on major initiatives and releases
What's new at Elastic: Update on major initiatives and releasesElasticsearch
 
Cloud Identity: What Happens Next?
Cloud Identity: What Happens Next?Cloud Identity: What Happens Next?
Cloud Identity: What Happens Next?Pat Patterson
 
Securing Your Salesforce Deployment with Two Factor Authentication
Securing Your Salesforce Deployment with Two Factor AuthenticationSecuring Your Salesforce Deployment with Two Factor Authentication
Securing Your Salesforce Deployment with Two Factor AuthenticationSalesforce Developers
 
Overview Of Blockchain Technology And Architecture Powerpoint Presentation Sl...
Overview Of Blockchain Technology And Architecture Powerpoint Presentation Sl...Overview Of Blockchain Technology And Architecture Powerpoint Presentation Sl...
Overview Of Blockchain Technology And Architecture Powerpoint Presentation Sl...SlideTeam
 
Using Oculus Rift and Virtual Reality to Visualize Data on Salesforce
Using Oculus Rift and Virtual Reality to Visualize Data on SalesforceUsing Oculus Rift and Virtual Reality to Visualize Data on Salesforce
Using Oculus Rift and Virtual Reality to Visualize Data on SalesforceSalesforce Developers
 
How South Dakota's BIT defends against cyber threats
How South Dakota's BIT defends against cyber threatsHow South Dakota's BIT defends against cyber threats
How South Dakota's BIT defends against cyber threatsElasticsearch
 
Clouds of connection sept2011 acm aitp
Clouds of connection sept2011 acm aitpClouds of connection sept2011 acm aitp
Clouds of connection sept2011 acm aitpPeter Coffee
 
KeyAI. Solving a math problem to recover lost crypto assets.
KeyAI. Solving a math problem to recover lost crypto assets.KeyAI. Solving a math problem to recover lost crypto assets.
KeyAI. Solving a math problem to recover lost crypto assets.RFID INC
 
8 myths About Moving from Siebel to Salesforce
8 myths About Moving from Siebel to Salesforce8 myths About Moving from Siebel to Salesforce
8 myths About Moving from Siebel to SalesforceMaricor
 
Salesforce Partner Forum: The Internet of Things Opportunity
Salesforce Partner Forum: The Internet of Things OpportunitySalesforce Partner Forum: The Internet of Things Opportunity
Salesforce Partner Forum: The Internet of Things OpportunityReidCarlberg
 
IoT, M2M: Three Events, Three Takeaways, Three To-Dos (IoT & The Connected De...
IoT, M2M: Three Events, Three Takeaways, Three To-Dos (IoT & The Connected De...IoT, M2M: Three Events, Three Takeaways, Three To-Dos (IoT & The Connected De...
IoT, M2M: Three Events, Three Takeaways, Three To-Dos (IoT & The Connected De...ReidCarlberg
 
Internet Of Things: Creativity, Innovation & The Internet of Things IOT World
Internet Of Things: Creativity, Innovation & The Internet of Things IOT WorldInternet Of Things: Creativity, Innovation & The Internet of Things IOT World
Internet Of Things: Creativity, Innovation & The Internet of Things IOT WorldReidCarlberg
 
Forces of the Future That's Now - Peter Coffee at SoTeC 2015
Forces of the Future That's Now - Peter Coffee at SoTeC 2015Forces of the Future That's Now - Peter Coffee at SoTeC 2015
Forces of the Future That's Now - Peter Coffee at SoTeC 2015Peter Coffee
 
Tech Talk: Isn’t One Authentication Mechanism z Systems Enough?
Tech Talk: Isn’t One Authentication Mechanism z Systems Enough?Tech Talk: Isn’t One Authentication Mechanism z Systems Enough?
Tech Talk: Isn’t One Authentication Mechanism z Systems Enough?CA Technologies
 
Forcing Functions: Reconceiving Everything - Peter Coffee at AITP San Diego C...
Forcing Functions: Reconceiving Everything - Peter Coffee at AITP San Diego C...Forcing Functions: Reconceiving Everything - Peter Coffee at AITP San Diego C...
Forcing Functions: Reconceiving Everything - Peter Coffee at AITP San Diego C...Peter Coffee
 
Mastering Lightning Community Development
Mastering Lightning Community DevelopmentMastering Lightning Community Development
Mastering Lightning Community DevelopmentMike Katulka
 
Peter Doolan COGEL Quebec December 2013
Peter Doolan COGEL Quebec December 2013Peter Doolan COGEL Quebec December 2013
Peter Doolan COGEL Quebec December 2013Peter Doolan
 
There is no Such Thing as Big Data - Jeremy Waite, StrategySalesforce Exactt...
There is no Such Thing as Big Data - Jeremy Waite, StrategySalesforce Exactt...There is no Such Thing as Big Data - Jeremy Waite, StrategySalesforce Exactt...
There is no Such Thing as Big Data - Jeremy Waite, StrategySalesforce Exactt...PerformanceIN
 
Cybersecurity: Intelligence, innovation, and information warfare
Cybersecurity: Intelligence, innovation, and information warfareCybersecurity: Intelligence, innovation, and information warfare
Cybersecurity: Intelligence, innovation, and information warfareElasticsearch
 
3SIXTY_client_and_prospect_publication
3SIXTY_client_and_prospect_publication3SIXTY_client_and_prospect_publication
3SIXTY_client_and_prospect_publicationGlenn Peake
 
Admin Best Practices: Dashboards for Every Admin
Admin Best Practices: Dashboards for Every AdminAdmin Best Practices: Dashboards for Every Admin
Admin Best Practices: Dashboards for Every AdminSalesforce Admins
 
Admin Best Practices: Building Useful Formulas
Admin Best Practices: Building Useful FormulasAdmin Best Practices: Building Useful Formulas
Admin Best Practices: Building Useful FormulasSalesforce Admins
 

More Related Content

Similar to Building Rock Solid Passwords - Mark Slayton

What's new at Elastic: Update on major initiatives and releases
What's new at Elastic: Update on major initiatives and releasesWhat's new at Elastic: Update on major initiatives and releases
What's new at Elastic: Update on major initiatives and releasesElasticsearch
 
Cloud Identity: What Happens Next?
Cloud Identity: What Happens Next?Cloud Identity: What Happens Next?
Cloud Identity: What Happens Next?Pat Patterson
 
Securing Your Salesforce Deployment with Two Factor Authentication
Securing Your Salesforce Deployment with Two Factor AuthenticationSecuring Your Salesforce Deployment with Two Factor Authentication
Securing Your Salesforce Deployment with Two Factor AuthenticationSalesforce Developers
 
Overview Of Blockchain Technology And Architecture Powerpoint Presentation Sl...
Overview Of Blockchain Technology And Architecture Powerpoint Presentation Sl...Overview Of Blockchain Technology And Architecture Powerpoint Presentation Sl...
Overview Of Blockchain Technology And Architecture Powerpoint Presentation Sl...SlideTeam
 
Using Oculus Rift and Virtual Reality to Visualize Data on Salesforce
Using Oculus Rift and Virtual Reality to Visualize Data on SalesforceUsing Oculus Rift and Virtual Reality to Visualize Data on Salesforce
Using Oculus Rift and Virtual Reality to Visualize Data on SalesforceSalesforce Developers
 
How South Dakota's BIT defends against cyber threats
How South Dakota's BIT defends against cyber threatsHow South Dakota's BIT defends against cyber threats
How South Dakota's BIT defends against cyber threatsElasticsearch
 
Clouds of connection sept2011 acm aitp
Clouds of connection sept2011 acm aitpClouds of connection sept2011 acm aitp
Clouds of connection sept2011 acm aitpPeter Coffee
 
KeyAI. Solving a math problem to recover lost crypto assets.
KeyAI. Solving a math problem to recover lost crypto assets.KeyAI. Solving a math problem to recover lost crypto assets.
KeyAI. Solving a math problem to recover lost crypto assets.RFID INC
 
8 myths About Moving from Siebel to Salesforce
8 myths About Moving from Siebel to Salesforce8 myths About Moving from Siebel to Salesforce
8 myths About Moving from Siebel to SalesforceMaricor
 
Salesforce Partner Forum: The Internet of Things Opportunity
Salesforce Partner Forum: The Internet of Things OpportunitySalesforce Partner Forum: The Internet of Things Opportunity
Salesforce Partner Forum: The Internet of Things OpportunityReidCarlberg
 
IoT, M2M: Three Events, Three Takeaways, Three To-Dos (IoT & The Connected De...
IoT, M2M: Three Events, Three Takeaways, Three To-Dos (IoT & The Connected De...IoT, M2M: Three Events, Three Takeaways, Three To-Dos (IoT & The Connected De...
IoT, M2M: Three Events, Three Takeaways, Three To-Dos (IoT & The Connected De...ReidCarlberg
 
Internet Of Things: Creativity, Innovation & The Internet of Things IOT World
Internet Of Things: Creativity, Innovation & The Internet of Things IOT WorldInternet Of Things: Creativity, Innovation & The Internet of Things IOT World
Internet Of Things: Creativity, Innovation & The Internet of Things IOT WorldReidCarlberg
 
Forces of the Future That's Now - Peter Coffee at SoTeC 2015
Forces of the Future That's Now - Peter Coffee at SoTeC 2015Forces of the Future That's Now - Peter Coffee at SoTeC 2015
Forces of the Future That's Now - Peter Coffee at SoTeC 2015Peter Coffee
 
Tech Talk: Isn’t One Authentication Mechanism z Systems Enough?
Tech Talk: Isn’t One Authentication Mechanism z Systems Enough?Tech Talk: Isn’t One Authentication Mechanism z Systems Enough?
Tech Talk: Isn’t One Authentication Mechanism z Systems Enough?CA Technologies
 
Forcing Functions: Reconceiving Everything - Peter Coffee at AITP San Diego C...
Forcing Functions: Reconceiving Everything - Peter Coffee at AITP San Diego C...Forcing Functions: Reconceiving Everything - Peter Coffee at AITP San Diego C...
Forcing Functions: Reconceiving Everything - Peter Coffee at AITP San Diego C...Peter Coffee
 
Mastering Lightning Community Development
Mastering Lightning Community DevelopmentMastering Lightning Community Development
Mastering Lightning Community DevelopmentMike Katulka
 
Peter Doolan COGEL Quebec December 2013
Peter Doolan COGEL Quebec December 2013Peter Doolan COGEL Quebec December 2013
Peter Doolan COGEL Quebec December 2013Peter Doolan
 
There is no Such Thing as Big Data - Jeremy Waite, StrategySalesforce Exactt...
There is no Such Thing as Big Data - Jeremy Waite, StrategySalesforce Exactt...There is no Such Thing as Big Data - Jeremy Waite, StrategySalesforce Exactt...
There is no Such Thing as Big Data - Jeremy Waite, StrategySalesforce Exactt...PerformanceIN
 
Cybersecurity: Intelligence, innovation, and information warfare
Cybersecurity: Intelligence, innovation, and information warfareCybersecurity: Intelligence, innovation, and information warfare
Cybersecurity: Intelligence, innovation, and information warfareElasticsearch
 
3SIXTY_client_and_prospect_publication
3SIXTY_client_and_prospect_publication3SIXTY_client_and_prospect_publication
3SIXTY_client_and_prospect_publicationGlenn Peake
 

Similar to Building Rock Solid Passwords - Mark Slayton (20)

What's new at Elastic: Update on major initiatives and releases
What's new at Elastic: Update on major initiatives and releasesWhat's new at Elastic: Update on major initiatives and releases
What's new at Elastic: Update on major initiatives and releases
 
Cloud Identity: What Happens Next?
Cloud Identity: What Happens Next?Cloud Identity: What Happens Next?
Cloud Identity: What Happens Next?
 
Securing Your Salesforce Deployment with Two Factor Authentication
Securing Your Salesforce Deployment with Two Factor AuthenticationSecuring Your Salesforce Deployment with Two Factor Authentication
Securing Your Salesforce Deployment with Two Factor Authentication
 
Overview Of Blockchain Technology And Architecture Powerpoint Presentation Sl...
Overview Of Blockchain Technology And Architecture Powerpoint Presentation Sl...Overview Of Blockchain Technology And Architecture Powerpoint Presentation Sl...
Overview Of Blockchain Technology And Architecture Powerpoint Presentation Sl...
 
Using Oculus Rift and Virtual Reality to Visualize Data on Salesforce
Using Oculus Rift and Virtual Reality to Visualize Data on SalesforceUsing Oculus Rift and Virtual Reality to Visualize Data on Salesforce
Using Oculus Rift and Virtual Reality to Visualize Data on Salesforce
 
How South Dakota's BIT defends against cyber threats
How South Dakota's BIT defends against cyber threatsHow South Dakota's BIT defends against cyber threats
How South Dakota's BIT defends against cyber threats
 
Clouds of connection sept2011 acm aitp
Clouds of connection sept2011 acm aitpClouds of connection sept2011 acm aitp
Clouds of connection sept2011 acm aitp
 
KeyAI. Solving a math problem to recover lost crypto assets.
KeyAI. Solving a math problem to recover lost crypto assets.KeyAI. Solving a math problem to recover lost crypto assets.
KeyAI. Solving a math problem to recover lost crypto assets.
 
8 myths About Moving from Siebel to Salesforce
8 myths About Moving from Siebel to Salesforce8 myths About Moving from Siebel to Salesforce
8 myths About Moving from Siebel to Salesforce
 
Salesforce Partner Forum: The Internet of Things Opportunity
Salesforce Partner Forum: The Internet of Things OpportunitySalesforce Partner Forum: The Internet of Things Opportunity
Salesforce Partner Forum: The Internet of Things Opportunity
 
IoT, M2M: Three Events, Three Takeaways, Three To-Dos (IoT & The Connected De...
IoT, M2M: Three Events, Three Takeaways, Three To-Dos (IoT & The Connected De...IoT, M2M: Three Events, Three Takeaways, Three To-Dos (IoT & The Connected De...
IoT, M2M: Three Events, Three Takeaways, Three To-Dos (IoT & The Connected De...
 
Internet Of Things: Creativity, Innovation & The Internet of Things IOT World
Internet Of Things: Creativity, Innovation & The Internet of Things IOT WorldInternet Of Things: Creativity, Innovation & The Internet of Things IOT World
Internet Of Things: Creativity, Innovation & The Internet of Things IOT World
 
Forces of the Future That's Now - Peter Coffee at SoTeC 2015
Forces of the Future That's Now - Peter Coffee at SoTeC 2015Forces of the Future That's Now - Peter Coffee at SoTeC 2015
Forces of the Future That's Now - Peter Coffee at SoTeC 2015
 
Tech Talk: Isn’t One Authentication Mechanism z Systems Enough?
Tech Talk: Isn’t One Authentication Mechanism z Systems Enough?Tech Talk: Isn’t One Authentication Mechanism z Systems Enough?
Tech Talk: Isn’t One Authentication Mechanism z Systems Enough?
 
Forcing Functions: Reconceiving Everything - Peter Coffee at AITP San Diego C...
Forcing Functions: Reconceiving Everything - Peter Coffee at AITP San Diego C...Forcing Functions: Reconceiving Everything - Peter Coffee at AITP San Diego C...
Forcing Functions: Reconceiving Everything - Peter Coffee at AITP San Diego C...
 
Mastering Lightning Community Development
Mastering Lightning Community DevelopmentMastering Lightning Community Development
Mastering Lightning Community Development
 
Peter Doolan COGEL Quebec December 2013
Peter Doolan COGEL Quebec December 2013Peter Doolan COGEL Quebec December 2013
Peter Doolan COGEL Quebec December 2013
 
There is no Such Thing as Big Data - Jeremy Waite, StrategySalesforce Exactt...
There is no Such Thing as Big Data - Jeremy Waite, StrategySalesforce Exactt...There is no Such Thing as Big Data - Jeremy Waite, StrategySalesforce Exactt...
There is no Such Thing as Big Data - Jeremy Waite, StrategySalesforce Exactt...
 
Cybersecurity: Intelligence, innovation, and information warfare
Cybersecurity: Intelligence, innovation, and information warfareCybersecurity: Intelligence, innovation, and information warfare
Cybersecurity: Intelligence, innovation, and information warfare
 
3SIXTY_client_and_prospect_publication
3SIXTY_client_and_prospect_publication3SIXTY_client_and_prospect_publication
3SIXTY_client_and_prospect_publication
 

More from Salesforce Admins

Admin Best Practices: Dashboards for Every Admin
Admin Best Practices: Dashboards for Every AdminAdmin Best Practices: Dashboards for Every Admin
Admin Best Practices: Dashboards for Every AdminSalesforce Admins
 
Admin Best Practices: Building Useful Formulas
Admin Best Practices: Building Useful FormulasAdmin Best Practices: Building Useful Formulas
Admin Best Practices: Building Useful FormulasSalesforce Admins
 
Admin Best Practices: 3 Steps to Seamless Deployments
Admin Best Practices: 3 Steps to Seamless DeploymentsAdmin Best Practices: 3 Steps to Seamless Deployments
Admin Best Practices: 3 Steps to Seamless DeploymentsSalesforce Admins
 
Awesome Admins Automate: Integrate Flow with AI and Chatbots
Awesome Admins Automate: Integrate Flow with AI and ChatbotsAwesome Admins Automate: Integrate Flow with AI and Chatbots
Awesome Admins Automate: Integrate Flow with AI and ChatbotsSalesforce Admins
 
#AwesomeAdmins Automate: Create Triggered Flows and Batch Jobs
#AwesomeAdmins Automate: Create Triggered Flows and Batch Jobs#AwesomeAdmins Automate: Create Triggered Flows and Batch Jobs
#AwesomeAdmins Automate: Create Triggered Flows and Batch JobsSalesforce Admins
 
Admin Best Practices: Introducing Einstein Recommendation Builder
Admin Best Practices: Introducing Einstein Recommendation BuilderAdmin Best Practices: Introducing Einstein Recommendation Builder
Admin Best Practices: Introducing Einstein Recommendation BuilderSalesforce Admins
 
Admin Best Practices: Remove Security Risk From Your Org with a User Audit
Admin Best Practices: Remove Security Risk From Your Org with a User AuditAdmin Best Practices: Remove Security Risk From Your Org with a User Audit
Admin Best Practices: Remove Security Risk From Your Org with a User AuditSalesforce Admins
 
Essential Habits for New Admins
Essential Habits for New AdminsEssential Habits for New Admins
Essential Habits for New AdminsSalesforce Admins
 
Essential Habits for Salesforce Admins: Actionable Analytics
Essential Habits for Salesforce Admins: Actionable AnalyticsEssential Habits for Salesforce Admins: Actionable Analytics
Essential Habits for Salesforce Admins: Actionable AnalyticsSalesforce Admins
 
Essential Habits for Salesforce Admins: Security
Essential Habits for Salesforce Admins: SecurityEssential Habits for Salesforce Admins: Security
Essential Habits for Salesforce Admins: SecuritySalesforce Admins
 
Essential Habits for Salesforce Admins: Data Management
Essential Habits for Salesforce Admins: Data ManagementEssential Habits for Salesforce Admins: Data Management
Essential Habits for Salesforce Admins: Data ManagementSalesforce Admins
 
Essential Habits for Salesforce Admins: User Management
Essential Habits for Salesforce Admins: User ManagementEssential Habits for Salesforce Admins: User Management
Essential Habits for Salesforce Admins: User ManagementSalesforce Admins
 
Admin Best Practices: Explore the Power of Data with Tableau
Admin Best Practices: Explore the Power of Data with TableauAdmin Best Practices: Explore the Power of Data with Tableau
Admin Best Practices: Explore the Power of Data with TableauSalesforce Admins
 
Essential Habits for New Admins
Essential Habits for New AdminsEssential Habits for New Admins
Essential Habits for New AdminsSalesforce Admins
 
Admin trailhead Live: Leverage Einstein Search to Increase Productivity
Admin trailhead Live: Leverage Einstein Search to Increase ProductivityAdmin trailhead Live: Leverage Einstein Search to Increase Productivity
Admin trailhead Live: Leverage Einstein Search to Increase ProductivitySalesforce Admins
 
Admin Best Practices: Reports & Dashboards
Admin Best Practices: Reports & DashboardsAdmin Best Practices: Reports & Dashboards
Admin Best Practices: Reports & DashboardsSalesforce Admins
 
Trailhead Live: Essential Habits & Core Admin Responsibilities
Trailhead Live: Essential Habits & Core Admin ResponsibilitiesTrailhead Live: Essential Habits & Core Admin Responsibilities
Trailhead Live: Essential Habits & Core Admin ResponsibilitiesSalesforce Admins
 
Build AI-Powered Predictions with Einstein Prediction Builder
Build AI-Powered Predictions with Einstein Prediction BuilderBuild AI-Powered Predictions with Einstein Prediction Builder
Build AI-Powered Predictions with Einstein Prediction BuilderSalesforce Admins
 
Trailhead Live: Build an Awesome Team of Admins
Trailhead Live: Build an Awesome Team of AdminsTrailhead Live: Build an Awesome Team of Admins
Trailhead Live: Build an Awesome Team of AdminsSalesforce Admins
 
Semper Salesforce: Become a Salesforce Military Champion
Semper Salesforce: Become a Salesforce Military ChampionSemper Salesforce: Become a Salesforce Military Champion
Semper Salesforce: Become a Salesforce Military ChampionSalesforce Admins
 

More from Salesforce Admins (20)

Admin Best Practices: Dashboards for Every Admin
Admin Best Practices: Dashboards for Every AdminAdmin Best Practices: Dashboards for Every Admin
Admin Best Practices: Dashboards for Every Admin
 
Admin Best Practices: Building Useful Formulas
Admin Best Practices: Building Useful FormulasAdmin Best Practices: Building Useful Formulas
Admin Best Practices: Building Useful Formulas
 
Admin Best Practices: 3 Steps to Seamless Deployments
Admin Best Practices: 3 Steps to Seamless DeploymentsAdmin Best Practices: 3 Steps to Seamless Deployments
Admin Best Practices: 3 Steps to Seamless Deployments
 
Awesome Admins Automate: Integrate Flow with AI and Chatbots
Awesome Admins Automate: Integrate Flow with AI and ChatbotsAwesome Admins Automate: Integrate Flow with AI and Chatbots
Awesome Admins Automate: Integrate Flow with AI and Chatbots
 
#AwesomeAdmins Automate: Create Triggered Flows and Batch Jobs
#AwesomeAdmins Automate: Create Triggered Flows and Batch Jobs#AwesomeAdmins Automate: Create Triggered Flows and Batch Jobs
#AwesomeAdmins Automate: Create Triggered Flows and Batch Jobs
 
Admin Best Practices: Introducing Einstein Recommendation Builder
Admin Best Practices: Introducing Einstein Recommendation BuilderAdmin Best Practices: Introducing Einstein Recommendation Builder
Admin Best Practices: Introducing Einstein Recommendation Builder
 
Admin Best Practices: Remove Security Risk From Your Org with a User Audit
Admin Best Practices: Remove Security Risk From Your Org with a User AuditAdmin Best Practices: Remove Security Risk From Your Org with a User Audit
Admin Best Practices: Remove Security Risk From Your Org with a User Audit
 
Essential Habits for New Admins
Essential Habits for New AdminsEssential Habits for New Admins
Essential Habits for New Admins
 
Essential Habits for Salesforce Admins: Actionable Analytics
Essential Habits for Salesforce Admins: Actionable AnalyticsEssential Habits for Salesforce Admins: Actionable Analytics
Essential Habits for Salesforce Admins: Actionable Analytics
 
Essential Habits for Salesforce Admins: Security
Essential Habits for Salesforce Admins: SecurityEssential Habits for Salesforce Admins: Security
Essential Habits for Salesforce Admins: Security
 
Essential Habits for Salesforce Admins: Data Management
Essential Habits for Salesforce Admins: Data ManagementEssential Habits for Salesforce Admins: Data Management
Essential Habits for Salesforce Admins: Data Management
 
Essential Habits for Salesforce Admins: User Management
Essential Habits for Salesforce Admins: User ManagementEssential Habits for Salesforce Admins: User Management
Essential Habits for Salesforce Admins: User Management
 
Admin Best Practices: Explore the Power of Data with Tableau
Admin Best Practices: Explore the Power of Data with TableauAdmin Best Practices: Explore the Power of Data with Tableau
Admin Best Practices: Explore the Power of Data with Tableau
 
Essential Habits for New Admins
Essential Habits for New AdminsEssential Habits for New Admins
Essential Habits for New Admins
 
Admin trailhead Live: Leverage Einstein Search to Increase Productivity
Admin trailhead Live: Leverage Einstein Search to Increase ProductivityAdmin trailhead Live: Leverage Einstein Search to Increase Productivity
Admin trailhead Live: Leverage Einstein Search to Increase Productivity
 
Admin Best Practices: Reports & Dashboards
Admin Best Practices: Reports & DashboardsAdmin Best Practices: Reports & Dashboards
Admin Best Practices: Reports & Dashboards
 
Trailhead Live: Essential Habits & Core Admin Responsibilities
Trailhead Live: Essential Habits & Core Admin ResponsibilitiesTrailhead Live: Essential Habits & Core Admin Responsibilities
Trailhead Live: Essential Habits & Core Admin Responsibilities
 
Build AI-Powered Predictions with Einstein Prediction Builder
Build AI-Powered Predictions with Einstein Prediction BuilderBuild AI-Powered Predictions with Einstein Prediction Builder
Build AI-Powered Predictions with Einstein Prediction Builder
 
Trailhead Live: Build an Awesome Team of Admins
Trailhead Live: Build an Awesome Team of AdminsTrailhead Live: Build an Awesome Team of Admins
Trailhead Live: Build an Awesome Team of Admins
 
Semper Salesforce: Become a Salesforce Military Champion
Semper Salesforce: Become a Salesforce Military ChampionSemper Salesforce: Become a Salesforce Military Champion
Semper Salesforce: Become a Salesforce Military Champion
 

Recently uploaded

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsAndrey Dotsenko
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 

Recently uploaded (20)

Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 

Building Rock Solid Passwords - Mark Slayton

  • 1. Building Rock Solid Passwords Dreamforce ‘15 Admin Theater ​ Mark D. Slayton ​ Consultant, Red Argyle ​ mark@redargyle.com ​ @Mark_D_Slayton ​ 
  • 2. ​ Safe harbor statement under the Private Securities Litigation Reform Act of 1995: ​ This presentation may contain forward-looking statements that involve risks, uncertainties, and assumptions. If any such uncertainties materialize or if any of the assumptions proves incorrect, the results of salesforce.com, inc. could differ materially from the results expressed or implied by the forward-looking statements we make. All statements other than statements of historical fact could be deemed forward- looking, including any projections of product or service availability, subscriber growth, earnings, revenues, or other financial items and any statements regarding strategies or plans of management for future operations, statements of belief, any statements concerning new, planned, or upgraded services or technology developments and customer contracts or use of our services. ​ The risks and uncertainties referred to above include – but are not limited to – risks associated with developing and delivering new functionality for our service, new products and services, our new business model, our past operating losses, possible fluctuations in our operating results and rate of growth, interruptions or delays in our Web hosting, breach of our security measures, the outcome of any litigation, risks associated with completed and any possible mergers and acquisitions, the immature market in which we operate, our relatively limited operating history, our ability to expand, retain, and motivate our employees and manage our growth, new releases of our service and successful customer deployment, our limited history reselling non-salesforce.com products, and utilization and selling to larger enterprise customers. Further information on potential factors that could affect the financial results of salesforce.com, inc. is included in our annual report on Form 10-K for the most recent fiscal year and in our quarterly report on Form 10-Q for the most recent fiscal quarter. These documents and others containing important disclosures are available on the SEC Filings section of the Investor Information section of our Web site. ​ Any unreleased services or features referenced in this or other presentations, press releases or public statements are not currently available and may not be delivered on time or at all. Customers who purchase our services should make the purchase decisions based upon features that are currently available. Salesforce.com, inc. assumes no obligation and does not intend to update these forward-looking statements. Safe Harbor
  • 4. ​ How and Why Passwords Work ​ What Makes Passwords Strong (or Weak) ​ How to Build Stronger Passwords In the next 15 minutes, you’ll learn… Today’s Topics
  • 5. Why Does This Matter? And Why Do I Need To Understand It?
  • 6. 1. They’re Your First Line of Defense. Why Does This Matter? “Keep Out” by Flickr user Justin Jensen. Used under Creative Commons CC BY 2.0
  • 7. 2. Security you don’t understand is “magic”. Why Does This Matter? “ritual” by Flickr user Paul Stevenson. Used under Creative Commons CC BY 2.0
  • 8. 3. Hackers Understand This Stuff. Why Does This Matter? “HTML Code” by Flickr user Marjan Krebelj. Used under Creative Commons CC BY 2.0
  • 9. ​ Known to Few ​ Hard to Guess How do Passwords Work? ​ This isn’t exactly new technology.
  • 10. What “Hard to Guess” Means ​ 40-digit wheel ​ 3 number combination ​ 64,000 possible settings ​ Strength in Randomness “Combination Lock” by Flickr user Sh4rp_i. Used under Creative Commons CC BY 2.0
  • 11. The Universal Weakness Brute Force Attacks “Venice Muscle Beach” by Flickr user Lin Mei. Used under Creative Commons CC BY 2.0
  • 12. We’re Gonna Need a Bigger Haystack How We Cope: Entropy “There’s a needle in there somewhere” by Flickr user theilr. Used under Creative Commons CC BY 2.0
  • 13. Let’s See How Bad It Can Get Here’s a worst-case scenario…
  • 14. Worst-Case Scenario ​ Somebody Has Access To Your System ​ Trillion Password per Second Processing Speed ​ How Long Will These Passwords Last? ​ Welcome to Siege Warfare “Cannon on Macau” by Flickr user Marcus Meissner. Used under Creative Commons CC BY 2.0
  • 15. meanbear ​ 52 ^ 8 Possible Values ​ ~53 Trillion ​ Lasts 1 minute ​ 62 ^ 8 Possible Values ​ ~218 Trillion ​ Lasts 3.5 minutes ​ 94 ^ 8 Possible Values ​ ~6 Quadrillion (or 6 thousand trillion) ​ Lasts 1.7 hours MeaNbeaR M3aNbe4R M3@Nb#4R ​ 26 ^ 8 Possible Values ​ ~200 Billion ​ Lasts 0.2 Seconds Password Breakdown
  • 16. More Values means More Security Complexity Helps “Alphabet Soup” by Flickr user Scott Veg. Used under Creative Commons CC BY 2.0
  • 18. ​ 26 ^ 11 Possible Values ​ ~3.6 Quadrillion (or 3.6 thousand trillion) ​ Lasts about an hour Will It Work? bigmeanbear
  • 19. …in my opinion Length Beats Complexity “Measuring Tape” by Flickr user Sean MacEntee. Used under Creative Commons CC BY 2.0
  • 20. Time for a confession.
  • 21. …I lied. But at least I admitted it!
  • 22. The Truth about “bigmeanbear” ​ Only about a million possible values. ​ Lasts less than the blink of an eye. ​ It never stood a chance. “Broken Lock” by Flickr user lyudagreen. Used under Creative Commons CC BY 2.0
  • 23. It’s a Human Condition We Are Really Bad At This “brain power” by Flickr user Allan Ajifo. Used under Creative Commons CC BY 2.0
  • 24. Combining Complexity and Memorability The “Secret Sauce” of Password Security
  • 25. So Simple, Anyone Can Do It! One Possible Method: Diceware “Dice” by Flickr user Toshiyuki IMAI. Used under Creative Commons CC BY 2.0
  • 27. So. how does the math work out? Some Sample Passwords
  • 28. ​ 7776 ^ 5 Possible Values ​ ~28 Quintillion, or 28 million trillion ​ Lasts about 1 year da-pier-monad-(-henry
  • 29. 21-buteo-burtt-maid-87th-yoke ​ 7776 ^ 6 Possible Values ​ 221 Sextillion, or 221 trillion trillion ​ Over 200x the number of stars in the universe ​ Lasts 7000 years ​ You heard me. “M1: The Crab Nebula from Hubble”. Image Credit NASA/ESA/J. Hester/A Loll
  • 30. “I’ll Never Remember That.” – My Wife, Mia ​ Use a shorter (but still complete) word list ​ Fewer options requires more length ​ She has a point.
  • 31. sell-located-suddenly-position-close-lost-truck-addition ​ 1000 ^ 8 Possible Values ​ 1 Septillion, or 1 trillion trillion ​ Lasts 32 thousand years ​ The rhyming is a lucky coincidence.
  • 32. •  Passwords Work through Secrecy and Randomness •  Jibberish is Good, Length is (Probably) Better •  Make It Long, But Memorable What Did We Learn Today? Take-Aways