1 00:00:00,000 --> 00:00:48,804 [MUSIC PLAYING] 2 00:00:48,804 --> 00:00:51,460 DAVID J. MALAN: All right, this is CS50. 3 00:00:51,460 --> 00:00:53,620 And this is not a typical week of CS50. 4 00:00:53,620 --> 00:00:57,400 Indeed, we're midweek here in the fall of 2020 5 00:00:57,400 --> 00:01:00,340 here on campus, which would normally be first year family 6 00:01:00,340 --> 00:01:02,942 weekend, an opportunity for the parents and family members 7 00:01:02,942 --> 00:01:05,650 of the undergraduates here at Harvard to actually come to campus, 8 00:01:05,650 --> 00:01:10,300 sit in on classes, attend talks, and get to know their students in situ 9 00:01:10,300 --> 00:01:11,500 here right on campus. 10 00:01:11,500 --> 00:01:14,170 Of course, this particular year, all of us 11 00:01:14,170 --> 00:01:16,960 are staying afar, digitally, except those of us 12 00:01:16,960 --> 00:01:20,560 who are actually here living in Cambridge itself already. 13 00:01:20,560 --> 00:01:23,800 And so what we thought we would do this year is hold a virtual talk of sorts, 14 00:01:23,800 --> 00:01:27,100 a virtual discussion focused on one topic that doesn't require 15 00:01:27,100 --> 00:01:29,470 any prior familiarity with computer science, 16 00:01:29,470 --> 00:01:32,020 does not require that you be in or have taken 17 00:01:32,020 --> 00:01:35,350 CS50 itself because it's about a topic that's at least in part 18 00:01:35,350 --> 00:01:36,970 familiar to all of us. 19 00:01:36,970 --> 00:01:40,270 Even if it's a little bit less familiar technically, 20 00:01:40,270 --> 00:01:43,180 it's certainly familiar to all of us as users of technology. 21 00:01:43,180 --> 00:01:45,702 And that topic is security or cybersecurity. 22 00:01:45,702 --> 00:01:47,410 And what we propose today is that we have 23 00:01:47,410 --> 00:01:51,070 a discussion about how you might go about keeping your own computer-- be 24 00:01:51,070 --> 00:01:53,680 it a laptop or desktop or your own phone, which 25 00:01:53,680 --> 00:01:56,530 is also a form of computer-- secure. 26 00:01:56,530 --> 00:01:59,140 And I daresay that this topic, even though we'll 27 00:01:59,140 --> 00:02:02,080 get into some of the technicalities of what it means to be secure, 28 00:02:02,080 --> 00:02:06,520 is familiar in the sense that all of us think about or encounter good security 29 00:02:06,520 --> 00:02:08,770 and bad security in the real world every day. 30 00:02:08,770 --> 00:02:11,860 Think about the home that you live in, be it a house or an apartment 31 00:02:11,860 --> 00:02:13,750 or a dormitory or somewhere else. 32 00:02:13,750 --> 00:02:16,190 Typically, you'll have things, like, locks on the doors. 33 00:02:16,190 --> 00:02:18,190 And you might even, depending on where you live, 34 00:02:18,190 --> 00:02:20,660 have bars on the windows and the like. 35 00:02:20,660 --> 00:02:24,997 But typically, there are manifestations of security at different levels. 36 00:02:24,997 --> 00:02:26,080 And I mean that literally. 37 00:02:26,080 --> 00:02:28,450 For instance, in a typical city, there might be bars 38 00:02:28,450 --> 00:02:32,740 on the first floor windows, but not on the second floor or the third floor. 39 00:02:32,740 --> 00:02:35,410 And that is to say that someone could technically 40 00:02:35,410 --> 00:02:38,735 make their way into your home by way of the second floor or the third floor, 41 00:02:38,735 --> 00:02:41,860 but it's going to be more difficult, of course, because they need a ladder. 42 00:02:41,860 --> 00:02:43,600 They need some other form of physical access 43 00:02:43,600 --> 00:02:45,280 to a height like that, at which point, they're probably 44 00:02:45,280 --> 00:02:46,660 going to attract more attention. 45 00:02:46,660 --> 00:02:50,260 And so the probability that an adversary is 46 00:02:50,260 --> 00:02:53,020 going to break into your home given that they 47 00:02:53,020 --> 00:02:56,410 have to actually rise to that level and get above the first floor 48 00:02:56,410 --> 00:02:58,150 is probably relatively low. 49 00:02:58,150 --> 00:02:59,025 It's not zero. 50 00:02:59,025 --> 00:03:01,900 There's nothing stopping someone technically from pulling up a ladder 51 00:03:01,900 --> 00:03:05,290 and going into that open window or the light that has no bars. 52 00:03:05,290 --> 00:03:06,490 But it's less likely. 53 00:03:06,490 --> 00:03:10,060 And that's actually a good way to think about security in the digital world 54 00:03:10,060 --> 00:03:13,660 as well, that there's really no such thing as secure. 55 00:03:13,660 --> 00:03:16,300 Like, your phone is not secure fundamentally. 56 00:03:16,300 --> 00:03:20,380 Your laptop, your desktop is not secure fundamentally. 57 00:03:20,380 --> 00:03:22,090 It's secure to some extent. 58 00:03:22,090 --> 00:03:26,530 It might be secure against certain attacks or certain types of adversaries 59 00:03:26,530 --> 00:03:29,360 or adversaries with certain amounts of resources. 60 00:03:29,360 --> 00:03:33,490 And those resources might be time, might be money, might be technical savvy. 61 00:03:33,490 --> 00:03:35,440 But it really is going to be a trade-off. 62 00:03:35,440 --> 00:03:39,520 And so while a bit unfortunate, one way of thinking about security 63 00:03:39,520 --> 00:03:42,760 is that you don't want to be a secure in an absolute sense. 64 00:03:42,760 --> 00:03:46,750 In the real world, you want to be more secure than your neighbor's house, 65 00:03:46,750 --> 00:03:47,690 for instance. 66 00:03:47,690 --> 00:03:52,030 You want to somehow raise the bar, either physically or metaphorically, 67 00:03:52,030 --> 00:03:55,150 to the adversary so that it's going to take that adversary just too 68 00:03:55,150 --> 00:03:59,230 much time, too much money too much effort to break into your home 69 00:03:59,230 --> 00:04:01,810 that they might as well just go next door instead. 70 00:04:01,810 --> 00:04:04,720 And the same is going to be true in the world of computers. 71 00:04:04,720 --> 00:04:08,080 But we're going to measure the security of systems 72 00:04:08,080 --> 00:04:10,870 more computationally, not so much physically. 73 00:04:10,870 --> 00:04:15,560 So with that said, let me invite you to open up this URL here on your screen. 74 00:04:15,560 --> 00:04:18,579 If you're using a laptop or desktop, go ahead and just open it up 75 00:04:18,579 --> 00:04:20,560 in a separate tab in another browser. 76 00:04:20,560 --> 00:04:22,900 If you're on your phone, you can go back and forth 77 00:04:22,900 --> 00:04:25,960 between two windows most likely, depending on your operating system. 78 00:04:25,960 --> 00:04:28,418 But go ahead, when you have a moment, and open up this URL. 79 00:04:28,418 --> 00:04:31,390 And we'll use this URL to ask a few interactive questions 80 00:04:31,390 --> 00:04:33,580 that you can respond to digitally. 81 00:04:33,580 --> 00:04:37,850 And we'll also take questions and comments throughout today as well. 82 00:04:37,850 --> 00:04:41,110 So with that said, what does it mean to be secure, then? 83 00:04:41,110 --> 00:04:43,090 Let's take a couple of thoughts on this. 84 00:04:43,090 --> 00:04:46,690 What do you think of the word "secure" as meaning 85 00:04:46,690 --> 00:04:50,950 in the context of your phone, of your computer, of your home? 86 00:04:50,950 --> 00:04:52,390 Interpret as you will. 87 00:04:52,390 --> 00:04:57,250 What does it mean to be secure, would you say? 88 00:04:57,250 --> 00:05:01,600 Any digital hands in Zoom? 89 00:05:01,600 --> 00:05:03,340 If you're feeling shy, feel free to chime 90 00:05:03,340 --> 00:05:05,890 in via the chat and Brian can proxy. 91 00:05:05,890 --> 00:05:09,220 But otherwise, do feel free to raise your hand virtually 92 00:05:09,220 --> 00:05:12,550 if you would like to offer your definition. 93 00:05:12,550 --> 00:05:16,210 Yeah, how about over to Pranav, if I'm pronouncing it right? 94 00:05:16,210 --> 00:05:17,940 What does it mean to be secure? 95 00:05:17,940 --> 00:05:21,790 PRANAV: Yeah, I think it means, by security, 96 00:05:21,790 --> 00:05:28,945 you mean to protect all the data that's stored on a particular system 97 00:05:28,945 --> 00:05:31,090 if we're talking about technology. 98 00:05:31,090 --> 00:05:37,360 And at least make it hard and buy yourself enough time 99 00:05:37,360 --> 00:05:44,000 that a certain person may not hack into your system at the current moment 100 00:05:44,000 --> 00:05:44,500 because-- 101 00:05:44,500 --> 00:05:45,185 DAVID J. MALAN: Good. 102 00:05:45,185 --> 00:05:46,240 PRANAV: --let's face it. 103 00:05:46,240 --> 00:05:51,340 You may not be able to protect your system for your entire lifetime. 104 00:05:51,340 --> 00:05:57,747 But I would say, at least buy yourself, continuously buy yourself time. 105 00:05:57,747 --> 00:05:59,080 DAVID J. MALAN: OK, I like that. 106 00:05:59,080 --> 00:06:03,590 So security is all about keeping someone out of your resources. 107 00:06:03,590 --> 00:06:07,930 But as I myself have claimed thus far, that's hard to argue in the absolute. 108 00:06:07,930 --> 00:06:13,960 Really you want your system to just take too much time to compromise, your phone 109 00:06:13,960 --> 00:06:16,840 or your laptop to take too much time to compromise, at which point 110 00:06:16,840 --> 00:06:21,400 you're sort of probabilistically, statistically safe against adversaries. 111 00:06:21,400 --> 00:06:24,490 Because again, they're not going to want to waste that much time or effort 112 00:06:24,490 --> 00:06:27,790 or money hacking into your particular system versus someone else. 113 00:06:27,790 --> 00:06:30,940 Now, there are different ways that you and I in the real world 114 00:06:30,940 --> 00:06:34,180 try to keep our laptops and our phones secure. 115 00:06:34,180 --> 00:06:37,240 And one of those most popular mechanisms is, of course, passwords. 116 00:06:37,240 --> 00:06:41,320 Passwords, being some kind of phrase, some kind of number that you actually 117 00:06:41,320 --> 00:06:45,850 configure your device with so that ideally, only you know that password. 118 00:06:45,850 --> 00:06:49,570 And only you, therefore, can get into the device by using that password. 119 00:06:49,570 --> 00:06:51,940 And so by a show of physical hands, how many of you 120 00:06:51,940 --> 00:06:55,090 have passwords on your laptops or desktops 121 00:06:55,090 --> 00:06:56,890 if you use one of those devices? 122 00:06:56,890 --> 00:06:59,260 So almost all of the hands are going up. 123 00:06:59,260 --> 00:07:02,320 Those of you who don't have your hand going up, you've probably made, 124 00:07:02,320 --> 00:07:04,870 I presume, a conscious choice to not use a password. 125 00:07:04,870 --> 00:07:06,342 Maybe it's annoying to type in. 126 00:07:06,342 --> 00:07:08,050 Maybe you don't really worry about anyone 127 00:07:08,050 --> 00:07:09,508 around you getting into the device. 128 00:07:09,508 --> 00:07:13,120 But you should concede or recognize that there is therefore a threat. 129 00:07:13,120 --> 00:07:16,690 It's much easier for someone to get into your laptop or desktop 130 00:07:16,690 --> 00:07:20,630 then into that of anyone else who raised their hand just a moment ago. 131 00:07:20,630 --> 00:07:25,150 Now, those of you who have a phone, a mobile device, those 132 00:07:25,150 --> 00:07:27,100 of you with that device, how many of you have 133 00:07:27,100 --> 00:07:31,300 a password or a passcode on that device, on your phone? 134 00:07:31,300 --> 00:07:32,785 So somewhat fewer hands I'm seeing. 135 00:07:32,785 --> 00:07:34,660 So it's good that so many hands are going up. 136 00:07:34,660 --> 00:07:36,850 But there, too, it seems that some of you don't have. 137 00:07:36,850 --> 00:07:39,017 And hopefully, you've thought about the implications 138 00:07:39,017 --> 00:07:43,210 of that, which means that your parents, your siblings, a stranger, if they just 139 00:07:43,210 --> 00:07:45,760 physically pick up your phone, whether it's in your home 140 00:07:45,760 --> 00:07:49,620 or in a cafe or an airport, has immediate access to all of your data. 141 00:07:49,620 --> 00:07:51,340 So arguably, much less secure, certainly, 142 00:07:51,340 --> 00:07:53,660 than someone that requires a password. 143 00:07:53,660 --> 00:07:58,180 But let's consider how we can measure the security of your phone, 144 00:07:58,180 --> 00:08:00,130 measure the security of your computer, just 145 00:08:00,130 --> 00:08:03,700 by using this simple familiar mechanism, like, a password. 146 00:08:03,700 --> 00:08:06,625 So it turns out that you and I, frankly, as humans, 147 00:08:06,625 --> 00:08:09,250 aren't very good at picking these passwords in the first place. 148 00:08:09,250 --> 00:08:12,820 As of 2019, just some months ago at year's end, 149 00:08:12,820 --> 00:08:16,510 this was determined by security researchers to be sadly, 150 00:08:16,510 --> 00:08:21,580 the most common password in the world, literally, 123456. 151 00:08:21,580 --> 00:08:23,680 That was the most common password according 152 00:08:23,680 --> 00:08:28,360 to many measures this past year among those passwords that were known. 153 00:08:28,360 --> 00:08:32,440 Number two on the list was slightly better, 123456789. 154 00:08:32,440 --> 00:08:34,206 After that was qwerty. 155 00:08:34,206 --> 00:08:37,539 If that one looks a little weird, if you have a US English keyboard and you look 156 00:08:37,539 --> 00:08:42,580 at the top left row of your keys, Q-W-E-R-T-Y is what they would spell 157 00:08:42,580 --> 00:08:43,659 on a US keyboard. 158 00:08:43,659 --> 00:08:46,760 People are really not trying very hard to come up with their password, 159 00:08:46,760 --> 00:08:49,420 even though it's not technically an English word, per se. 160 00:08:49,420 --> 00:08:54,160 Password was the number four most popular password, P-A-S-S-W-O-R-D, 161 00:08:54,160 --> 00:08:57,370 which is a little too tongue in cheek to be at all secure. 162 00:08:57,370 --> 00:09:03,520 After that was slightly worse, 1234567; after that, 12345678; after that, 163 00:09:03,520 --> 00:09:04,690 12345. 164 00:09:04,690 --> 00:09:06,400 You can perhaps see the pattern here. 165 00:09:06,400 --> 00:09:08,920 After that was, adorably, iloveyou. 166 00:09:08,920 --> 00:09:12,910 But if you think you're being clever by having iloveyou as your password, 167 00:09:12,910 --> 00:09:15,190 well, there's a lot of other humans in the world that 168 00:09:15,190 --> 00:09:16,930 think they're being cute, too. 169 00:09:16,930 --> 00:09:19,990 111111 was also popular. 170 00:09:19,990 --> 00:09:23,020 And then lastly, 123123. 171 00:09:23,020 --> 00:09:24,460 So now why these passwords? 172 00:09:24,460 --> 00:09:27,880 You can perhaps infer from this list why some of these passwords 173 00:09:27,880 --> 00:09:29,170 are the way that they are. 174 00:09:29,170 --> 00:09:34,510 Odds are these people were using these passwords on phones or on websites 175 00:09:34,510 --> 00:09:38,500 or in other systems that probably had, like, a minimum password length. 176 00:09:38,500 --> 00:09:42,670 These people probably needed a password that was six characters long. 177 00:09:42,670 --> 00:09:47,030 These people probably needed one that was nine characters long, and so forth. 178 00:09:47,030 --> 00:09:49,360 So you can perhaps see some manifestations of policies 179 00:09:49,360 --> 00:09:53,200 that companies and universities and software manufacturers 180 00:09:53,200 --> 00:09:54,520 might have in place. 181 00:09:54,520 --> 00:09:57,310 But suffice it to say, if your password is on this list, 182 00:09:57,310 --> 00:10:00,100 your first takeaway from today's discussion 183 00:10:00,100 --> 00:10:02,440 should be change that password-- 184 00:10:02,440 --> 00:10:04,713 at least if you care about the account. 185 00:10:04,713 --> 00:10:06,880 And I would argue, too, and we'll come back to this, 186 00:10:06,880 --> 00:10:09,520 it really probably should figure into your decision making 187 00:10:09,520 --> 00:10:10,810 what type of account it is. 188 00:10:10,810 --> 00:10:14,020 If it's for some silly website or game that you're never going to use again, 189 00:10:14,020 --> 00:10:15,250 maybe it's not a big deal. 190 00:10:15,250 --> 00:10:19,000 If it's your bank account, your student record, something medical related, 191 00:10:19,000 --> 00:10:22,040 probably you really don't want your password on this list. 192 00:10:22,040 --> 00:10:26,980 So there, too, consider the context in which we make all of today's decisions. 193 00:10:26,980 --> 00:10:28,900 Now, why are these passwords bad? 194 00:10:28,900 --> 00:10:32,120 And why are passwords themselves potentially at risk? 195 00:10:32,120 --> 00:10:36,130 So a term of art in computer science is that of brute force attacks. 196 00:10:36,130 --> 00:10:38,590 And this kind of is what it says. 197 00:10:38,590 --> 00:10:42,990 This refers to an adversary-- someone who's out to get you or get someone-- 198 00:10:42,990 --> 00:10:50,290 has a device or writes software that tries to just guess your password. 199 00:10:50,290 --> 00:10:53,590 Brute force attack means that if they don't know your password, 200 00:10:53,590 --> 00:10:55,990 they're not just going to try random numbers necessarily. 201 00:10:55,990 --> 00:10:58,570 They're going to try 111111. 202 00:10:58,570 --> 00:11:01,420 And then they're going to try 111112. 203 00:11:01,420 --> 00:11:06,580 Then they're going to try 111113, either manually, by typing it into the phone 204 00:11:06,580 --> 00:11:09,970 that they might have stolen off of you, or maybe by writing software, 205 00:11:09,970 --> 00:11:12,760 and then connecting that software via a laptop 206 00:11:12,760 --> 00:11:17,320 or desktop to your phone via USB cable or lightning connector or the like. 207 00:11:17,320 --> 00:11:19,390 A brute force attack pretty much just means 208 00:11:19,390 --> 00:11:23,320 that the adversary doesn't necessarily know anything about you-- your name, 209 00:11:23,320 --> 00:11:26,450 your birthday, your children's names, nothing like that. 210 00:11:26,450 --> 00:11:29,450 But they do have a lot of time or a lot of skill. 211 00:11:29,450 --> 00:11:32,140 And so they're just going to try all possible passwords. 212 00:11:32,140 --> 00:11:35,620 And what's eye opening, I think, about this type of attack 213 00:11:35,620 --> 00:11:37,420 is that it already gives us an opportunity 214 00:11:37,420 --> 00:11:41,200 to start thinking about how can we protect ourselves against an attack? 215 00:11:41,200 --> 00:11:45,700 And just right now, how secure are your accounts on your phones and computers 216 00:11:45,700 --> 00:11:47,590 against brute force attacks? 217 00:11:47,590 --> 00:11:49,990 Well, let's consider how an adversary might do this. 218 00:11:49,990 --> 00:11:52,120 This is kind of a silly YouTube video here. 219 00:11:52,120 --> 00:11:55,420 But let me go ahead and play this animation, really, 220 00:11:55,420 --> 00:12:01,630 which shows a small robot of sorts that is typing using this little robotic arm 221 00:12:01,630 --> 00:12:03,490 onto an Android phone down there. 222 00:12:03,490 --> 00:12:04,987 There's a zoomed in version of it. 223 00:12:04,987 --> 00:12:06,820 And pretty much this is a brute force attack 224 00:12:06,820 --> 00:12:10,330 by a robot, a physical device that an adversary has designed 225 00:12:10,330 --> 00:12:12,390 to just type in all possible passcodes. 226 00:12:12,390 --> 00:12:14,140 And even though the video itself is short, 227 00:12:14,140 --> 00:12:17,530 you can imagine the adversary going about their day, going to sleep. 228 00:12:17,530 --> 00:12:20,980 And this thing just keeps brute forcing its way through your password. 229 00:12:20,980 --> 00:12:25,060 So eventually, it might get lucky and stumble upon whatever code you 230 00:12:25,060 --> 00:12:26,770 were indeed using. 231 00:12:26,770 --> 00:12:30,803 But of course, there's probably other threats, too. 232 00:12:30,803 --> 00:12:31,720 There's other threats. 233 00:12:31,720 --> 00:12:34,900 In fact, anyone who's taken CS50 or CS50x or even 234 00:12:34,900 --> 00:12:38,920 just the first few weeks of it, learning a little bit of C or Python, 235 00:12:38,920 --> 00:12:41,770 both of which are common programming languages, anyone 236 00:12:41,770 --> 00:12:44,020 who knows a little bit about programming can certainly 237 00:12:44,020 --> 00:12:48,160 write software that simulates what that robot was physically doing. 238 00:12:48,160 --> 00:12:51,790 And the thing about software is as soon as you don't have any moving parts, 239 00:12:51,790 --> 00:12:54,940 you can do things much, much faster because it's all electronic. 240 00:12:54,940 --> 00:12:56,630 It's not at all mechanical. 241 00:12:56,630 --> 00:13:00,520 And so in this case, what if I were to steal your phone off 242 00:13:00,520 --> 00:13:04,060 of you, for instance, write some software on my Mac or PC, 243 00:13:04,060 --> 00:13:06,730 and then plug my Mac or PC into your phone 244 00:13:06,730 --> 00:13:09,580 with, again, a USB cable or a lightning connector, 245 00:13:09,580 --> 00:13:14,050 such that I could write code that tries all possible passcodes again and again? 246 00:13:14,050 --> 00:13:16,810 For instance, suppose that your phone is using-- 247 00:13:16,810 --> 00:13:21,790 and this is not an uncommon default on iPhones or on Android phones, 248 00:13:21,790 --> 00:13:23,020 at least in the past-- 249 00:13:23,020 --> 00:13:24,070 four digits. 250 00:13:24,070 --> 00:13:26,170 Suppose that you're required to choose minimally 251 00:13:26,170 --> 00:13:30,520 a passcode or password, synonymous here, that are four digits long. 252 00:13:30,520 --> 00:13:33,010 And we're talking decimal digits, so 0 through 9. 253 00:13:33,010 --> 00:13:35,350 So 0, 1, 2, 3, 4, 5, 6, 7, 8, 9, you need 254 00:13:35,350 --> 00:13:38,170 to choose four of those digits in some pattern. 255 00:13:38,170 --> 00:13:44,230 Well, how many possible passcodes are there that are four digits long? 256 00:13:44,230 --> 00:13:48,700 If your passcode is 4 digits long, you can begin to think about the security 257 00:13:48,700 --> 00:13:52,900 of your passcode in terms of, well, how long would it take an adversary 258 00:13:52,900 --> 00:13:58,210 to brute force their way to my actual password starting at 0000, 259 00:13:58,210 --> 00:14:01,135 going all the way up to, for instance, 9999. 260 00:14:01,135 --> 00:14:03,010 Well, let me go ahead and open up the screen. 261 00:14:03,010 --> 00:14:07,330 If you pull up that same URL from before, you'll see in just a moment 262 00:14:07,330 --> 00:14:12,070 a poll that'll ask you this very same question, that being, 263 00:14:12,070 --> 00:14:15,338 how many 4-digit passcodes are possible? 264 00:14:15,338 --> 00:14:17,380 In just a moment, you'll see this on your screen. 265 00:14:17,380 --> 00:14:19,750 Let me go ahead and full screen it on my end as well. 266 00:14:19,750 --> 00:14:22,600 Go again to the URL that's atop my screen here, 267 00:14:22,600 --> 00:14:26,770 if you missed the URL earlier or happened to close the tab. 268 00:14:26,770 --> 00:14:31,180 How many 4-digit passcodes are possible? 269 00:14:31,180 --> 00:14:33,910 How many 4-digit passcodes are possible? 270 00:14:33,910 --> 00:14:40,180 Among the answers here are 4 or 40 or 9,999 or maybe 10,000-- 271 00:14:40,180 --> 00:14:42,940 or quite fine, too, you're unsure. 272 00:14:42,940 --> 00:14:50,170 Go ahead and buzz in with one of those responses, if you could. 273 00:14:50,170 --> 00:14:53,140 All right, looks like we have got a few hundred responses thus far. 274 00:14:53,140 --> 00:14:56,520 We'll give you a few more seconds to buzz in. 275 00:14:56,520 --> 00:14:59,160 And let me go ahead and begin to reveal the results here. 276 00:14:59,160 --> 00:15:03,645 So it looks like quite a few of you, 60-plus% 277 00:15:03,645 --> 00:15:05,520 think it's 10,000 possibilities. 278 00:15:05,520 --> 00:15:08,730 27% of you think it's 9,999 possibilities. 279 00:15:08,730 --> 00:15:10,590 And then a few others think it's 40 or four. 280 00:15:10,590 --> 00:15:12,210 And a bunch of you are unsure. 281 00:15:12,210 --> 00:15:14,130 So let's consider, then, how we would answer 282 00:15:14,130 --> 00:15:17,670 this question so that we have a mental model for answering this on our own. 283 00:15:17,670 --> 00:15:20,950 Let me go ahead and propose that to answer this question, 284 00:15:20,950 --> 00:15:22,770 we just do some very simple arithmetic. 285 00:15:22,770 --> 00:15:24,600 It doesn't need to get very complicated. 286 00:15:24,600 --> 00:15:28,090 But the math could be thought of in the following way. 287 00:15:28,090 --> 00:15:31,980 If we've got a 4-digit passcode, that's four digits, each of which 288 00:15:31,980 --> 00:15:33,420 can be zero through nine. 289 00:15:33,420 --> 00:15:34,770 And there's 10 total digits. 290 00:15:34,770 --> 00:15:37,680 Therefore zero through 9. 291 00:15:37,680 --> 00:15:42,490 Eight nine so 10 possible values for each of those four digits. 292 00:15:42,490 --> 00:15:44,790 So if that's the case, I think it's fair to say 293 00:15:44,790 --> 00:15:48,480 that there's 10 possibilities for the first digit times 10 possibilities 294 00:15:48,480 --> 00:15:51,507 for the second times 10 times 10. 295 00:15:51,507 --> 00:15:53,340 And of course, if you multiply this all out, 296 00:15:53,340 --> 00:15:56,680 the answer was indeed 10,000 possibilities. 297 00:15:56,680 --> 00:15:59,370 So if you have an iPhone or an Android phone right now 298 00:15:59,370 --> 00:16:03,060 and you've got a 4-digit passcode that you think no one knows, 299 00:16:03,060 --> 00:16:04,800 that may very well be the case. 300 00:16:04,800 --> 00:16:07,200 But you should worry about or consider, well, 301 00:16:07,200 --> 00:16:10,740 what happens if a friend with a fancy robot connects your phone to that 302 00:16:10,740 --> 00:16:18,180 and just tries all possible values from 0000 to 9999, or smarter still, 303 00:16:18,180 --> 00:16:21,120 connects your phone via cable to their laptop, 304 00:16:21,120 --> 00:16:24,690 writes software to generate all of those possibilities? 305 00:16:24,690 --> 00:16:28,740 Well, a little worrisomely, it's not all that hard to do the latter 306 00:16:28,740 --> 00:16:30,210 and to actually write code. 307 00:16:30,210 --> 00:16:33,450 So in fact, let me go ahead here and on my own Mac, let me go ahead 308 00:16:33,450 --> 00:16:36,540 and open up a program that's going to let me write 309 00:16:36,540 --> 00:16:39,150 some code in a file called crack.py. 310 00:16:39,150 --> 00:16:41,230 So "crack" is a term of art in programming, 311 00:16:41,230 --> 00:16:44,790 which means to brute force your way into a password somehow, 312 00:16:44,790 --> 00:16:47,507 so to figure out what it is algorithmically. 313 00:16:47,507 --> 00:16:50,340 Those of you, particularly parents and family members who have never 314 00:16:50,340 --> 00:16:52,170 seen any of this before, totally fine. 315 00:16:52,170 --> 00:16:53,580 That's new to you. 316 00:16:53,580 --> 00:16:56,760 Your sons and daughters and others here in the room 317 00:16:56,760 --> 00:16:58,440 have seen little bit of this code. 318 00:16:58,440 --> 00:17:01,080 But we'll keep it short, which is to say that it actually 319 00:17:01,080 --> 00:17:04,680 doesn't take all that much effort to write code that brute 320 00:17:04,680 --> 00:17:06,496 forces an attack on your own phone. 321 00:17:06,496 --> 00:17:09,329 And the code I'm going to write here is in a language called Python, 322 00:17:09,329 --> 00:17:11,079 which is quite popular these days. 323 00:17:11,079 --> 00:17:15,450 And I'm going to say a command like this, from string import digits, which 324 00:17:15,450 --> 00:17:18,520 is just a clever way in Python, this programming language, 325 00:17:18,520 --> 00:17:22,290 just give me access to all the possible digits in decimal, 0 through 9. 326 00:17:22,290 --> 00:17:26,430 And then I'm going to import, so to speak, from a library, some software 327 00:17:26,430 --> 00:17:29,940 that some other smart people wrote, something called product. 328 00:17:29,940 --> 00:17:32,010 So it turns out, in a programming language, 329 00:17:32,010 --> 00:17:34,650 you have lots of functions or functionality. 330 00:17:34,650 --> 00:17:38,110 Much like in the world of math, you have functions, like, addition, subtraction, 331 00:17:38,110 --> 00:17:39,330 multiplication, and division. 332 00:17:39,330 --> 00:17:42,510 In the world of programming, you have all of those capabilities, 333 00:17:42,510 --> 00:17:43,500 but many more. 334 00:17:43,500 --> 00:17:45,900 And so one of the functions I'm importing here 335 00:17:45,900 --> 00:17:48,090 is this notion of a product, which really just means 336 00:17:48,090 --> 00:17:52,178 a permutation of all possible digits. 337 00:17:52,178 --> 00:17:54,720 And now I'm going to use what's called a loop in programming. 338 00:17:54,720 --> 00:17:57,803 A loop in a program is just something that does something again and again. 339 00:17:57,803 --> 00:18:00,270 And I'm going to go ahead and say this, for passcode 340 00:18:00,270 --> 00:18:06,660 in, the product of all of those digits, and repeat the digits four times total, 341 00:18:06,660 --> 00:18:09,810 go ahead and print out each passcode. 342 00:18:09,810 --> 00:18:13,440 Let me go ahead and print it out using somewhat cryptic syntax. 343 00:18:13,440 --> 00:18:17,310 But that's only because I'm going to print out a list as an actual string. 344 00:18:17,310 --> 00:18:20,140 Parents and family members, don't worry for now what that means. 345 00:18:20,140 --> 00:18:23,370 CS50 and CS50x students, this is just a clever way 346 00:18:23,370 --> 00:18:26,010 with a couple of lines of code to iterate over 347 00:18:26,010 --> 00:18:30,390 all of the digits 0 through 9, combine them four at a time, 348 00:18:30,390 --> 00:18:35,200 and print out all possible permutations of those four digits. 349 00:18:35,200 --> 00:18:38,430 So if I didn't screw up here, I'm going to go ahead and save my file and run 350 00:18:38,430 --> 00:18:42,780 a command called python on crack.py and hit Enter-- 351 00:18:42,780 --> 00:18:43,785 boom. 352 00:18:43,785 --> 00:18:45,090 That was so fast. 353 00:18:45,090 --> 00:18:46,410 In fact, let me do it again. 354 00:18:46,410 --> 00:18:49,590 Let me clear my screen and rerun this crack.py program-- 355 00:18:49,590 --> 00:18:50,610 boom. 356 00:18:50,610 --> 00:18:53,790 That's how fast a computer, my little Mac here, 357 00:18:53,790 --> 00:18:59,040 can try all possible codes between 0000 and 9999. 358 00:18:59,040 --> 00:19:01,920 And it's so fast because it did them all in the blink of an eye. 359 00:19:01,920 --> 00:19:04,920 So if you're thinking that your 4-digit passcode is keeping you somewhat 360 00:19:04,920 --> 00:19:09,630 secure, it probably really isn't because it wouldn't take that much effort 361 00:19:09,630 --> 00:19:12,360 for maybe someone in your household to write code like this, 362 00:19:12,360 --> 00:19:15,402 connect to your phone secretly at night when you're not paying attention, 363 00:19:15,402 --> 00:19:18,490 and figure out, potentially, what your code actually is. 364 00:19:18,490 --> 00:19:21,535 So what would be better than using just digits? 365 00:19:21,535 --> 00:19:22,410 What would be better? 366 00:19:22,410 --> 00:19:25,118 Well, why don't we use letters of the alphabet, English alphabet, 367 00:19:25,118 --> 00:19:26,310 for today's purposes? 368 00:19:26,310 --> 00:19:31,110 And in the English alphabet, we have more letters than we have numbers. 369 00:19:31,110 --> 00:19:32,875 So how might we think about this? 370 00:19:32,875 --> 00:19:34,500 Let's go ahead and ask a question here. 371 00:19:34,500 --> 00:19:36,960 If you change your phone after today to use 372 00:19:36,960 --> 00:19:43,810 four letters of the English alphabet instead of using numbers alone, 373 00:19:43,810 --> 00:19:45,940 how many possibilities are there then? 374 00:19:45,940 --> 00:19:48,910 Well, let me go ahead and open up a different poll question here, 375 00:19:48,910 --> 00:19:54,420 which asks this time, how many 4-letter passcodes are possible? 376 00:19:54,420 --> 00:19:56,710 And we'll see what folks think and answer to this, 377 00:19:56,710 --> 00:19:58,300 as the answers begin to come in. 378 00:19:58,300 --> 00:20:00,880 379 00:20:00,880 --> 00:20:02,805 To be fair, I have not qualified one thing. 380 00:20:02,805 --> 00:20:04,930 So you might have to be making certain assumptions. 381 00:20:04,930 --> 00:20:07,930 There are indeed 26 letters of the English alphabet. 382 00:20:07,930 --> 00:20:10,720 However, there's uppercase and lowercase. 383 00:20:10,720 --> 00:20:13,300 So if you allow the user to type in something case 384 00:20:13,300 --> 00:20:16,010 sensitively, so to speak, where case matters, 385 00:20:16,010 --> 00:20:19,660 it's not 26 possibilities for each of those four characters. 386 00:20:19,660 --> 00:20:22,130 It's instead 52 possibilities. 387 00:20:22,130 --> 00:20:24,940 So it looks like an overwhelming number of you, 78% 388 00:20:24,940 --> 00:20:27,790 think there's some seven million possibilities when 389 00:20:27,790 --> 00:20:29,590 using 4-letter passcodes. 390 00:20:29,590 --> 00:20:33,890 About 11% of you think that 52,000 are all of the passcodes. 391 00:20:33,890 --> 00:20:35,570 So let's go ahead and do the quick math. 392 00:20:35,570 --> 00:20:38,320 Again, it doesn't need to be particularly sophisticated, the math. 393 00:20:38,320 --> 00:20:41,860 Let me go ahead and open up this time, similar approach 394 00:20:41,860 --> 00:20:45,082 to this problem, whereby if we have four letters of the alphabet, 395 00:20:45,082 --> 00:20:47,290 and let's assume case sensitivity, which, to be fair, 396 00:20:47,290 --> 00:20:49,390 you might not have assumed, well, then I think 397 00:20:49,390 --> 00:20:53,140 we have 52 possibilities times 52 times 52 times 398 00:20:53,140 --> 00:20:57,970 52 for each of the four letters in your passcode. 399 00:20:57,970 --> 00:20:59,860 And if you multiply that out-- boom-- 400 00:20:59,860 --> 00:21:03,740 you indeed get seven million plus possibilities. 401 00:21:03,740 --> 00:21:05,830 So consider the takeaway here. 402 00:21:05,830 --> 00:21:10,720 If you are currently using a passcode that's four digits, purely numeric, 403 00:21:10,720 --> 00:21:14,980 you have only 10,000 digits between you and some adversary hacking 404 00:21:14,980 --> 00:21:16,510 into your phone potentially. 405 00:21:16,510 --> 00:21:20,530 If you change your 4-digit passcode to be a 4-letter passcode, 406 00:21:20,530 --> 00:21:23,980 then you've got seven million possible passcodes 407 00:21:23,980 --> 00:21:25,420 between you and the adversary. 408 00:21:25,420 --> 00:21:26,660 Now, why is this better? 409 00:21:26,660 --> 00:21:29,710 Well, again, whether they're using a robot or using code, 410 00:21:29,710 --> 00:21:32,912 it's just going to take them more time to hack into your device. 411 00:21:32,912 --> 00:21:34,870 And again, at that point, if it's going to take 412 00:21:34,870 --> 00:21:36,703 them that much time, that much effort, maybe 413 00:21:36,703 --> 00:21:41,080 even that much money to hack into your phone, you, relative to other people 414 00:21:41,080 --> 00:21:43,720 might indeed be more secure because it's probably 415 00:21:43,720 --> 00:21:46,990 going to be easier for that adversary to go steal someone else's phone 416 00:21:46,990 --> 00:21:49,000 and try to get into that one instead. 417 00:21:49,000 --> 00:21:51,820 Well, let's consider what this does in actual code. 418 00:21:51,820 --> 00:21:54,970 Let me go back to my Mac here. 419 00:21:54,970 --> 00:21:58,000 And let me go ahead and open up that same file as before. 420 00:21:58,000 --> 00:22:00,500 And let me go ahead and change something as follows. 421 00:22:00,500 --> 00:22:04,630 Instead of using just digits, let me use what I'm going to call ASCII letters. 422 00:22:04,630 --> 00:22:07,480 Families who are not familiar with CS, ASCII 423 00:22:07,480 --> 00:22:11,080 just refers to essentially all of the printable letters of the alphabet 424 00:22:11,080 --> 00:22:15,430 that you would typically see in English, so A through Z, capital and lowercase 425 00:22:15,430 --> 00:22:15,970 here. 426 00:22:15,970 --> 00:22:18,345 And I'm going to go ahead and change my mention of digits 427 00:22:18,345 --> 00:22:20,300 here to be ASCII letters as well. 428 00:22:20,300 --> 00:22:22,390 So again, the program is almost identical. 429 00:22:22,390 --> 00:22:27,010 But it's going to use all 52 uppercase and lowercase English letters instead 430 00:22:27,010 --> 00:22:28,930 of all 10 digits. 431 00:22:28,930 --> 00:22:30,350 Let me save this file. 432 00:22:30,350 --> 00:22:33,130 Let me rerun python of crack.py. 433 00:22:33,130 --> 00:22:36,910 And this time I actually have a moment to walk over to the screen 434 00:22:36,910 --> 00:22:40,810 and point out now that we're just now through the lower case zs. 435 00:22:40,810 --> 00:22:43,000 Now we're going through all the possible passcodes 436 00:22:43,000 --> 00:22:44,530 that start with capital letters. 437 00:22:44,530 --> 00:22:46,000 It's still pretty fast. 438 00:22:46,000 --> 00:22:48,940 This is maybe, what, 10 seconds later done? 439 00:22:48,940 --> 00:22:52,690 We went from AAAA to ZZZZ. 440 00:22:52,690 --> 00:22:54,040 So we've raised the bar. 441 00:22:54,040 --> 00:22:58,330 And again, the security of our phone in this case is arguably more. 442 00:22:58,330 --> 00:23:00,190 It's higher because now it's going to take 443 00:23:00,190 --> 00:23:04,870 the adversary more time or more effort to actually hack into our device. 444 00:23:04,870 --> 00:23:07,120 Well, let's consider, perhaps, another question, then. 445 00:23:07,120 --> 00:23:11,410 What if we generalize it further to be characters? 446 00:23:11,410 --> 00:23:13,277 And those of you among families, perhaps, 447 00:23:13,277 --> 00:23:15,860 might not know the distinction between characters and letters. 448 00:23:15,860 --> 00:23:17,830 So let me open this up to the floor here. 449 00:23:17,830 --> 00:23:20,140 When you register for a website these days, 450 00:23:20,140 --> 00:23:22,750 it's somewhat annoying because those websites typically 451 00:23:22,750 --> 00:23:25,840 force you to choose a good password. 452 00:23:25,840 --> 00:23:28,990 And what do they typically mean by good password? 453 00:23:28,990 --> 00:23:33,130 What does your password these days often have to contain before the website even 454 00:23:33,130 --> 00:23:35,060 lets you proceed? 455 00:23:35,060 --> 00:23:36,580 Any thoughts? 456 00:23:36,580 --> 00:23:37,240 And let's see. 457 00:23:37,240 --> 00:23:38,240 Brian, who do we have? 458 00:23:38,240 --> 00:23:39,492 How about Dax? 459 00:23:39,492 --> 00:23:40,450 What are your thoughts? 460 00:23:40,450 --> 00:23:44,245 DAX: Eight characters at the very least, number, and a capital. 461 00:23:44,245 --> 00:23:46,370 DAVID J. MALAN: So at least a number and character. 462 00:23:46,370 --> 00:23:47,260 So combine the two. 463 00:23:47,260 --> 00:23:47,990 I like that. 464 00:23:47,990 --> 00:23:53,290 So instead of 26 or 52 or 10, we instead have, maybe, 62 465 00:23:53,290 --> 00:23:54,940 if we combine letters and numbers. 466 00:23:54,940 --> 00:23:56,910 Other thoughts on what websites typically-- 467 00:23:56,910 --> 00:23:57,910 DAX: Special characters. 468 00:23:57,910 --> 00:23:59,327 DAVID J. MALAN: --force you to do? 469 00:23:59,327 --> 00:24:02,280 DAX: Special characters-- asterisk, hashtag, dollar sign. 470 00:24:02,280 --> 00:24:05,413 DAVID J. MALAN: OK, so special characters or punctuation characters. 471 00:24:05,413 --> 00:24:06,580 So maybe it's a hash symbol. 472 00:24:06,580 --> 00:24:09,698 Maybe it's an exclamation point, a parenthesis, a comma, a period, 473 00:24:09,698 --> 00:24:11,365 something else-- yeah, so these symbols. 474 00:24:11,365 --> 00:24:13,870 And frankly, I get as annoyed as you probably 475 00:24:13,870 --> 00:24:16,755 do when these websites annoy you and say, no, 476 00:24:16,755 --> 00:24:18,130 that you can't use that password. 477 00:24:18,130 --> 00:24:19,570 No, you can't use that password. 478 00:24:19,570 --> 00:24:21,945 You need to choose something that's much harder to guess. 479 00:24:21,945 --> 00:24:26,240 But indeed, if we add punctuation to the mix, I think we can do even better. 480 00:24:26,240 --> 00:24:29,922 In fact, a character, therefore, is any type of character. 481 00:24:29,922 --> 00:24:30,880 Maybe it's punctuation. 482 00:24:30,880 --> 00:24:31,713 Maybe it's a letter. 483 00:24:31,713 --> 00:24:33,980 Maybe it's a digit, unlike just letters alone. 484 00:24:33,980 --> 00:24:36,040 So if we have four characters, it turns out 485 00:24:36,040 --> 00:24:39,670 that typically, at least in ASCII, the system that CS50 students will know, 486 00:24:39,670 --> 00:24:44,050 computers typically use, there's 94 possibilities for each symbol 487 00:24:44,050 --> 00:24:47,590 because you've got 10 digits, zero through nine. 488 00:24:47,590 --> 00:24:51,340 You've got 26 lowercase letters, 26 uppercase letters-- and then 489 00:24:51,340 --> 00:24:55,960 if you count them up on an English keyboard, 32 characters more that 490 00:24:55,960 --> 00:24:58,690 represent punctuation, like, hashes and exclamation 491 00:24:58,690 --> 00:25:00,010 points and commas and periods. 492 00:25:00,010 --> 00:25:03,080 So if you have 94 possibilities for each of those symbols, 493 00:25:03,080 --> 00:25:08,840 it turns out that you then have a total of 78 million possible passcodes. 494 00:25:08,840 --> 00:25:10,280 And that's pretty good. 495 00:25:10,280 --> 00:25:12,890 Now we're really raising the bar to the adversary 496 00:25:12,890 --> 00:25:18,140 because now they have to waste even more time trying to hack into your passcode. 497 00:25:18,140 --> 00:25:21,170 And in fact, let me go ahead and simulate that with some actual code. 498 00:25:21,170 --> 00:25:23,990 Let me go ahead and open up my same program as before. 499 00:25:23,990 --> 00:25:27,290 And this time let me go ahead and import not just ASCII letters, 500 00:25:27,290 --> 00:25:30,560 but also digits, and also literally, punctuation. 501 00:25:30,560 --> 00:25:33,200 The code I'm writing in this language called Python literally 502 00:25:33,200 --> 00:25:35,600 gives me access to all printable punctuation 503 00:25:35,600 --> 00:25:38,240 by just importing it with this first line of code. 504 00:25:38,240 --> 00:25:41,390 And I just need to change one line of code down here. 505 00:25:41,390 --> 00:25:47,930 I need to actually say ASCII letters plus digits plus punctuation. 506 00:25:47,930 --> 00:25:52,160 So this is Python shorthand notation for joining multiple lists. 507 00:25:52,160 --> 00:25:55,580 Those CS50 students among you will know that you can join two lists, perhaps, 508 00:25:55,580 --> 00:25:57,710 in this way, using what looks like concatenation. 509 00:25:57,710 --> 00:25:59,940 But with lists, it combines them all together. 510 00:25:59,940 --> 00:26:01,760 But I'm still going to do of length 4 here. 511 00:26:01,760 --> 00:26:03,620 Now let me go ahead and save this program 512 00:26:03,620 --> 00:26:05,990 and rerun it as python of crack.py. 513 00:26:05,990 --> 00:26:10,550 And now I can frankly take my time walking over to the screen 514 00:26:10,550 --> 00:26:14,630 because now what you're seeing on the screen is four possible symbols. 515 00:26:14,630 --> 00:26:18,230 But it's including 32 possible punctuation symbols, which 516 00:26:18,230 --> 00:26:20,630 means this list is much longer, right? 517 00:26:20,630 --> 00:26:22,700 At this point in the story, we were already 518 00:26:22,700 --> 00:26:26,280 through all of the lowercase letters up through Z a moment ago. 519 00:26:26,280 --> 00:26:32,900 Now we're only at the Ms, Ns, Os, Ps, which is to say, 520 00:26:32,900 --> 00:26:35,480 that if my Mac weren't just printing this on the screen, 521 00:26:35,480 --> 00:26:38,870 but were instead connected to your phone that I stole and somehow 522 00:26:38,870 --> 00:26:41,990 sending all of these possible passcodes into your phone, 523 00:26:41,990 --> 00:26:44,930 it would be taking this much time to actually solve. 524 00:26:44,930 --> 00:26:47,630 Now, to be fair, we're almost at the lowercase zs. 525 00:26:47,630 --> 00:26:52,400 So if we stall for a minute or two longer, this program, too, will finish. 526 00:26:52,400 --> 00:26:57,420 So even 78 million possibilities is not all that impressive. 527 00:26:57,420 --> 00:27:00,810 And so I daresay that we should do even better than this. 528 00:27:00,810 --> 00:27:05,420 So what might be better than four characters for a password? 529 00:27:05,420 --> 00:27:06,980 Any thoughts or volunteers? 530 00:27:06,980 --> 00:27:10,790 What would be a better password than four characters, where, 531 00:27:10,790 --> 00:27:16,530 again, each character is a letter, a number, or a punctuation symbol? 532 00:27:16,530 --> 00:27:17,530 The list is pretty good. 533 00:27:17,530 --> 00:27:19,238 But I think we can do better because even 534 00:27:19,238 --> 00:27:22,290 this will be done in under a minute. 535 00:27:22,290 --> 00:27:23,850 Yeah, thoughts about it, Leo? 536 00:27:23,850 --> 00:27:25,590 LEO: Right. 537 00:27:25,590 --> 00:27:28,310 Have a longer password to use, like, at least eight characters. 538 00:27:28,310 --> 00:27:29,310 DAVID J. MALAN: Perfect. 539 00:27:29,310 --> 00:27:31,268 So have a longer password using at least eight. 540 00:27:31,268 --> 00:27:33,777 And notice here, we're even now going through the numbers. 541 00:27:33,777 --> 00:27:35,860 But we're almost done, it seems, with the numbers. 542 00:27:35,860 --> 00:27:37,420 But now we're going through punctuation. 543 00:27:37,420 --> 00:27:39,837 But again, if I give this a little more time-- and I think 544 00:27:39,837 --> 00:27:41,018 I was a little overzealous. 545 00:27:41,018 --> 00:27:42,810 Under a minute probably isn't going to fly. 546 00:27:42,810 --> 00:27:45,570 But certainly, by the end of class, that will have been done. 547 00:27:45,570 --> 00:27:48,660 But what if we do a little better and use eight characters? 548 00:27:48,660 --> 00:27:50,970 Well, eight characters is going to take even longer. 549 00:27:50,970 --> 00:27:54,403 But let's go ahead and ask you all how much longer this might take. 550 00:27:54,403 --> 00:27:56,820 Let me go ahead and open up a somewhat different question, 551 00:27:56,820 --> 00:27:58,300 but similar in spirit. 552 00:27:58,300 --> 00:28:01,300 In just a moment that will appear on your screen. 553 00:28:01,300 --> 00:28:05,010 And the question here is going to be how many 8-character passcodes are 554 00:28:05,010 --> 00:28:06,060 possible? 555 00:28:06,060 --> 00:28:08,280 And this time I'm waving my hand at it. 556 00:28:08,280 --> 00:28:11,310 I didn't even bother doing the math precisely yet. 557 00:28:11,310 --> 00:28:13,560 But I'm proposing that it's roughly a million, 558 00:28:13,560 --> 00:28:18,090 a billion, a trillion, a quadrillion, a quintillion. 559 00:28:18,090 --> 00:28:20,737 Some of you are perhaps noticing a pattern here. 560 00:28:20,737 --> 00:28:22,320 And you went straight for quintillion. 561 00:28:22,320 --> 00:28:24,790 That bar jumped up really fast. 562 00:28:24,790 --> 00:28:26,160 So maybe you're right. 563 00:28:26,160 --> 00:28:27,480 Good instincts, perhaps. 564 00:28:27,480 --> 00:28:29,550 It looks like we're getting equilibrium. 565 00:28:29,550 --> 00:28:32,190 About 60% of you think it's 1 quintillion. 566 00:28:32,190 --> 00:28:34,350 25% of you think it's a quadrillion. 567 00:28:34,350 --> 00:28:36,600 And then fewer and fewer for the others. 568 00:28:36,600 --> 00:28:39,060 Well, let's take a look at what the actual answer is. 569 00:28:39,060 --> 00:28:42,640 Give me just a moment to actually do out the math here on my screen. 570 00:28:42,640 --> 00:28:45,120 And if we do out the math on my screen here, 571 00:28:45,120 --> 00:28:47,760 we'll see, of course, that we need to do some more math. 572 00:28:47,760 --> 00:28:52,620 We need to do 94 times itself eight times instead of just four, 573 00:28:52,620 --> 00:28:55,350 to Leo's suggestion of using eight possible symbols. 574 00:28:55,350 --> 00:28:58,020 And if you do this out, I had to think about this. 575 00:28:58,020 --> 00:29:02,880 This in fact is, let's see, we've got millions, billions, trillions, 576 00:29:02,880 --> 00:29:04,200 quadrillions. 577 00:29:04,200 --> 00:29:04,860 Gotcha. 578 00:29:04,860 --> 00:29:07,470 So it wasn't the biggest option on the list. 579 00:29:07,470 --> 00:29:09,810 The answer is indeed quadrillion. 580 00:29:09,810 --> 00:29:12,330 So 6 quadrillion, if you will. 581 00:29:12,330 --> 00:29:15,120 But-- but-- but those of you who are fans 582 00:29:15,120 --> 00:29:18,765 of having quintillion possibilities, which is pretty, pretty 583 00:29:18,765 --> 00:29:21,390 secure because it's just going to take the adversary way longer 584 00:29:21,390 --> 00:29:26,910 to hack into your password, well, all it takes to go from 6 quadrillion 585 00:29:26,910 --> 00:29:31,210 to some number of quintillion is just two more characters. 586 00:29:31,210 --> 00:29:35,070 So in fact, if Leo had proposed not an 8-character passcode, 587 00:29:35,070 --> 00:29:39,300 but a 10-character passcode, we actually would have hit quintillions. 588 00:29:39,300 --> 00:29:40,890 So life gets interesting. 589 00:29:40,890 --> 00:29:44,610 Life gets more secure, the longer and longer and more complicated 590 00:29:44,610 --> 00:29:46,380 these passcodes get. 591 00:29:46,380 --> 00:29:49,140 All right, so by logic, then, you should all probably 592 00:29:49,140 --> 00:29:51,210 have passcodes that are not eight, not 10. 593 00:29:51,210 --> 00:29:53,280 Maybe they're 20 characters long. 594 00:29:53,280 --> 00:29:55,350 Maybe they're 100 characters long. 595 00:29:55,350 --> 00:29:58,920 But here we see another theme in security, that of trade-offs. 596 00:29:58,920 --> 00:30:03,510 Like, the end all is probably not to be as secure as possible, 597 00:30:03,510 --> 00:30:05,850 but to be as secure as possible conditional 598 00:30:05,850 --> 00:30:08,020 on some other goals you might have. 599 00:30:08,020 --> 00:30:10,500 So let me ask this, what's the trade-off here? 600 00:30:10,500 --> 00:30:15,240 In making your password longer and longer and more and more complicated, 601 00:30:15,240 --> 00:30:18,270 what price do you pay as the human? 602 00:30:18,270 --> 00:30:19,530 What's the downside? 603 00:30:19,530 --> 00:30:22,350 In computer science, as in life, there's always a catch. 604 00:30:22,350 --> 00:30:24,070 There's always a cost. 605 00:30:24,070 --> 00:30:27,840 So what's the cost when you make your passcode more and more secure? 606 00:30:27,840 --> 00:30:28,620 Any thoughts? 607 00:30:28,620 --> 00:30:29,323 Let see. 608 00:30:29,323 --> 00:30:30,240 Who do we have, Brian? 609 00:30:30,240 --> 00:30:32,190 Over to Jenny? 610 00:30:32,190 --> 00:30:32,940 What do you think? 611 00:30:32,940 --> 00:30:36,480 JENNY: Yeah, I feel that it is very difficult for a human being 612 00:30:36,480 --> 00:30:38,100 to remember such a long password. 613 00:30:38,100 --> 00:30:41,910 And due to that, we even store those long passwords somewhere in the system 614 00:30:41,910 --> 00:30:45,267 itself so that we can use that whenever we have to log in into the system. 615 00:30:45,267 --> 00:30:47,100 DAVID J. MALAN: Yeah, there's this trade-off 616 00:30:47,100 --> 00:30:48,660 of just remembering the darn things. 617 00:30:48,660 --> 00:30:49,950 And you make a perfect point. 618 00:30:49,950 --> 00:30:54,527 If I can get on my soapbox again, if you are among those people who have pretty 619 00:30:54,527 --> 00:30:57,610 good passwords, and by good passwords, I mean, some numbers, some letters, 620 00:30:57,610 --> 00:31:02,430 some punctuation, but it's written on a Post-It note on your monitor at work, 621 00:31:02,430 --> 00:31:06,540 or maybe it's slightly more cleverly written in a Microsoft Word file 622 00:31:06,540 --> 00:31:08,910 in your hard drive, or maybe it's in a Google Doc, 623 00:31:08,910 --> 00:31:11,610 or maybe it's even on a piece of paper in your drawer-- 624 00:31:11,610 --> 00:31:14,740 you're just exposing yourself to other threats, of course. 625 00:31:14,740 --> 00:31:18,123 But here, too, is a sociological consideration or just a policy 626 00:31:18,123 --> 00:31:20,790 consideration, whether you're running a business or a university 627 00:31:20,790 --> 00:31:23,370 or just a household with multiple family members. 628 00:31:23,370 --> 00:31:25,140 What should your own policies be? 629 00:31:25,140 --> 00:31:28,170 Because arguably it's not Jenny's fault, it's not our fault 630 00:31:28,170 --> 00:31:31,170 if we are resorting to writing things down on paper 631 00:31:31,170 --> 00:31:34,380 if our passwords are so darn hard to remember. 632 00:31:34,380 --> 00:31:36,870 And moreover, I haven't even made the suggestion yet, 633 00:31:36,870 --> 00:31:39,150 but if you are one of those people in life 634 00:31:39,150 --> 00:31:42,510 who is using the same password on multiple devices 635 00:31:42,510 --> 00:31:46,620 or on multiple websites or on multiple apps, you are bad. 636 00:31:46,620 --> 00:31:48,930 Like, you are also doing something bad. 637 00:31:48,930 --> 00:31:49,590 Why? 638 00:31:49,590 --> 00:31:52,770 Because if any one of those apps or websites is compromised 639 00:31:52,770 --> 00:31:55,080 and your password gets out, whether it's "iloveyou," 640 00:31:55,080 --> 00:31:57,750 quote unquote, or something much more complicated, 641 00:31:57,750 --> 00:32:01,680 all an adversary has to do now is try that same password 642 00:32:01,680 --> 00:32:02,910 on your other accounts. 643 00:32:02,910 --> 00:32:06,372 And so you're just exposing yourself to more risk by reusing passwords. 644 00:32:06,372 --> 00:32:08,580 But to Jenny's point here, my God, where does it end? 645 00:32:08,580 --> 00:32:12,420 Now I need a really long random password on this website, this one, 646 00:32:12,420 --> 00:32:14,500 and this one, and this app, all over the place. 647 00:32:14,500 --> 00:32:18,300 I mean, honestly, I as a human certainly can't remember all of those passwords. 648 00:32:18,300 --> 00:32:21,640 And even if I could, I feel like there's better things in life to be remembering 649 00:32:21,640 --> 00:32:24,650 than passwords for accounts like this. 650 00:32:24,650 --> 00:32:26,170 So there's surely a trade-off here. 651 00:32:26,170 --> 00:32:30,790 But again, the goal is to keep the adversary out with some probability, 652 00:32:30,790 --> 00:32:33,460 not necessarily out in the absolute. 653 00:32:33,460 --> 00:32:39,040 So what else can we do to prevent the adversary from hacking into our systems 654 00:32:39,040 --> 00:32:42,880 so that I can have a somewhat easier, more memorable passcode, 655 00:32:42,880 --> 00:32:44,110 but at least keep them out? 656 00:32:44,110 --> 00:32:45,860 Well, here's a screenshot of something you 657 00:32:45,860 --> 00:32:48,100 might have done by accident, perhaps late 658 00:32:48,100 --> 00:32:51,010 at night when a little groggy, or a little blurry-eyed, 659 00:32:51,010 --> 00:32:54,670 trying to type in your password incorrectly too many times. 660 00:32:54,670 --> 00:32:56,980 In fact, by a show of physical hands, how many people 661 00:32:56,980 --> 00:33:01,840 have locked yourself out of your phone before by typing in the wrong password 662 00:33:01,840 --> 00:33:02,740 too many times? 663 00:33:02,740 --> 00:33:04,870 I did it, like, literally just the other day. 664 00:33:04,870 --> 00:33:07,910 And so on iPhone, for instance, it looks a little something like this. 665 00:33:07,910 --> 00:33:11,660 And if we zoom in, notice that it's saying, try again in 1 minute. 666 00:33:11,660 --> 00:33:14,570 So you don't have to get rid of the phone and start over. 667 00:33:14,570 --> 00:33:17,050 But the iPhone is telling you to come back in a minute. 668 00:33:17,050 --> 00:33:19,960 And if we look at, for instance, Android, something similar-- 669 00:33:19,960 --> 00:33:22,300 your Android wallpaper will differ, certainly. 670 00:33:22,300 --> 00:33:25,300 But down here, for instance, it says too many attempts. 671 00:33:25,300 --> 00:33:26,012 Try again later. 672 00:33:26,012 --> 00:33:28,720 I mean, that's a little infuriating because if I pick up my phone 673 00:33:28,720 --> 00:33:30,130 now, I want to get in now. 674 00:33:30,130 --> 00:33:31,660 Well, when the heck is later? 675 00:33:31,660 --> 00:33:35,600 So putting that aside, what's the takeaway here? 676 00:33:35,600 --> 00:33:39,005 Why are Apple and why are Google doing this? 677 00:33:39,005 --> 00:33:42,130 Because I bet all of you, if you've ever locked yourself out of your phone, 678 00:33:42,130 --> 00:33:45,280 are super annoyed at that moment in time and probably don't 679 00:33:45,280 --> 00:33:47,280 appreciate Apple or Google. 680 00:33:47,280 --> 00:33:49,030 But what's the upside of what they've just 681 00:33:49,030 --> 00:33:53,350 done when they lock you out of your phone for having 682 00:33:53,350 --> 00:33:56,800 guessed your password incorrectly? 683 00:33:56,800 --> 00:34:00,460 Why is this arguably a feature and not a bug, a mistake? 684 00:34:00,460 --> 00:34:01,090 Sam? 685 00:34:01,090 --> 00:34:04,895 SAM: Yeah, it's used to decrease the chances of a successful brute force 686 00:34:04,895 --> 00:34:05,395 attack. 687 00:34:05,395 --> 00:34:08,979 DAVID J. MALAN: And how does it decrease the chance of that, would you say? 688 00:34:08,979 --> 00:34:15,310 SAM: Because it makes the attacker have to commit more tries before they 689 00:34:15,310 --> 00:34:17,380 can successfully get into the phone. 690 00:34:17,380 --> 00:34:18,969 So it decreases the chances. 691 00:34:18,969 --> 00:34:20,090 DAVID J. MALAN: Exactly. 692 00:34:20,090 --> 00:34:22,840 So this is a very common principle in security. 693 00:34:22,840 --> 00:34:26,590 And it was pointed out earlier, too, just slow the adversary down. 694 00:34:26,590 --> 00:34:28,760 We don't have to rethink the problem of security. 695 00:34:28,760 --> 00:34:31,060 We don't have to redesign passwords necessarily. 696 00:34:31,060 --> 00:34:33,219 But we should make it harder for the adversary 697 00:34:33,219 --> 00:34:36,909 to log in, ideally, without making it harder for you and I to log 698 00:34:36,909 --> 00:34:37,960 in to our own devices. 699 00:34:37,960 --> 00:34:41,650 So consider the simplest passcode that had four digits. 700 00:34:41,650 --> 00:34:45,010 A 4-digit passcode, there were 10,000 possibilities. 701 00:34:45,010 --> 00:34:47,980 A computer, a robot could guess all of those pretty quickly. 702 00:34:47,980 --> 00:34:51,639 But what if after typing in the wrong passcode three times 703 00:34:51,639 --> 00:34:55,780 or maybe ten times, some small number of times, what if the iPhone or Android 704 00:34:55,780 --> 00:34:59,560 phone locks you out for a minute, just like iPhone did a moment ago? 705 00:34:59,560 --> 00:35:03,040 Well, that might mean, even though there's only 10,000 possibilities, 706 00:35:03,040 --> 00:35:06,040 maybe it will take the adversary 10,000 minutes 707 00:35:06,040 --> 00:35:10,820 to track your password because they keep getting slowed down every time 708 00:35:10,820 --> 00:35:12,070 they type in an incorrect one. 709 00:35:12,070 --> 00:35:13,403 And maybe it's not quite 10,000. 710 00:35:13,403 --> 00:35:15,350 It's some factor of that. 711 00:35:15,350 --> 00:35:17,020 But you can slow them down in that way. 712 00:35:17,020 --> 00:35:21,760 Maybe you have a 10-character passcode with 78 quadrillion possibilities. 713 00:35:21,760 --> 00:35:25,330 And imagine the phone just slows you down 1 second. 714 00:35:25,330 --> 00:35:28,120 Maybe you can only type in one passcode per second. 715 00:35:28,120 --> 00:35:29,680 That sounds pretty fast. 716 00:35:29,680 --> 00:35:33,730 But 78 quadrillion seconds is crazy long. 717 00:35:33,730 --> 00:35:36,880 And so even that kind of slowdown might very well 718 00:35:36,880 --> 00:35:39,580 be enough to keep the adversary out. 719 00:35:39,580 --> 00:35:43,398 And so if you don't have features like this enabled on, really, any device, 720 00:35:43,398 --> 00:35:44,440 you should look for them. 721 00:35:44,440 --> 00:35:47,860 Nowadays, thankfully, they tend to come pre-configured for this. 722 00:35:47,860 --> 00:35:49,810 But there is a downside. 723 00:35:49,810 --> 00:35:50,997 There is a downside. 724 00:35:50,997 --> 00:35:53,080 You shouldn't just turn on these kinds of defenses 725 00:35:53,080 --> 00:35:56,800 blindly because what's the downside of keeping this feature enabled 726 00:35:56,800 --> 00:35:59,950 or leaving it enabled-- 727 00:35:59,950 --> 00:36:03,970 those are the same things-- or enabling it, if it's not already enabled? 728 00:36:03,970 --> 00:36:06,310 What's the downside here, to be clear? 729 00:36:06,310 --> 00:36:10,750 Because none of our advice today will be 100% a win. 730 00:36:10,750 --> 00:36:11,500 David? 731 00:36:11,500 --> 00:36:13,780 DAVID: Well, if you forget your password, 732 00:36:13,780 --> 00:36:16,780 that means it's going to take longer for you to access your phone again. 733 00:36:16,780 --> 00:36:20,140 DAVID J. MALAN: Yeah, it's going to take you, the user, the owner of the device, 734 00:36:20,140 --> 00:36:21,400 even longer to log in. 735 00:36:21,400 --> 00:36:25,060 And I'll admit, too, I have on multiple occasions not locked myself out once. 736 00:36:25,060 --> 00:36:25,978 I then got stubborn. 737 00:36:25,978 --> 00:36:27,520 And I think my anger level just rose. 738 00:36:27,520 --> 00:36:30,640 So I started typing in more angrily, and therefore making more mistakes. 739 00:36:30,640 --> 00:36:33,070 And what Apple and Google do is they have 740 00:36:33,070 --> 00:36:35,380 what you might describe as exponential backoff, which 741 00:36:35,380 --> 00:36:38,847 is a fancy way of saying, the first time you get penalized one minute. 742 00:36:38,847 --> 00:36:40,180 Now you have to wait one minute. 743 00:36:40,180 --> 00:36:43,030 If you screw up again, then you have to wait two minutes. 744 00:36:43,030 --> 00:36:45,023 If you screw up again, maybe it's five minutes. 745 00:36:45,023 --> 00:36:45,940 Maybe it's 10 minutes. 746 00:36:45,940 --> 00:36:46,840 Maybe it's an hour. 747 00:36:46,840 --> 00:36:49,715 And I swear, at that point I wanted to throw my phone across the room 748 00:36:49,715 --> 00:36:51,700 because I couldn't get into my own device. 749 00:36:51,700 --> 00:36:55,840 And there you start to sacrifice, of course, usability, right? 750 00:36:55,840 --> 00:37:00,190 If my device is so secure that even I can't get into it, 751 00:37:00,190 --> 00:37:02,080 then is it really worth having at all? 752 00:37:02,080 --> 00:37:04,780 And so finding that inflection point is part 753 00:37:04,780 --> 00:37:07,720 of engineering good secure systems because you 754 00:37:07,720 --> 00:37:10,150 have to find that inflection point so that your users 755 00:37:10,150 --> 00:37:12,190 are using good passwords and passcodes. 756 00:37:12,190 --> 00:37:16,300 But they're not just taping them onto the monitor on a Post-It note 757 00:37:16,300 --> 00:37:19,123 or disabling them all together. 758 00:37:19,123 --> 00:37:21,040 All right, let me pause here to see, are there 759 00:37:21,040 --> 00:37:27,310 any questions about passwords, passcodes, brute forcing or these kinds 760 00:37:27,310 --> 00:37:30,550 of defenses, given that passwords are perhaps 761 00:37:30,550 --> 00:37:33,520 our most common defense against adversaries 762 00:37:33,520 --> 00:37:36,880 accessing hardware and software that we don't want them to? 763 00:37:36,880 --> 00:37:38,485 Yeah, Dax, question? 764 00:37:38,485 --> 00:37:40,720 DAX: Now so there is a definite number we 765 00:37:40,720 --> 00:37:43,240 can calculate that for 4-digit numbers this is 766 00:37:43,240 --> 00:37:46,120 the most possible number of outcomes. 767 00:37:46,120 --> 00:37:47,918 But what about biometrics? 768 00:37:47,918 --> 00:37:48,460 Fingerprints? 769 00:37:48,460 --> 00:37:49,845 Face scanning? 770 00:37:49,845 --> 00:37:51,710 DAVID J. MALAN: Yeah, really good question. 771 00:37:51,710 --> 00:37:53,950 So what about biometrics, using face scanning? 772 00:37:53,950 --> 00:37:58,397 Like, Apple has face ID these days, which also annoys me sometimes 773 00:37:58,397 --> 00:37:59,980 if it doesn't quite get my face right. 774 00:37:59,980 --> 00:38:02,230 Or these days if we're wearing masks, it's 775 00:38:02,230 --> 00:38:03,910 infuriating to use that kind of feature. 776 00:38:03,910 --> 00:38:07,935 But maybe probabilistically, there are fewer people with exactly 777 00:38:07,935 --> 00:38:09,560 your facial features than someone else. 778 00:38:09,560 --> 00:38:12,060 And so that would be more secure than picking some passcode. 779 00:38:12,060 --> 00:38:14,770 Sometimes you use fingerprints or retinal scans 780 00:38:14,770 --> 00:38:17,650 or the distance between your fingers, all of these different measures 781 00:38:17,650 --> 00:38:21,850 that statistically tend to not so much uniquely 782 00:38:21,850 --> 00:38:25,508 identify us, but uniquely identify us all enough. 783 00:38:25,508 --> 00:38:26,800 And there's threats there, too. 784 00:38:26,800 --> 00:38:28,508 A former colleague of ours, for instance, 785 00:38:28,508 --> 00:38:31,090 had a twin brother who because of Apple's face ID 786 00:38:31,090 --> 00:38:34,330 was now able to get into his phone by just picking it up off of the table 787 00:38:34,330 --> 00:38:36,980 because as twins, they both looked all too similar. 788 00:38:36,980 --> 00:38:39,580 So there's downsides and upsides there, too. 789 00:38:39,580 --> 00:38:42,070 But biometrics can also help things so that it's 790 00:38:42,070 --> 00:38:45,130 a factor you have on you always and not something, 791 00:38:45,130 --> 00:38:48,010 for instance, that you just only have to remember. 792 00:38:48,010 --> 00:38:51,520 And in fact, that's a perfect segue to what computer scientists 793 00:38:51,520 --> 00:38:54,217 call two-factor authentication. 794 00:38:54,217 --> 00:38:56,050 In the security world, security people would 795 00:38:56,050 --> 00:39:01,070 call the passwords we're using one factor, and something 796 00:39:01,070 --> 00:39:03,380 like biometrics, a second factor. 797 00:39:03,380 --> 00:39:06,350 And indeed, two-factor authentication means a defense mechanism 798 00:39:06,350 --> 00:39:09,050 against the adversaries that doesn't rely just on something 799 00:39:09,050 --> 00:39:10,970 you know, like, a password. 800 00:39:10,970 --> 00:39:14,540 It also relies on something typically that you have, like, 801 00:39:14,540 --> 00:39:18,570 a hand or fingers or eyes or face or the like, 802 00:39:18,570 --> 00:39:21,980 so that even if someone compromises your password 803 00:39:21,980 --> 00:39:25,490 and downloads it somewhere from a database where you've used it before, 804 00:39:25,490 --> 00:39:28,490 they don't necessarily have access to your eyes and your hands 805 00:39:28,490 --> 00:39:31,500 and your face and the like, unless they have physical access to you. 806 00:39:31,500 --> 00:39:33,680 So it just narrows the scope of the threats. 807 00:39:33,680 --> 00:39:35,900 But there's other forms of two-factor authentication. 808 00:39:35,900 --> 00:39:38,718 For instance, if this sounds familiar now, and maybe 809 00:39:38,718 --> 00:39:40,760 you don't even call it two-factor authentication. 810 00:39:40,760 --> 00:39:43,970 It's often called two-step authentication. 811 00:39:43,970 --> 00:39:47,210 By a show of physical hands, who has one or more accounts that 812 00:39:47,210 --> 00:39:51,000 uses two factors instead of just one? 813 00:39:51,000 --> 00:39:54,350 Yeah, so here, too, it's good to see so many hands going up. 814 00:39:54,350 --> 00:39:58,370 But if you do not use two-factor authentication 815 00:39:58,370 --> 00:40:03,170 for things like your email account or your bank accounts or your brokerage 816 00:40:03,170 --> 00:40:06,830 accounts or your health medical accounts, 817 00:40:06,830 --> 00:40:09,110 you really should start considering doing so. 818 00:40:09,110 --> 00:40:10,880 And what form does this typically take? 819 00:40:10,880 --> 00:40:12,963 Well, let me show a screenshot here, for instance. 820 00:40:12,963 --> 00:40:14,930 Even if you just have a simple Gmail account 821 00:40:14,930 --> 00:40:17,570 that you use for work or for personal use, 822 00:40:17,570 --> 00:40:20,480 you can enable what Google calls two-step verification, which 823 00:40:20,480 --> 00:40:22,360 is two-factor authentication. 824 00:40:22,360 --> 00:40:24,860 And what you'll be prompted for when logging into your Gmail 825 00:40:24,860 --> 00:40:29,250 account if you enable this is not only your username and your password, 826 00:40:29,250 --> 00:40:31,070 but also a 6-digit code. 827 00:40:31,070 --> 00:40:33,710 And six digits doesn't sound terribly long. 828 00:40:33,710 --> 00:40:36,620 But in this case, the way these technologies typically work 829 00:40:36,620 --> 00:40:42,200 is that you are sent that 6-digit code once via email or via text message 830 00:40:42,200 --> 00:40:46,010 or via special app that you install on your phone or some other device 831 00:40:46,010 --> 00:40:48,170 so that only you have that code. 832 00:40:48,170 --> 00:40:50,060 Only you have that device. 833 00:40:50,060 --> 00:40:51,800 And therefore, only you know that code. 834 00:40:51,800 --> 00:40:54,380 And better yet, these codes expire. 835 00:40:54,380 --> 00:40:57,770 So even if some adversary intercepts it or sees you typing it 836 00:40:57,770 --> 00:41:00,560 in over your shoulder, you can only use these codes once, 837 00:41:00,560 --> 00:41:02,750 which makes them even better than passwords 838 00:41:02,750 --> 00:41:06,680 alone because they expire after single time use. 839 00:41:06,680 --> 00:41:08,450 And so consider now, again-- 840 00:41:08,450 --> 00:41:10,400 and I can't emphasize this enough-- if you 841 00:41:10,400 --> 00:41:13,242 are of the age where you have your own bank accounts, again, 842 00:41:13,242 --> 00:41:15,200 brokerage accounts, anything medically related, 843 00:41:15,200 --> 00:41:17,600 anything that you find especially important or personal, 844 00:41:17,600 --> 00:41:21,830 like, your own email or chat accounts, if you're only using a password, 845 00:41:21,830 --> 00:41:24,920 you now as of today already have the mathematical tools 846 00:41:24,920 --> 00:41:28,010 and the mental model, I daresay, to figure out just 847 00:41:28,010 --> 00:41:32,780 how easily someone could compromise your account and get into your information 848 00:41:32,780 --> 00:41:35,637 and take your money or read your emails or the like. 849 00:41:35,637 --> 00:41:38,720 So you can improve that situation by just coming up with a better, longer, 850 00:41:38,720 --> 00:41:42,410 more random password that you remember or memorize in some way, 851 00:41:42,410 --> 00:41:46,820 or additionally, by enabling the second factor so that you narrow 852 00:41:46,820 --> 00:41:52,710 the number of threats that are dangerous to you as a result. 853 00:41:52,710 --> 00:41:55,112 So with that said, too, with two-factor authentication, 854 00:41:55,112 --> 00:41:57,320 there's another thing you can bring into play when it 855 00:41:57,320 --> 00:41:59,810 comes to managing all your passwords. 856 00:41:59,810 --> 00:42:03,230 I alluded to using Microsoft Word before or a Post-It note. 857 00:42:03,230 --> 00:42:05,970 There are software solutions to this, too. 858 00:42:05,970 --> 00:42:09,320 So another defense we would like to offer up for your consideration today 859 00:42:09,320 --> 00:42:11,510 is what's generally called a password manager. 860 00:42:11,510 --> 00:42:14,645 This is a piece of software, either for free or that you pay for, 861 00:42:14,645 --> 00:42:17,300 for your phone or your laptop or desktop, that 862 00:42:17,300 --> 00:42:19,160 literally manages your passwords. 863 00:42:19,160 --> 00:42:23,750 In its simplest form, think of it like a spreadsheet, but that's "secure," 864 00:42:23,750 --> 00:42:25,670 quote unquote, on your own computer. 865 00:42:25,670 --> 00:42:28,970 That is, these password managers-- and here's two popular ones. 866 00:42:28,970 --> 00:42:33,483 onepassword.com is one popular tool. lastpass.com is another one. 867 00:42:33,483 --> 00:42:35,150 And there's others if you google around. 868 00:42:35,150 --> 00:42:37,970 But I would, as always, read up on reviews or get second opinions. 869 00:42:37,970 --> 00:42:40,160 Don't just take at face value what we propose. 870 00:42:40,160 --> 00:42:42,620 But these password managers are programs that you 871 00:42:42,620 --> 00:42:45,920 type your usernames and passwords into. 872 00:42:45,920 --> 00:42:52,040 And then you save them all behind one master password, one password that's 873 00:42:52,040 --> 00:42:54,650 really long, hopefully, really random with lots 874 00:42:54,650 --> 00:42:56,210 of numbers and letters and symbols. 875 00:42:56,210 --> 00:43:00,710 But all you have to remember is that one main password. 876 00:43:00,710 --> 00:43:04,040 And by entering that password into your Mac or PC or phone, 877 00:43:04,040 --> 00:43:06,230 you then unlock all of your other accounts. 878 00:43:06,230 --> 00:43:09,920 And you can then just copy and paste your actual accounts' usernames 879 00:43:09,920 --> 00:43:10,725 and passwords. 880 00:43:10,725 --> 00:43:12,850 Or these programs also give you keyboard shortcuts. 881 00:43:12,850 --> 00:43:16,430 So you hit a keyboard command, and voila, you're automatically 882 00:43:16,430 --> 00:43:17,420 logged into websites. 883 00:43:17,420 --> 00:43:20,000 You don't have to copy/paste or manually transcribe them. 884 00:43:20,000 --> 00:43:21,860 So to this day, what does this mean? 885 00:43:21,860 --> 00:43:24,230 For me, I use one of these password managers. 886 00:43:24,230 --> 00:43:25,980 And most of my colleagues do as well. 887 00:43:25,980 --> 00:43:29,660 Many of us, most of us, don't even know the passwords 888 00:43:29,660 --> 00:43:32,960 we use for various websites or apps or the like. 889 00:43:32,960 --> 00:43:33,590 Why? 890 00:43:33,590 --> 00:43:35,780 Because we now trust that the password manager 891 00:43:35,780 --> 00:43:39,710 can, with the click of a button, generate a really long random password 892 00:43:39,710 --> 00:43:41,870 with lots of numbers, digits, and punctuation. 893 00:43:41,870 --> 00:43:44,510 And then it will remember it for me. 894 00:43:44,510 --> 00:43:47,870 And I just have to remember that one main password that's 895 00:43:47,870 --> 00:43:50,430 protecting all of those others. 896 00:43:50,430 --> 00:43:54,890 So that's good in that now I can practice what I've been preaching. 897 00:43:54,890 --> 00:43:58,330 But there is a downside. 898 00:43:58,330 --> 00:44:01,420 I'm exposing myself to a new risk or vulnerability. 899 00:44:01,420 --> 00:44:03,760 That is to say, what's the trade-off here? 900 00:44:03,760 --> 00:44:07,360 Why should you not necessarily just run off after today's class, 901 00:44:07,360 --> 00:44:11,260 download and install a password manager, and start using it 902 00:44:11,260 --> 00:44:13,990 without a little bit of thought first. 903 00:44:13,990 --> 00:44:17,080 What's the downside, perhaps? 904 00:44:17,080 --> 00:44:23,580 Yeah, over to Lexlene if I'm saying it right? 905 00:44:23,580 --> 00:44:30,390 LEXLENE: Yeah, if someone cracks your password manager password, 906 00:44:30,390 --> 00:44:32,840 then they have access to all your passwords. 907 00:44:32,840 --> 00:44:35,893 DAVID J. MALAN: Yeah, so really depends on what the threat here is, 908 00:44:35,893 --> 00:44:37,310 or what you're most worried about. 909 00:44:37,310 --> 00:44:39,350 If someone compromises, guesses, figures out 910 00:44:39,350 --> 00:44:41,970 your main password that protects all of the others, 911 00:44:41,970 --> 00:44:44,570 now you've just handed them all of your accounts at once. 912 00:44:44,570 --> 00:44:46,590 And that's a massive trade-off. 913 00:44:46,590 --> 00:44:48,980 However, if you again consider the alternative, 914 00:44:48,980 --> 00:44:53,090 coming up with big random passwords and then memorizing them all, or somewhat 915 00:44:53,090 --> 00:44:55,010 foolishly, writing them down on a Post-It note 916 00:44:55,010 --> 00:44:56,843 and putting it on your monitor, the question 917 00:44:56,843 --> 00:45:02,450 shouldn't be is this the right way to do things, 918 00:45:02,450 --> 00:45:05,702 but really, relatively speaking, is this a better way to do things? 919 00:45:05,702 --> 00:45:07,910 So you're always going to be vulnerable to some risk. 920 00:45:07,910 --> 00:45:09,590 Which of those risks do you worry about? 921 00:45:09,590 --> 00:45:12,380 And maybe you can mitigate that concern by maybe 922 00:45:12,380 --> 00:45:15,920 you could write down your main password for your password manager 923 00:45:15,920 --> 00:45:20,390 and maybe put it in a physical vault or a fire locker or the like 924 00:45:20,390 --> 00:45:23,260 that with very low probability someone else would get access to, 925 00:45:23,260 --> 00:45:25,010 unless they physically attack that device, 926 00:45:25,010 --> 00:45:27,960 or hide it somewhere in a book on your shelf or the like. 927 00:45:27,960 --> 00:45:29,510 So that yes, it's vulnerable. 928 00:45:29,510 --> 00:45:33,140 But the odds that someone finds it might just be relatively low. 929 00:45:33,140 --> 00:45:35,630 But again, this is the theme, figuring out 930 00:45:35,630 --> 00:45:39,170 what the right balance is for your accounts and the type of security 931 00:45:39,170 --> 00:45:42,140 that you want to aspire to achieve. 932 00:45:42,140 --> 00:45:43,890 Well, let's consider a few other defenses. 933 00:45:43,890 --> 00:45:46,932 And we'll leave time at the very end for questions about particular tools 934 00:45:46,932 --> 00:45:47,632 and techniques. 935 00:45:47,632 --> 00:45:49,340 What's another building block that we can 936 00:45:49,340 --> 00:45:52,310 bring to bear when it comes to protecting ourselves online? 937 00:45:52,310 --> 00:45:55,850 So encryption-- CS50 students will know that encryption refers, again, 938 00:45:55,850 --> 00:46:01,010 to the scrambling of information, making data look like it's random data, 939 00:46:01,010 --> 00:46:05,000 but by encrypting it with what's called the key, typically, a key that only you 940 00:46:05,000 --> 00:46:06,890 and the recipient somehow know. 941 00:46:06,890 --> 00:46:10,070 Encryption tends to be the solution to a lot of our problems. 942 00:46:10,070 --> 00:46:12,650 And indeed, these password managers typically 943 00:46:12,650 --> 00:46:17,150 additionally encrypt your data so that even someone who steals your Mac and PC 944 00:46:17,150 --> 00:46:19,370 can't just open up the program and see it. 945 00:46:19,370 --> 00:46:21,620 All of the data, too, is similarly encrypted. 946 00:46:21,620 --> 00:46:26,030 Many of you have already been trained or conditioned by society to at least look 947 00:46:26,030 --> 00:46:30,815 for or hope for or recognize https://. 948 00:46:30,815 --> 00:46:32,425 The s means secure. 949 00:46:32,425 --> 00:46:34,550 That just tends to be a good thing because it means 950 00:46:34,550 --> 00:46:36,290 a website you're visiting is secure. 951 00:46:36,290 --> 00:46:39,830 It's encrypted, as opposed to just http, which 952 00:46:39,830 --> 00:46:43,620 was much more common just a few years ago and is completely unencrypted. 953 00:46:43,620 --> 00:46:48,260 So that is to say if you visit a website that says just http in the URL, anyone 954 00:46:48,260 --> 00:46:51,960 between you and that website theoretically can be listening in, 955 00:46:51,960 --> 00:46:55,460 so to speak, on your traffic, the zeros and ones going back and forth. 956 00:46:55,460 --> 00:46:57,410 Anyone can see what pages you're visiting. 957 00:46:57,410 --> 00:47:00,260 If you're in some foreign country visiting sensitive materials, 958 00:47:00,260 --> 00:47:02,840 the government could know what websites you're visiting 959 00:47:02,840 --> 00:47:05,400 and what content, for instance, you're reading. 960 00:47:05,400 --> 00:47:07,940 https makes that much harder. 961 00:47:07,940 --> 00:47:09,080 It's not 100%. 962 00:47:09,080 --> 00:47:10,940 There are attacks still that are possible. 963 00:47:10,940 --> 00:47:12,800 But again, it just raises the bar. 964 00:47:12,800 --> 00:47:15,667 But there's another technique that's increasingly 965 00:47:15,667 --> 00:47:18,500 being discussed in the media, and with which you should be familiar, 966 00:47:18,500 --> 00:47:20,690 known as end-to-end encryption. 967 00:47:20,690 --> 00:47:24,890 End-to-end encryption means that when you're using a third-party service, 968 00:47:24,890 --> 00:47:27,980 typically, whether it's a chat service, a video conferencing 969 00:47:27,980 --> 00:47:30,320 service or the like, you're not just encrypting 970 00:47:30,320 --> 00:47:33,590 your traffic, the zeros and ones, between you 971 00:47:33,590 --> 00:47:39,020 and Google, you and Microsoft, you and Amazon, or some other third-party. 972 00:47:39,020 --> 00:47:43,310 You are encrypting your data between you and the person you're talking to. 973 00:47:43,310 --> 00:47:46,580 So WhatsApp, for instance, the popular messaging tool, 974 00:47:46,580 --> 00:47:48,140 early on had this feature. 975 00:47:48,140 --> 00:47:50,670 And many other chat programs nowadays have it as well, 976 00:47:50,670 --> 00:47:54,805 including iMessage and Signal and Telegram and the like. 977 00:47:54,805 --> 00:47:56,930 End-to-end encryption means that even though you're 978 00:47:56,930 --> 00:48:01,520 using a third-party service, a company that you may or may not trust, 979 00:48:01,520 --> 00:48:06,050 your communications are communicated between you and the person 980 00:48:06,050 --> 00:48:08,190 with whom you're speaking. 981 00:48:08,190 --> 00:48:12,260 The company in between, their servers, even though your data is going through 982 00:48:12,260 --> 00:48:15,530 their servers, cannot decrypt that information. 983 00:48:15,530 --> 00:48:18,232 They cannot see the information in its raw form. 984 00:48:18,232 --> 00:48:19,190 So that's a good thing. 985 00:48:19,190 --> 00:48:21,760 986 00:48:21,760 --> 00:48:23,140 So WhatsApp does this, too. 987 00:48:23,140 --> 00:48:28,100 Zoom kind of does this, at least, only recently does this. 988 00:48:28,100 --> 00:48:31,030 So Zoom, for instance, the technology that we are all using right now, 989 00:48:31,030 --> 00:48:33,580 actually took some flak, rightly so, some months 990 00:48:33,580 --> 00:48:36,700 back, when in their marketing literature on their website, as I recall, 991 00:48:36,700 --> 00:48:40,510 advertised Zoom as offering end-to-end encryption, which 992 00:48:40,510 --> 00:48:43,750 was false because what end-to-end encryption means is, 993 00:48:43,750 --> 00:48:47,620 as I described it, between you and the person with whom you're communicating. 994 00:48:47,620 --> 00:48:50,890 But the marketing literature at the time was 995 00:48:50,890 --> 00:48:53,410 referring to end-to-end encryption between you 996 00:48:53,410 --> 00:48:57,430 and Zoom, which is not what security researchers or computer scientists 997 00:48:57,430 --> 00:49:00,970 or technologists in general would define end-to-end encryption as. 998 00:49:00,970 --> 00:49:03,130 And so they took some flak for that, rightly so. 999 00:49:03,130 --> 00:49:05,650 They've begun, though, in recent weeks, rolling out 1000 00:49:05,650 --> 00:49:08,140 actual end-to-end encryption. 1001 00:49:08,140 --> 00:49:10,270 We are not using it right now. 1002 00:49:10,270 --> 00:49:12,880 It actually makes certain features harder to use. 1003 00:49:12,880 --> 00:49:14,530 So there, too, there's a trade-off. 1004 00:49:14,530 --> 00:49:17,590 But generally speaking, if you're having the most intimate or private 1005 00:49:17,590 --> 00:49:22,150 or personal or financial or medical of communications with people, 1006 00:49:22,150 --> 00:49:27,010 this is another feature you should start to look for and listen for and expect 1007 00:49:27,010 --> 00:49:28,810 of the tools that you're using. 1008 00:49:28,810 --> 00:49:32,440 And especially when it comes to censorship in various countries 1009 00:49:32,440 --> 00:49:35,290 and communities, this is the kind of software 1010 00:49:35,290 --> 00:49:37,330 that's increasingly under attack by governments 1011 00:49:37,330 --> 00:49:42,730 because they often want backdoor so that the USA's NSA or FBI 1012 00:49:42,730 --> 00:49:45,130 or some other entity can get into these communications. 1013 00:49:45,130 --> 00:49:47,650 That's made much more difficult, in a good way, 1014 00:49:47,650 --> 00:49:53,170 by using end-to-end encryption so that your communications are indeed secure. 1015 00:49:53,170 --> 00:49:56,757 Well, in our final moments together, let's focus ultimately on Zoom, 1016 00:49:56,757 --> 00:49:58,090 the very technology we're using. 1017 00:49:58,090 --> 00:49:59,950 Because they've taken some flak, certainly 1018 00:49:59,950 --> 00:50:02,825 beyond end-to-end encryption, which you might not have even heard of, 1019 00:50:02,825 --> 00:50:04,210 as just being insecure. 1020 00:50:04,210 --> 00:50:06,640 And a lot of school systems, a lot of users 1021 00:50:06,640 --> 00:50:09,680 decided some months ago to stop using Zoom for this reason, 1022 00:50:09,680 --> 00:50:12,040 even though their business is still booming. 1023 00:50:12,040 --> 00:50:13,630 So is Zoom secure? 1024 00:50:13,630 --> 00:50:15,640 Let's ask one final question of the group 1025 00:50:15,640 --> 00:50:19,690 here, keeping in mind that we've now just spent the past hour discussing 1026 00:50:19,690 --> 00:50:21,250 topics of security. 1027 00:50:21,250 --> 00:50:23,990 Let me go ahead and ask this final question here, 1028 00:50:23,990 --> 00:50:26,920 which will appear on your screen in just a moment. 1029 00:50:26,920 --> 00:50:32,450 It is quite simply, is Zoom secure? 1030 00:50:32,450 --> 00:50:34,860 All right, let's see how the responses are coming in. 1031 00:50:34,860 --> 00:50:41,690 I'm seeing 55% no, 16% yes, 28%, unsure. 1032 00:50:41,690 --> 00:50:43,070 So a reasonable spread there. 1033 00:50:43,070 --> 00:50:44,780 Let's take a couple of comments here. 1034 00:50:44,780 --> 00:50:50,120 Among those of you who think Zoom is secure, why do you think it's secure? 1035 00:50:50,120 --> 00:50:54,080 Would anyone be comfortable raising a virtual hand so we can call on you, 1036 00:50:54,080 --> 00:50:58,490 or maybe commenting in the chat as to why you think Zoom is secure? 1037 00:50:58,490 --> 00:51:01,640 Let's see, over to, how about, Sam? 1038 00:51:01,640 --> 00:51:02,390 What do you think? 1039 00:51:02,390 --> 00:51:07,760 SAM: Two days ago, Zoom offered end-to-end encryption to all the users. 1040 00:51:07,760 --> 00:51:10,730 DAVID J. MALAN: Yeah, so it was, in fact, that timely. 1041 00:51:10,730 --> 00:51:12,497 Zoom began rolling out, on a trial basis, 1042 00:51:12,497 --> 00:51:14,580 essentially, end-to-end encryption with all users. 1043 00:51:14,580 --> 00:51:18,290 So if you are using that, and-- and this is key, too-- 1044 00:51:18,290 --> 00:51:22,310 and Zoom has implemented that concept correctly, 1045 00:51:22,310 --> 00:51:24,920 then, yes, maybe Zoom is secure in the sense 1046 00:51:24,920 --> 00:51:27,470 that your video conversation with someone else 1047 00:51:27,470 --> 00:51:29,960 is in fact private between you and them. 1048 00:51:29,960 --> 00:51:34,370 With that said, if you're in a coffee shop or in a library, at least 1049 00:51:34,370 --> 00:51:37,580 in healthier times, and someone's looking over or listening 1050 00:51:37,580 --> 00:51:41,080 in on your conversation, arguably even that technology is not secure. 1051 00:51:41,080 --> 00:51:42,830 You can imagine there being other threats. 1052 00:51:42,830 --> 00:51:47,570 Maybe you have accidentally been vulnerable to a virus, some kind 1053 00:51:47,570 --> 00:51:49,067 of threat on your own computer. 1054 00:51:49,067 --> 00:51:50,900 And even though, yes, your data is encrypted 1055 00:51:50,900 --> 00:51:53,480 between you and that other person, that doesn't 1056 00:51:53,480 --> 00:51:56,420 mean there's not malicious software running on your own personal Mac 1057 00:51:56,420 --> 00:51:59,630 or PC or the other person's, recording everything 1058 00:51:59,630 --> 00:52:02,750 you say and uploading it to some third-party adversary. 1059 00:52:02,750 --> 00:52:06,950 So there, too, whenever you ask or answer questions about security, 1060 00:52:06,950 --> 00:52:09,800 take into account those kinds of qualifications, 1061 00:52:09,800 --> 00:52:14,383 those conditionals, because security should never 1062 00:52:14,383 --> 00:52:15,800 be discussed, really, in a vacuum. 1063 00:52:15,800 --> 00:52:19,550 So those of you who said no, I think we could come up with even more reasons. 1064 00:52:19,550 --> 00:52:23,000 But at least let me dispel just a few because I do think some of the flak 1065 00:52:23,000 --> 00:52:26,300 Zoom took was overstated because those criticizing didn't really 1066 00:52:26,300 --> 00:52:29,860 understand some of the issues that were being touted in the media. 1067 00:52:29,860 --> 00:52:36,050 So for instance, all of you today, to log into this meeting, for instance, 1068 00:52:36,050 --> 00:52:38,810 followed a URL, most likely, that you had been emailed 1069 00:52:38,810 --> 00:52:40,160 or that you saw on your screen. 1070 00:52:40,160 --> 00:52:44,630 And that URL probably looked a little something like this-- https://, 1071 00:52:44,630 --> 00:52:48,620 which is good, zoom.us or something like that, followed by a number, 1072 00:52:48,620 --> 00:52:49,700 the meeting ID-- 1073 00:52:49,700 --> 00:52:52,250 for instance, 5551112222. 1074 00:52:52,250 --> 00:52:55,560 But it was a different number for today's meeting. 1075 00:52:55,560 --> 00:52:58,970 So if you received this URL after registering, is it secure? 1076 00:52:58,970 --> 00:53:02,870 Well, even though all of you here right now have presumably registered, 1077 00:53:02,870 --> 00:53:05,750 technically there was nothing stopping any of you 1078 00:53:05,750 --> 00:53:10,820 from texting or emailing or DMing this same URL 1079 00:53:10,820 --> 00:53:12,290 to anyone else on the internet. 1080 00:53:12,290 --> 00:53:14,790 And they could therefore join, perhaps, without registering. 1081 00:53:14,790 --> 00:53:17,720 So maybe that's a threat, though, Zoom typically sends you 1082 00:53:17,720 --> 00:53:21,770 not a URL that's as simple as this when you register, but a longer one, indeed. 1083 00:53:21,770 --> 00:53:24,020 And there's another detail that some URLs have, 1084 00:53:24,020 --> 00:53:25,880 too, which might look like this-- 1085 00:53:25,880 --> 00:53:29,058 a question mark at the end, and pwd for password, 1086 00:53:29,058 --> 00:53:30,350 and then some kind of password. 1087 00:53:30,350 --> 00:53:33,290 And indeed, the URLs you clicked today looked a little more like that, 1088 00:53:33,290 --> 00:53:37,130 still different because they were special registration URLs. 1089 00:53:37,130 --> 00:53:40,670 But here, if your URL has this password, now you 1090 00:53:40,670 --> 00:53:43,280 need to know both the meeting ID and the password 1091 00:53:43,280 --> 00:53:45,555 in order to join that particular Zoom meeting. 1092 00:53:45,555 --> 00:53:48,680 And if you're not running big classes, like we are today with this meeting, 1093 00:53:48,680 --> 00:53:51,980 but rather you're having one-on-one or smaller scale meetings, 1094 00:53:51,980 --> 00:53:56,480 typically you are receiving or generating a URL that looks like this, 1095 00:53:56,480 --> 00:53:59,570 or better yet, that looks like this, so that it 1096 00:53:59,570 --> 00:54:02,660 doesn't suffice for an adversary to just guess the meeting ID. 1097 00:54:02,660 --> 00:54:04,670 And that's what was happening early on. 1098 00:54:04,670 --> 00:54:07,520 Zoom typically did not require that people 1099 00:54:07,520 --> 00:54:10,820 choose passwords for their meetings, which meant the only thing between you 1100 00:54:10,820 --> 00:54:14,090 and some adversary Zoombombing you, so to speak, hacking 1101 00:54:14,090 --> 00:54:17,130 into your meeting, which they just had to guess the meeting ID. 1102 00:54:17,130 --> 00:54:19,580 And we've seen already it took me, what, like 1 minute, 1103 00:54:19,580 --> 00:54:22,310 30 seconds to write a Python program that 1104 00:54:22,310 --> 00:54:26,780 just generated all possible numbers of length four or eight or whatever. 1105 00:54:26,780 --> 00:54:29,570 So people with too much free time are writing 1106 00:54:29,570 --> 00:54:32,330 code that just tries all possible URLs. 1107 00:54:32,330 --> 00:54:35,240 And so if you've ever been Zoombombed, maybe that's 1108 00:54:35,240 --> 00:54:38,120 because someone shared the URL with someone they shouldn't have. 1109 00:54:38,120 --> 00:54:42,140 Or maybe someone with a bit of programming experience or just luck 1110 00:54:42,140 --> 00:54:43,880 guessed your meeting ID. 1111 00:54:43,880 --> 00:54:47,330 So this was a feature in the sense that, honestly, 1112 00:54:47,330 --> 00:54:50,270 having to type in a meeting ID and a password is just annoying. 1113 00:54:50,270 --> 00:54:52,830 It starts to hurt the usability of the system. 1114 00:54:52,830 --> 00:54:55,070 And a lot of people in the corporate world, 1115 00:54:55,070 --> 00:54:58,130 they're going to choose another product if another product is easier 1116 00:54:58,130 --> 00:54:59,870 to start the video conference with. 1117 00:54:59,870 --> 00:55:02,300 So arguably, it was a conscious decision on Zoom's part. 1118 00:55:02,300 --> 00:55:04,092 Now universities and companies have started 1119 00:55:04,092 --> 00:55:07,175 requiring this or another feature called a waiting room, which some of you 1120 00:55:07,175 --> 00:55:08,510 might have experienced today. 1121 00:55:08,510 --> 00:55:12,680 But that just, again, raises the bar to someone attacking the system. 1122 00:55:12,680 --> 00:55:14,210 So is Zoom secure? 1123 00:55:14,210 --> 00:55:15,440 Yes and no. 1124 00:55:15,440 --> 00:55:17,660 It really should be considered not in a vacuum, 1125 00:55:17,660 --> 00:55:21,110 but in the context of what kinds of threats are you worried about 1126 00:55:21,110 --> 00:55:25,400 and what kinds of defenses are you willing to put up? 1127 00:55:25,400 --> 00:55:31,040 So just like in the real world, you might have your own home or apartment 1128 00:55:31,040 --> 00:55:36,840 or the like, on which you might have locks and bolts and bars on the window. 1129 00:55:36,840 --> 00:55:39,240 At some point, if it takes you five minutes to unlock 1130 00:55:39,240 --> 00:55:41,940 every lock on your door just to get into your home, 1131 00:55:41,940 --> 00:55:44,160 it might be much more secure, but you're probably 1132 00:55:44,160 --> 00:55:47,280 not going to enjoy going home because it takes that long to get in. 1133 00:55:47,280 --> 00:55:50,310 And you might put bars on the window to keep that person physically out, 1134 00:55:50,310 --> 00:55:52,380 but it's not going to look particularly nice. 1135 00:55:52,380 --> 00:55:54,797 And there's nothing stopping them from going one floor up. 1136 00:55:54,797 --> 00:55:56,580 So there, too, there's this trade-off. 1137 00:55:56,580 --> 00:55:59,130 And so among the takeaways, we hope, from today, are 1138 00:55:59,130 --> 00:56:01,260 one, just better thought processes when it 1139 00:56:01,260 --> 00:56:04,530 comes to what does it mean for your phone or your computer 1140 00:56:04,530 --> 00:56:06,573 or your homes for that matter to be secure, 1141 00:56:06,573 --> 00:56:09,240 and to recognize that there's always going to be some trade-off. 1142 00:56:09,240 --> 00:56:12,460 And we would encourage you, ultimately, to ask these kinds of questions. 1143 00:56:12,460 --> 00:56:16,210 If any company, if any app, if any website just says on their website, 1144 00:56:16,210 --> 00:56:18,690 "we are secure," that's nonsense. 1145 00:56:18,690 --> 00:56:22,410 That means nothing in and of itself until you start asking questions, like, 1146 00:56:22,410 --> 00:56:25,890 what are you secure against, and how? 1147 00:56:25,890 --> 00:56:27,760 Well, thank you so much for joining us here. 1148 00:56:27,760 --> 00:56:28,890 Let's officially wrap here. 1149 00:56:28,890 --> 00:56:32,250 But folks are welcome to stick around for some more time 1150 00:56:32,250 --> 00:56:34,720 if you'd like to ask questions in the group. 1151 00:56:34,720 --> 00:56:37,500 But if you have to take off, please feel free to head out. 1152 00:56:37,500 --> 00:56:39,650 [MUSIC PLAYING] 1153 00:56:39,650 --> 00:57:38,000